[Openid-specs-ab] Roland Hedberg's federation specification

Roland Hedberg roland at catalogix.se
Wed Jul 13 08:28:09 UTC 2016


Mike S.,

> 12 juli 2016 kl. 21:46 skrev Mike Schwartz <mike at gluu.org>:
> 
> I also agree with your comments, and in fact finally bringing this draft to the working group will address the previous lack of openess in its development. But its encouraging to hear you reiterate your commitment to achieve consensus.

It’s common, not to say the norm that discussions abut a draft always starts in a limited forum.
For it to become a standard on the other hand there has to be wide consensus about it’s completeness and usefulness.

> However, I'm concerned that this topic is specific to a certain community that is outside the normal consumer / enterprise federation use case. I think we could get more feedback from that community if this development effort was distinct.

So what community would that be ?

The starting point to me was to specify how OIDC could be used to create identity federations like those we have today 
in higherEd based on SAML2. Do you have another community/use case in mind ?

Given my starting point, I agree with you in that there probably is no single forum where we can find all the parties that should be involved
in this discussion. 
Bridging the gap between OIDC experts and identity federation experts will be a task that we have to take on and 
this is why I’ve spent the last months talking to people participating in or running SAML federations.
For instance, we have a number of persons (~60) that have attended my and Rebecka's OIDC, OAuth2, JW* course and are
heavily involved in running SAML federations. This group has been involved from very early on in the development 
of the ideas behind the draft. To me this group is a key ingredient when it comes to getting input from the identity federations
of today.

> On 2016-07-12 14:17, Mike Jones wrote:
>> First, let me say that a specification needing work isn't an argument
>> for it not being adopted by a working group - quite the contrary.
>> Adoption by the working group helps ensure that it gets the attention
>> it deserves - even at an early stage.  As a point of reference, the
>> initial specifications for what became OpenID Connect were quite
>> different than the eventual final specifications.  Iteration of
>> implementation, interop, and specification development helped refine
>> it and improve it.  I expect the same to happen here.
>> Let me also comment on the "democratic process" remark.  All OpenID
>> working groups operate by consensus, rather than "democracy".  We
>> actively seek the opinions of all the participants and to understand
>> their goals and work towards decisions that maximize consensus.  This
>> isn't "democracy" where one votes.  Rather, we're trying for a much
>> higher degree of consensus than would be achieved by voting.  This is
>> true of other standards development organizations as well, for
>> instance, the IETF.
>> As for participation, the OpenID process is designed to make it as
>> easy as possible for all to participate and develop specifications
>> that are freely available for all to use.  Anyone can join the working
>> group for free.  OpenID foundation membership isn't even required.
>> For more details on how to join, please see
>> http://openid.net/wg/connect/.
>> 				Best wishes,
>> 				-- Mike
>> -----Original Message-----
>> From: Openid-specs-ab
>> [mailto:openid-specs-ab-bounces at lists.openid.net] On Behalf Of Mike
>> Schwartz
>> Sent: Monday, July 11, 2016 4:06 PM
>> To: openid-specs-ab at lists.openid.net
>> Subject: [Openid-specs-ab] Roland Hedberg's federation specification
>> OpenID WG,
>> I was reading the meeting notes today, and I want to interject my
>> comments about Roland's OpenID Connect federation proposal.
>> First of all, my assessment of Roland's draft is that it has
>> significant gaps, and it needs a lot of work.
>> I'm concerned that the imperatives of the main OpenID Connect group
>> are consumer and enterprise authentication. Because this multi-party
>> federration draft needs so much work, I think it would be better to
>> develop it seperately, and bring it back to the main group when there
>> is consensus on a solution.
>> There are a lot of interested parties with regard to the development
>> of multi-party federation trust models who could contribute more
>> effectively if the standard was developed under a more targeted
>> working group. For example, as the co-chair of the Kantara OTTO WG,
>> which was formed expressly to address the challenge of federation of
>> Oauth2 entities, I know we have a core group of people who are
>> interested to collaborate.
>> It would be nice if whatever process takes place at OIDF should be an
>> open, democratic forum, as several of us from OTTO would like to
>> participate.
>> - Mike
>> -------------------------------------
>> Michael Schwartz
>> Gluu
>> Founder / CEO
>> mike at gluu.org
>> _______________________________________________
>> Openid-specs-ab mailing list
>> Openid-specs-ab at lists.openid.net
>> http://lists.openid.net/mailman/listinfo/openid-specs-ab
> _______________________________________________
> Openid-specs-ab mailing list
> Openid-specs-ab at lists.openid.net
> http://lists.openid.net/mailman/listinfo/openid-specs-ab



More information about the Openid-specs-ab mailing list