[Openid-specs-risc] RISC F2F Oct 28

Adam Dawes adawes at google.com
Thu Oct 6 17:00:48 UTC 2016 

Hi all,

Sorry for the delay. I've had a chance to coordinate with our abuse team.
We will move the RISC F2F back to the morning-early afternoon time, from
10-3 (lunch included). I've updated the eventbrite invite
<https://www.eventbrite.com/e/oidf-risc-wg-f2f-tickets-28032589229>. Please
register if you haven't.

Sorry for all the back-and-forth.

thanks,
AD

On Fri, Sep 30, 2016 at 1:33 PM, Adam Dawes <adawes at google.com> wrote:

>
> On Fri, Sep 30, 2016 at 1:18 PM, Hardt, Dick <dick at amazon.com> wrote:
>
>> Is there a reason why we don’t meet in the morning?
>>
>>
>>
> Google has our Zurich abuse folks in town who also want to put together a
> summit on a separate topic. Lunch is an easier way to break the day into
> the two sessions.
>
>
>> On 9/30/16, 12:53 PM, someone claiming to be "Openid-specs-risc on behalf
>> of Phil Hunt (IDM)" <openid-specs-risc-bounces at lists.openid.net on
>> behalf of phil.hunt at oracle.com> wrote:
>>
>>
>>
>> I plan to attend.  Morning is better so  i can catch late aft flight out
>> of sfo.
>>
>> Phil
>>
>>
>> On Sep 30, 2016, at 12:34 PM, Adam Dawes <adawes at google.com> wrote:
>>
>> Hi all,
>>
>>
>>
>> I haven't seen any registrations
>> <https://www.eventbrite.com/e/oidf-risc-wg-f2f-tickets-28032589229> yet
>> for the RISC F2F on October 28. If you plan to come, please register to
>> make planning easier.
>>
>>
>>
>> As far as timing goes, I was planning on having this from 12-5 (lunch
>> provided). We can switch to something like 9:30 - 1:30 if that is better
>> for folks since I know some people are traveling. Please reply to me if you
>> have a strong preference for morning or afternoon and if you don't care,
>> please register now.
>>
>>
>>
>> Agenda topics:
>>
>>    - Initial RISC event definitions
>>
>>
>>    - Hijacking
>>       - Session revocation/Change password
>>       - Token revocation (flavors)
>>
>>
>>    - RP registration
>>
>>
>>    - API
>>       - Email header
>>
>>
>>    - Signal sending transport (API)
>>    - SET proposal alignment
>>    - SET RISC format
>>    - Mutual milestones (RISC spec, SET spec, provider implementations)
>>
>> thanks,
>>
>> AD
>>
>>
>>
>> On Thu, Sep 22, 2016 at 11:38 PM, Adam Dawes <adawes at google.com> wrote:
>>
>> Notes on today's call:
>>
>>
>>
>> Sept 22
>>
>> Attendees
>>
>> Adam Dawes, Marius Scurtescu, Jeroen Kemperman, Phil Hunt, Brian
>> Campbell, George Fletcher, Dick Hardt, Henrik Biering
>>
>>
>>
>> ·         October 28 F2F at Google on Friday after IIW [please register
>> <https://www.eventbrite.com/edit?eid=28032589229&published=0>]
>>
>> ·         SET working group charter:
>> Who will be a reviewer? (Dick agrees)
>>
>> ·         Contract is signed between Microsoft and Google
>> Google will get a clean contract and share with Amazon, Facebook,
>> Confyrm. Let me know if you have interest in joining as well.
>>
>> ·         Reviewed Microsoft-Google F2F (below). Went through first 2
>> use cases. Discussed email header registration process.
>> Feedback:
>>
>> o    Header idea is interesting but not sure what it adds
>>
>> o    The recipient still needs to trust that content of the message
>> aligns with the header definition - otherwise can just send promo emails to
>> the user to receive RISC signals. Nothing empirically more trustworthy
>> about the mail.
>>
>> o    Seems to add a lot more complexity than just using the pub/sub
>> mechanism. Free to have any 2 parties to use this mechanism if they desire
>> but doesn’t sound like a great fit for the standard.
>>
>> o    Header might be useful for enterprise customers - actually not so
>> hard to look MX and then do the registration if the mail is hosted.
