<p dir="ltr">I was the person from Onelogin. Just FYI</p>
<div class="gmail_quote">On Mar 20, 2014 8:38 AM, "Paul Madsen" <<a href="mailto:paul.madsen@gmail.com">paul.madsen@gmail.com</a>> wrote:<br type="attribution"><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div bgcolor="#FFFFFF" text="#000000">
<font face="Arial">Attending<br>
<br>
Paul<br>
John<br>
Chuck<br>
Ashish<br>
<br>
1) Ashish reported back on the RSA F2F<br>
<br>
Attending were Mike & Caleb from MSFT, some MobileIron &
Airwatch folks, somebody from OneLogin<br>
<br>
Ashish asked for people's assessment of group value. Group agreed
there was a need and worthwhile <br>
<br>
Microsoft challenging the value - claiming that something like
this would be eventually be addressed by the OS vendors. Group
feels the interapp piece (that the OS vendors will address) is
just half the problem, the other half is the on-the-wire protocol
between TA & AS <br>
<br>
In offline conversations with John, MSFT reps agreed that there
was value in defining the on-the-wire protocol. <br>
<br>
Perhaps we can clarify that we don't intend to mandate a
particular interapp protocol<br>
<br>
Ashish adds there was agreement that we need more ISVs
participating , action item was to reach out to contacts at the
SaaS. <br>
<br>
John indicates he talked to Layer7 at MWC and that they feel they
have comparable functionality<br>
<br>
2) Discussion of the different models for token-chaining, and
how/where the complexity of dealing with token chaining sits -
does the TA deal with the exchange, or does the app deal with the
exchange<br>
<br>
John points out the implications of the trust models, and who
needs to know what? <br>
<br>
AI - John will put together a summary of the different models and
the pros/cons of each<br>
<br>
Ashish asked about a model where the trust and token exchange
happens at the AS level<br>
<br>
Permuations appear to be <br>
<br>
- TA asks downstream AS for AT<br>
- Downstream app asks downstream AS for AT<br>
- Upstream AS asks downstream AS for AT<br>
<br>
Implications for consent gathering<br>
<br>
2) Discussion about the use case of bridging from the TA into web
app SSO<br>
<br>
Everybody has a different way to do this<br>
<br>
Ashish points out an issue about how to get session info into a
web clip....<br>
<br>
Different UI implications/models<br>
<br>
AI - Paul will start a thread on the use case on the NAPPS list<br>
<br>
3) Chuck remains concerned about the consent model - believes the
spec as it is is primarily focused on authentication, and not
about authz.<br>
<br>
Different consent models differ on where the consent happens, at
the TA or at the AS<br>
<br>
John points out that this relates to the lack of the
'pre-authenticated authz request' <br>
<br>
Chuck wants their server involved in collecting consent, and wants
that to happen JIT and not a priori <br>
<br>
John points out that this ties in with the bootstrap to browser
app piece<br>
</font><br>
<font face="Arial"><font face="Arial">AI - Chuck will summarize his
thoughts on consent (where & when) on the list</font><br>
<br>
Meeting closed<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
</font>
</div>
<br>_______________________________________________<br>
Openid-specs-native-apps mailing list<br>
<a href="mailto:Openid-specs-native-apps@lists.openid.net">Openid-specs-native-apps@lists.openid.net</a><br>
<a href="http://lists.openid.net/mailman/listinfo/openid-specs-native-apps" target="_blank">http://lists.openid.net/mailman/listinfo/openid-specs-native-apps</a><br>
<br></blockquote></div>