[Openid-specs-ab] Spec Call Notes 14-Mar-19
Mike Jones
Michael.Jones at microsoft.com
Thu Mar 14 18:55:23 UTC 2019
Spec Call Notes 14-Mar-19
Mike Jones
Brian Campbell
George Fletcher
Tom Jones
Torsten Lodderstedt
Bjorn Hjelm
Nat Sakimura
Rich Levinson
Filip Skokan
Native SSO Draft
George has gotten feedback from Torsten and Edmund and Filip on the Native SSO Draft
Nat checked it into GitHub and sent a note to the working group about it
After George incorporates feedback, Mike will publish a working group draft
prompt=create Draft
George also received some feedback on that draft
There hasn't yet been a decision whether to make this a working group document or not
OpenID Connect for Identity Proofing (draft mechanics)
Torsten migrated his draft from PDF to Markdown and checked it into our bitbucket repository
https://bitbucket.org/openid/connect/src/default/openid-connect-4-identity-assurance/
Build with "mmark -2 main.md > ./openid-connect-4-identity-assurance.xml" and then xml2rfc
Torsten published the html to https://openid.net/wordpress-content/uploads/2019/03/openid-connect-4-identity-assurance-00.html
Document Source Control
We had a discussion on specification source control and archiving
Torsten's source uses multiple .md files
Mike and Torsten discussed the need to have a consistent archival copy of sources for all working group drafts
Having a consistent snapshot is harder when there's more than one source file
For now, Torsten will produce a .zip file with all sources and outputs and then Mike will publish the working group document
We will continue discussing this in Stuttgart and Prague
Bjorn pointed out that some of the institutional knowledge of how OpenID specs are published needs to be documented
This will help all working group chairs and editors
Mike agreed to work on this
For instance:
A permanent archive of sources and outputs for working group specifications is needed
The archive is independent of the source control system that editors may use - as these come and go
Specifications for foundation-wide review are always published at openid.net/specs/.
Some working groups also publish all major revisions there
OpenID Connect for Identity Proofing (content)
Tom started a discussion about meeting legal requirements for identity proofing
Torsten had responded to this on the list
There are many legal jurisdictions around the world with different requirements
We want to create specifications that can be applied worldwide
None of us on the call are lawyers, so we're not qualified to make legal judgements
Torsten stated that he created a representation of identity assurance data
Torsten stated that it's up to implementers to comply with applicable laws
Tom suggested that we add a privacy considerations section to the document
George: We're not requiring that particular information be exchanged
Mike: We're defining syntax - not policy
Mike: In this sense, the document is neutral, just like OpenID Connect is
Nat: It's up to implementing entities to ensure that they're in compliance - not us
Nat: There are other kinds of legal basis than consent, but sometimes consent applies
George: We are not trying to define business processes or legal processes in the specification
Nat: Implementing entities must identify their applicable legal requirements and comply with them
Mike: This is true of all identity specifications - not just this one
Next Call
Monday, March 18 at 4pm Pacific Time
However this may be problematic for people travelling to the OAuth Security Workshop in Prague
We should discuss whether to have this call on the mailing list
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20190314/4f44a44a/attachment.html>
More information about the Openid-specs-ab
mailing list