>>
>> ·         Marius and Phil have been collaborating on the transport spec.
>>
>>
>>
>> NOTES FROM MICROSOFT MEETING 9/21
>>
>>
>>
>> Assumptions:
>>
>> ·         Relying Parties (RPs) start sending a special email header on
>> all password reset and account registration messages. RPs keep track of
>> when they request an account recovery from IDP.
>>
>> ·         Mail providers (IDPs) need to keep track of the email reset
>> messages received by looking for this header. This will qualify as the
>> registration for later events.
>>
>>
>>
>> Mail types
>>
>> ·         Password Reset
>>
>> ·         Email OTP challenge
>>
>> ·         Email verification for new accounts
>>
>> ·         Change email address
>>
>> ·         Account closed
>>
>> ·         Password change successful
>>
>>
>>
>> Cases
>>
>> 1.    Relying Party (RP) tells Mail Provider (IDP) of possible compromise
>>
>> RP will tell IDP when compromise of RP account started when RP received a
>> password reset or OTP to IDP account.
>>
>> RP sends PubSub message to IDP after local detection determines of
>> compromise and links it to the account recovery via the IDP.
>>
>>
>>
>>    1. Proof at risk: IDP tells RP they are at risk
>>
>> IDP will tell RP when IDP received an OTP or PWR from RP account during a
>> time IDP account was compromised.
>>
>>
>>
>> IDP keeps track of incoming PWRs, sends pubsub to RPs that have sent
>> recent PWRs
>>
>>
>>
>> On Thu, Sep 22, 2016 at 9:24 AM, Adam Dawes <adawes at google.com> wrote:
>>
>> Hi all,
>>
>>
>>
>> For today's call, I think we'll have a bit to talk about. Google and
>> Microsoft spent all day yesterday talking about our collaboration together
>> for RISC and today Google, Microsoft and Amazon are talking.
>>
>>
>>
>> Additionally, if we have time, we can continue our discussion about SET
>> and transport.
>>
>>
>>
>> Hope to see you there.
>>
>>
>>
>> 1.  Please join my meeting.
>>
>> https://global.gotomeeting.com/join/576653581
>>
>>
>>
>> 2.  Use your microphone and speakers (VoIP) - a headset is recommended.
>> Or, call in using your telephone.
>>
>>
>>
>> United States: +1 (312) 757-3119
>>
>> Australia: +61 2 9091 7603
>>
>> Austria: +43 (0) 7 2088 0716
>>
>> Belgium: +32 (0) 28 08 4372
>>
>> Canada: +1 (647) 497-9380
>>
>> Denmark: +45 (0) 69 91 84 58
>>
>> Finland: +358 (0) 931 58 1773
>>
>> France: +33 (0) 170 950 590
>>
>> Germany: +49 (0) 692 5736 7300
>>
>> Ireland: +353 (0) 15 133 006
>>
>> Italy: +39 0 699 26 68 65
>>
>> Netherlands: +31 (0) 208 080 759
>>
>> New Zealand: +64 9 974 9579
>>
>> Norway: +47 21 04 30 59
>>
>> Spain: +34 931 76 1534
>>
>> Sweden: +46 (0) 852 500 691
>>
>> Switzerland: +41 (0) 435 0026 89
>>
>> United Kingdom: +44 (0) 20 3713 5011
>>
>>
>>
>> Access Code: 576-653-581
>>
>> Audio PIN: Shown after joining the meeting
>>
>>
>>
>> Meeting ID: 576-653-581
>>
>>
>>
>> --
>>
>> Adam Dawes | Sr. Product Manager | adawes at google.com | +1 650-214-2410
>> <%2B1%20650-214-2410>
>>
>>
>>
>>
>>
>>
>>
>> --
>>
>> Adam Dawes | Sr. Product Manager | adawes at google.com | +1 650-214-2410
>> <%2B1%20650-214-2410>
>>
>>
>>
>>
>>
>>
>>
>> --
>>
>> Adam Dawes | Sr. Product Manager | adawes at google.com | +1 650-214-2410
>>
>>
>>
>> _______________________________________________
>> Openid-specs-risc mailing list
>> Openid-specs-risc at lists.openid.net
>> http://lists.openid.net/mailman/listinfo/openid-specs-risc
>>
>>
>
>
> --
> Adam Dawes | Sr. Product Manager | adawes at google.com | +1 650-214-2410
>
>


-- 
Adam Dawes | Sr. Product Manager | adawes at google.com | +1 650-214-2410
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-risc/attachments/20161006/874d00fc/attachment-0001.html>

More information about the Openid-specs-risc mailing list