<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=us-ascii">
<meta name="Generator" content="Microsoft Word 14 (filtered medium)">
<style><!--
/* Font Definitions */
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Tahoma;
panose-1:2 11 6 4 3 5 4 4 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri","sans-serif";}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
span.EmailStyle17
{mso-style-type:personal;
font-family:"Calibri","sans-serif";
color:windowtext;}
span.EmailStyle18
{mso-style-type:personal-reply;
font-family:"Calibri","sans-serif";
color:#1F497D;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang="EN-US" link="blue" vlink="purple">
<div class="WordSection1">
<p class="MsoNormal"><span style="color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"><o:p> </o:p></span></p>
<div>
<div style="border:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt 0in 0in 0in">
<p class="MsoNormal"><b><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif"">From:</span></b><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif""> Mike Jones
<br>
<b>Sent:</b> Monday, March 03, 2014 2:29 AM<br>
<b>To:</b> John Bradley; Torsten Lodderstedt (t.lodderstedt@telekom.de); Carsten Bormann; Lucy Lynch; Tatsuya Hayashi (hayashi@lepidum.co.jp); Kaoru Maeda; 'Bill Mills'; Klaas Wierenga; David Misell; Steve Olshansky; Scott Wood; Justin P. Richer; Leif Johansson;
Karen O'Donoghue; Phil Hunt; Christine Perey; Tim Bray (tbray@textuality.com); Brian Campbell<br>
<b>Subject:</b> OpenID Meeting at IETF 89 2-Mar-14<o:p></o:p></span></p>
</div>
</div>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">OpenID Meeting at IETF 89 2-Mar-14<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">Attendees:<o:p></o:p></p>
<p class="MsoNormal"> Mike Jones<o:p></o:p></p>
<p class="MsoNormal"> John Bradley<o:p></o:p></p>
<p class="MsoNormal"> Torsten Lodderstedt<o:p></o:p></p>
<p class="MsoNormal"> Carsten Bormann<o:p></o:p></p>
<p class="MsoNormal"> Lucy Lynch<o:p></o:p></p>
<p class="MsoNormal"> Tatsuya Hayashi<o:p></o:p></p>
<p class="MsoNormal"> Kaoru Maeda<o:p></o:p></p>
<p class="MsoNormal"> Bill Mills<o:p></o:p></p>
<p class="MsoNormal"> Klaas Wierenga<o:p></o:p></p>
<p class="MsoNormal"> David Misell<o:p></o:p></p>
<p class="MsoNormal"> Steve Olshansky<o:p></o:p></p>
<p class="MsoNormal"> Scott Wood<o:p></o:p></p>
<p class="MsoNormal"> Justin Richer<o:p></o:p></p>
<p class="MsoNormal"> Leif Johansson<o:p></o:p></p>
<p class="MsoNormal"> Karen O'Donoghue<o:p></o:p></p>
<p class="MsoNormal"> Phil Hunt<o:p></o:p></p>
<p class="MsoNormal"> Christine Perey<o:p></o:p></p>
<p class="MsoNormal"> Tim Bray<o:p></o:p></p>
<p class="MsoNormal"> Brian Campbell<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">Agenda:<o:p></o:p></p>
<p class="MsoNormal"> Introductions<o:p></o:p></p>
<p class="MsoNormal"> OpenID Connect Launch<o:p></o:p></p>
<p class="MsoNormal"> Remaining OpenID Connect Work<o:p></o:p></p>
<p class="MsoNormal"> Migration from OpenID 2.0<o:p></o:p></p>
<p class="MsoNormal"> Registries<o:p></o:p></p>
<p class="MsoNormal"> Account Chooser Status<o:p></o:p></p>
<p class="MsoNormal"> Native Applications WG Status<o:p></o:p></p>
<p class="MsoNormal"> Profiles<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">Introductions<o:p></o:p></p>
<p class="MsoNormal"> We introduced ourselves<o:p></o:p></p>
<p class="MsoNormal"> Mike thanked Lucy for arranging the meeting once again<o:p></o:p></p>
<p class="MsoNormal"> Mike described how useful the meeting series has been<o:p></o:p></p>
<p class="MsoNormal"> For example, the restructuring of the Messages & Standard specs into the Core spec was a result<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">OpenID Connect Launch<o:p></o:p></p>
<p class="MsoNormal"> See <a href="http://openid.net/2014/02/26/the-openid-foundation-launches-the-openid-connect-standard/">
http://openid.net/2014/02/26/the-openid-foundation-launches-the-openid-connect-standard/</a><o:p></o:p></p>
<p class="MsoNormal"> and <a href="http://openid.net/2014/02/28/no-oscars-but-openid-connect-launch-receives-international-raves/">
http://openid.net/2014/02/28/no-oscars-but-openid-connect-launch-receives-international-raves/</a><o:p></o:p></p>
<p class="MsoNormal"> Tim Bray described the positive reception at the Mobile World Congress and by the GSMA<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">Remaining OpenID Connect Work<o:p></o:p></p>
