<div dir="ltr"><div>Below are the notes from today's working group meeting. I've also posted the meeting minutes to GitHub: <a href="https://github.com/openid/ipsie/wiki/2024%E2%80%9011%E2%80%9012">https://github.com/openid/ipsie/wiki/2024%E2%80%9011%E2%80%9012</a></div><div><br></div><div>Action items:</div><div><br></div><div>* Everyone: What outcomes are important to you and your organization or customers? Use Slack or GitHub (<a href="https://github.com/openid/ipsie/issues/2">https://github.com/openid/ipsie/issues/2</a>) or bring notes to discuss during the next meeting</div><div>* Karl volunteered to start brainstorming a framework for levels<br>* Dean volunteered to suggest topics for focused "special topics" WG meetings<br></div><div><br></div><div>---</div><div><br></div><div>## Attendees<br><br>* Aaron Parecki (Okta)<br>* Jon Bartlett (Zscaler)<br>* Sean Miller (RSA)<br>* Kenn Chong (RSA)<br>* Abhinav Lele (Shopify)<br>* Tom Clancy (MITRE)<br>* Dean H. Saxe (Beyond Identity)<br>* Karl McGuinness (self)<br>* Dros Adamson (Cisco)<br>* Fletcher Heisler (Authentik Security)<br>* George Fletcher (Capital One)<br>* Mike Jones (Self-Issued Consulting)<br>* Mike Kiser (SailPoint)<br>* Wesley Dunnington (Ping Identity)<br>* Filip Skokan (Okta)<br>* Erik Gomez (JGSW)<br>* Travis Tripp (Hewlett-Packard Enterprise)<br>* Neeraj Jangid (Workday)<br>* Mark Maguire (Aujas Cybersecurity)<br><br><br>## Agenda<br><br>- Welcome and antitrust policy reminder<br>- WG chair selection<br>- Overview of IPSIE charter<br>- Defining milestones<br>- Special topics<br>- Review iGov Profile for OpenID Connect<br><a href="https://openid.net/specs/openid-igov-openid-connect-1_0.html">https://openid.net/specs/openid-igov-openid-connect-1_0.html</a><br><a href="https://bitbucket.org/openid/igov/src/master/">https://bitbucket.org/openid/igov/src/master/</a><br>- Schedule of upcoming meetings<br><br>## Minutes<br>* Chair selection: working group voted to add Dean H. Saxe as a co-chair. The Working Group Chairs are now Aaron Parecki and Dean H. Saxe<br>* Request a Slack invite to OIDF Slack from Mike Leszcz <<a href="mailto:mike.leszcz@oidf.org">mike.leszcz@oidf.org</a>><br>* Review of IPSIE Charter: <a href="https://openid.net/wg/ipsie/ipsie-charter/">https://openid.net/wg/ipsie/ipsie-charter/</a><br> * Should SAML be included in scope?<br> * At least harmonizing authentication contexts between OIDC and SAML? <a href="https://github.com/pamelatech/ACRminprofile">https://github.com/pamelatech/ACRminprofile</a><br> * Configuration changes to existing SAML deployments are easier compared to adopting a whole new profile of SAML<br> * Lack of PQCS for SAML, likely no post-quantum work should be expected since the SAML WG has shut down<br> * Switching to OIDC for SaaS providers can be a heavy lift<br> * Possible compromise with adding to SAML and OIDC ~ base functionality level in SAML, Advanced<br>* Discussion of IPSIE levels in OIDC and others<br> * Karl McGuinness volunteered to create a framework of levels <br>* FastFed shared goals? (There was a lack of interest in FastFed from Cloud providers)<br>* Start with use cases ~ MFA is popular<br> * Use cases: (1) MFA, (2) AAL2 authentication of an IAL2 user (3) global logout<br>* Concrete milestones to keep in mind<br> * We would like to get to a point where there is an IPSIE certification suite<br> * Interoperability Events are a useful mechanism<br>* Deep dive on use cases, creating separate special topic meetings or sub groups (task force) that report back to the main group<br>* iGov review:<br> * Use iGov OIDC profile as a template for IPSIE (some changes will be needed for IPSIE)<br> * An opportunity to create cross spec interoperability across profiles / protocols<br> * A simple Actor diagram defining the context that IPSIE is looking to address could also be helpful<br> * Maybe a specific OpenID pov: If we can have a common way for a client to understand the mfa specific nuances that are split between different things like amr acr aal (authentication methods reference, authencation class reference, authenticator assurance level)<br> * And same thing for other issues between standard<br>* Karl - focus on the top level frame and taxonomy before diving into the specific profiles<br>* Consider separating the technical profile of the protocol from the semantic profile for claim values. Much of the cross-protocol functionality will be captured within the semantic profile. Ex: amrs, sub, scopes, etc<br>* Volunteers and interest in special topics? Shared Signals, SCIM, OAuth, FAPI, OIDC<br>* Enterprise developer audience, what are the outcomes and capabilities, mapping security controls to levels ~ survey on outcomes from the group<br><br>* Homework: What outcomes are important to you and your organization or customers? Use Slack or github or discuss on next meeting<br> <br><a href="https://github.com/openid/ipsie">https://github.com/openid/ipsie</a><br><br>Brainstorming outcomes for IPSIE<br><a href="https://github.com/openid/ipsie/issues/2">https://github.com/openid/ipsie/issues/2</a><br><br>Meeting schedule modified for upcoming holidays: no calls on Dec 24 or 31<br><br></div><div><br></div><div><div dir="ltr" class="gmail_signature" data-smartmail="gmail_signature"><div dir="ltr">
<div>
<div></div>
<div dir="ltr" style="color:rgb(0,0,0);font-family:Calibri,Helvetica,sans-serif">
<div dir="ltr" style="color:rgb(0,0,0);font-family:Calibri,Helvetica,sans-serif">
<p style="font-size:12pt;margin-top:0px;margin-bottom:0px"></p>
<p style="margin:0px;font-family:Calibri,Arial,Helvetica,sans-serif;font-weight:bold;padding:0px;line-height:14pt">
Aaron Parecki</p>
<p style="margin:0px;font-family:Calibri,Arial,Helvetica,sans-serif;padding:0px;line-height:14pt">Director of Identity Standards</p>
<p style="margin:0px;font-family:Calibri,Arial,Helvetica,sans-serif;padding:0px;line-height:14pt">
<a href="mailto:aaron.parecki@okta.com" target="_blank">aaron.parecki@okta.com</a></p>
<div style="font-family:Times"><span></span><span></span><br></div>
</div>
<div dir="ltr" style="font-size:12pt;color:rgb(0,0,0);font-family:Calibri,Helvetica,sans-serif">
<br>
</div>
</div>
</div>
</div></div></div></div>