[Openid-specs-native-apps] Minutes - March 19

Thomas DeBenning thomas.debenning at onelogin.com
Thu Mar 20 16:30:40 UTC 2014 

I was the person from Onelogin. Just FYI
On Mar 20, 2014 8:38 AM, "Paul Madsen" <paul.madsen at gmail.com> wrote:

>  Attending
>
> Paul
> John
> Chuck
> Ashish
>
> 1) Ashish reported back on the RSA F2F
>
> Attending were Mike & Caleb from MSFT, some MobileIron & Airwatch folks,
> somebody from OneLogin
>
> Ashish asked for people's assessment of group value. Group agreed there
> was a need and worthwhile
>
> Microsoft challenging the value - claiming that something like this would
> be eventually be addressed by the OS vendors. Group feels the interapp
> piece (that the OS vendors will address) is just half the problem, the
> other half is the on-the-wire protocol between TA & AS
>
> In offline conversations with John, MSFT reps agreed that there was value
> in defining the on-the-wire protocol.
>
> Perhaps we can clarify that we don't intend to mandate a particular
> interapp protocol
>
> Ashish adds there was agreement that we need more ISVs participating ,
> action item was to reach out to contacts at the SaaS.
>
> John indicates he talked to Layer7 at MWC and that they feel they have
> comparable functionality
>
> 2) Discussion of the different models for token-chaining, and how/where
> the complexity of dealing with token chaining sits - does the TA deal with
> the exchange, or does the app deal with the exchange
>
> John points out the implications of the trust models, and who needs to
> know what?
>
> AI - John will put together a summary of the different models and the
> pros/cons of each
>
> Ashish asked about a model where the trust and token exchange happens at
> the AS level
>
> Permuations appear to be
>
> - TA asks downstream AS for AT
> - Downstream app asks downstream AS for AT
> - Upstream AS asks downstream AS for AT
>
> Implications for consent gathering
>
> 2) Discussion about the use case of bridging from the TA into web app SSO
>
> Everybody has a different way to do this
>
> Ashish points out an issue about how to get session info into a web
> clip....
>
> Different UI implications/models
>
> AI - Paul will start a thread on the use case on the NAPPS list
>
> 3) Chuck remains concerned about the consent model - believes the spec as
> it is is primarily focused on authentication, and not about authz.
>
> Different consent models differ on where the consent happens, at the TA or
> at the AS
>
> John points out that this relates to the lack of the 'pre-authenticated
> authz request'
>
> Chuck wants their server involved in collecting consent, and wants that to
> happen JIT and not a priori
>
> John points out that this ties in with the bootstrap to browser app piece
>
> AI - Chuck will summarize his thoughts on consent (where & when) on the
> list
>
> Meeting closed
>
>
>
>
>
>
>
>
>
>
>
> _______________________________________________
> Openid-specs-native-apps mailing list
> Openid-specs-native-apps at lists.openid.net
> http://lists.openid.net/mailman/listinfo/openid-specs-native-apps
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-native-apps/attachments/20140320/b3bbf6e1/attachment-0001.html>

More information about the Openid-specs-native-apps mailing list