<p class="MsoNormal"> Session Management issues remain<o:p></o:p></p>
<p class="MsoNormal"> These underlying IETF specs are hopefully soon to be completed:<o:p></o:p></p>
<p class="MsoNormal"> JWS, JWE, JWS, JWA, JWT, OAuth Assertions, OAuth JWT Profile<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">Migration from OpenID 2.0<o:p></o:p></p>
<p class="MsoNormal"> The Connect WG is working on ways to migrate from OpenID 2.0 to OpenID Connect<o:p></o:p></p>
<p class="MsoNormal"> Google and Yahoo have both announced that they will turn off their OpenID 2.0 support<o:p></o:p></p>
<p class="MsoNormal"> Google has published how people can upgrade with them at
<a href="https://developers.google.com/accounts/docs/OpenID#openid-connect">https://developers.google.com/accounts/docs/OpenID#openid-connect</a><o:p></o:p></p>
<p class="MsoNormal"> The working group may publish a best practices document<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">Registries<o:p></o:p></p>
<p class="MsoNormal"> It would be useful to have OpenID specs be able to use IANA registries<o:p></o:p></p>
<p class="MsoNormal"> Leif - See Happy IANA <a href="http://tools.ietf.org/html/draft-nottingham-appsawg-happiana-00">
http://tools.ietf.org/html/draft-nottingham-appsawg-happiana-00</a><o:p></o:p></p>
<p class="MsoNormal"> See RFC 6711 for an example<o:p></o:p></p>
<p class="MsoNormal"> Expert review probably the way to go<o:p></o:p></p>
<p class="MsoNormal"> Lucy - The IETF is gating for an IANA registry<o:p></o:p></p>
<p class="MsoNormal"> An RFC defining the registry could be independent submission<o:p></o:p></p>
<p class="MsoNormal"> Independent submissions have an AD sponsor<o:p></o:p></p>
<p class="MsoNormal"> We should have a discussion with the Security ADs and IETF editor<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">Account Chooser Status<o:p></o:p></p>
<p class="MsoNormal"> Tim Bray discussed Account Chooser bootstrapping<o:p></o:p></p>
<p class="MsoNormal"> The OIDF authorized experimentation with push by OIDF members who agree to a policy<o:p></o:p></p>
<p class="MsoNormal"> Account Chooser population is easier to do in enterprise contexts<o:p></o:p></p>
<p class="MsoNormal"> Phil Hunt pointed out that signin requirements vary a good deal between sectors<o:p></o:p></p>
<p class="MsoNormal"> Lucy Lynch made the point that the challenge is to go from where IdP choices are made by default<o:p></o:p></p>
<p class="MsoNormal"> and where people are aware of and can actually choose their IdPs<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">Native Applications WG Status<o:p></o:p></p>
<p class="MsoNormal"> John Bradley described the Native Applications working group status<o:p></o:p></p>
<p class="MsoNormal"> It is working on standards for an agent to manage authentication status for users of native applications<o:p></o:p></p>
<p class="MsoNormal"> Enables coordination between multiple applications<o:p></o:p></p>
<p class="MsoNormal"> Inter-application communication and communication with the agent are distinct interfaces<o:p></o:p></p>
<p class="MsoNormal"> The Google Play services on Android does an equivalent thing but only for Google accounts<o:p></o:p></p>
<p class="MsoNormal"> Mostly trying to standardize Token Agent to Authorization Server communication<o:p></o:p></p>
<p class="MsoNormal"> Communication between the applications and Token Agent are likely to be environment dependent<o:p></o:p></p>
<p class="MsoNormal"> This is intended to be general enough to cover both ID Tokens and general Access Tokens<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">Profiles<o:p></o:p></p>
<p class="MsoNormal"> There is some profile work happening in the OIX/Kantara Federation Interoperability group<o:p></o:p></p>
<p class="MsoNormal"> Intended for higher LOA use cases<o:p></o:p></p>
<p class="MsoNormal"> GSMA interested in creating a standard profile for mobile carriers to use<o:p></o:p></p>
<p class="MsoNormal"> They will use persistent identifiers that are distinct from phone numbers<o:p></o:p></p>
<p class="MsoNormal"> Discovery will likely be needed based upon phone numbers<o:p></o:p></p>
<p class="MsoNormal"> Verified phone number claims could be issued<o:p></o:p></p>
</div>
</body>
</html>