[Openid-specs-risc] [External Sender] Re: Re-chartering of RISC Working Group

David Skyberg david.skyberg at capitalone.com
Wed Nov 13 13:01:09 UTC 2019 

I completely agree with this direction.

On Tue, Nov 12, 2019, 8:08 PM Adam Dawes via Openid-specs-risc <
openid-specs-risc at lists.openid.net> wrote:

> This makes a lot of sense to me. I support the change.
>
> On Tue, Nov 12, 2019 at 4:57 PM Richard Backman, Annabelle via
> Openid-specs-risc <openid-specs-risc at lists.openid.net> wrote:
>
>> Hello RISC Working Group,
>>
>> The RISC Working Group was formed to take on the challenge of sharing
>> signals and events related to user account security. Since then, additional
>> signal sharing use cases have come into the picture, most notably those
>> that the Continuous Access Evaluation Protocol (CAEP)
>> <https://urldefense.proofpoint.com/v2/url?u=https-3A__cloud.google.com_blog_products_identity-2Dsecurity_re-2Dthinking-2Dfederated-2Didentity-2Dwith-2Dthe-2Dcontinuous-2Daccess-2Devaluation-2Dprotocol&d=DwMFaQ&c=pLULRYW__RtkwsQUPxJVDGboCTdgji3AcHNJU0BpTJE&r=dpcjJJ2Kw0U8wmc6cf3Ku_VqbEeCE94lEeOq98aZ1z0&m=7ovzEJOc1ML8QgTVypus4bTCrsiom1lFm2gjYKOoGng&s=nmBtUHbMsyJ83-34zh2-Ac3xAYLUniLxha0PTiE_A7M&e=>
>> aims to address. Given the significant overlap in requirements and the
>> fundamental problem to be solved (i.e., A needs to inform B about something
>> related to C), there is an opportunity for us to collaborate across a
>> broader spectrum of use cases than those that are the focus on the RISC
>> Working Group today.
>>
>>
>>
>> To that end, after discussions between myself, Marius, members of the
>> CAEP discussion group, and members of the OIDF board, we decided to
>> re-charter the RISC Working Group as the “Shared Signals and Events”
>> Working Group, with a broader mandate to “enable the sharing of security
>> events, state changes, and other signals” across a broad variety of
>> subjects, and for a broad variety of authentication/authorization-related
>> purposes. This change will allow us to bring the CAEP work into the working
>> group and advance it alongside the on-going RISC work. RISC will benefit by
>> having more parties implementing shared components (such as the event
>> stream management API, which currently lacks any production
>> implementation), CAEP will benefit by having a home for their work in the
>> OIDF and by leveraging the work that has already been done within RISC, and
>> both will benefit by the development of common protocols and infrastructure
>> for the exchange of security events.
>>
>>
>>
>> We are circulating the draft revised charter and collecting feedback this
>> week. Barring any significant concerns, we will submit it to the OIDF
>> Specifications Council next week. Please take this opportunity to review
>> the draft revised charter (linked below) and share any questions or
>> comments you have regarding it or the re-chartering process in general.
>>
>>
>>
>> A few notes about what the re-charter means, logistically:
>>
>>    - Atul Tulshibagwale of Google will join Marius and me as a co-chair
>>    of the working group. Atul has been the driving force behind the CAEP work
>>    thus far, and we welcome his help in steering this combined group.
>>    - Development of CAEP will move from the existing caep-discuss
>>    mailing list to the RISC Working Group mailing list.
>>    - CAEP documents will be added and tracked within the existing RISC
>>    BitBucket repository.
>>    - Contributions to CAEP will be subject to the OIDF’s Contribution
>>    Agreement
>>    <https://urldefense.proofpoint.com/v2/url?u=https-3A__openid.net_intellectual-2Dproperty_&d=DwMFaQ&c=pLULRYW__RtkwsQUPxJVDGboCTdgji3AcHNJU0BpTJE&r=dpcjJJ2Kw0U8wmc6cf3Ku_VqbEeCE94lEeOq98aZ1z0&m=7ovzEJOc1ML8QgTVypus4bTCrsiom1lFm2gjYKOoGng&s=r57Iz2XFx6VmQ3ueNA2G_BKZtm0lWKw07t0sJxYiw8E&e=>.
>>    I believe most organizations involved in CAEP thus far already have
>>    executed agreements on file with OIDF, but not all. I believe all executed
>>    agreements are available on the OIDF site
>>    <https://urldefense.proofpoint.com/v2/url?u=https-3A__openid.net_executed-2Dcontribution-2Dagreements_&d=DwMFaQ&c=pLULRYW__RtkwsQUPxJVDGboCTdgji3AcHNJU0BpTJE&r=dpcjJJ2Kw0U8wmc6cf3Ku_VqbEeCE94lEeOq98aZ1z0&m=7ovzEJOc1ML8QgTVypus4bTCrsiom1lFm2gjYKOoGng&s=-w9ODhrJMwNGNEDVpR5LsdrhOdq2EwBFpUBirBmBjSo&e=>,
>>    but don’t quote me on that.
>>    - Mailing list and repository names will not change; we will continue
>>    to use openid-specs-risc at lists.openid.net. Life isn’t perfect. 😃
>>
>>
>>
>> The draft version of the revised charter can be found in the RISC
>> BitBucket repository, here:
>>
>> https://bitbucket.org/openid/risc/src/recharter/working-group-charter.md
>> <https://urldefense.proofpoint.com/v2/url?u=https-3A__bitbucket.org_openid_risc_src_recharter_working-2Dgroup-2Dcharter.md&d=DwMFaQ&c=pLULRYW__RtkwsQUPxJVDGboCTdgji3AcHNJU0BpTJE&r=dpcjJJ2Kw0U8wmc6cf3Ku_VqbEeCE94lEeOq98aZ1z0&m=7ovzEJOc1ML8QgTVypus4bTCrsiom1lFm2gjYKOoGng&s=bfLyGgdfD4tcsvqwB3Aw85dSb6aNnHxF5UkwLA4X7oo&e=>
>>
>>
>>
>> For those interested in understanding more about CAEP, I suggest looking
>> through the caep-discuss mailing list archives, available here:
>>
>>
>> https://groups.google.com/forum/?utm_medium=email&utm_source=footer#!forum/caep-discuss
>> <https://urldefense.proofpoint.com/v2/url?u=https-3A__groups.google.com_forum_-3Futm-5Fmedium-3Demail-26utm-5Fsource-3Dfooter-23-21forum_caep-2Ddiscuss&d=DwMFaQ&c=pLULRYW__RtkwsQUPxJVDGboCTdgji3AcHNJU0BpTJE&r=dpcjJJ2Kw0U8wmc6cf3Ku_VqbEeCE94lEeOq98aZ1z0&m=7ovzEJOc1ML8QgTVypus4bTCrsiom1lFm2gjYKOoGng&s=00eCM8FxThkcpuyXbecsCeR_DdNl-4JaG1Amh_kJoR4&e=>
>>
>>
>>
>> (Due to different moderation policies, this message is being sent out
>> separately to the RISC and CAEP mailing lists. Apologies to those of you
>> who are receiving this twice. 😃)
>>
>>
>>
>>>>
>> Annabelle Richard Backman
>>
>> Co-chair, RISC Working Group, OpenID Foundation
>> _______________________________________________
>> Openid-specs-risc mailing list
>> Openid-specs-risc at lists.openid.net
>> http://lists.openid.net/mailman/listinfo/openid-specs-risc
>> <https://urldefense.proofpoint.com/v2/url?u=http-3A__lists.openid.net_mailman_listinfo_openid-2Dspecs-2Drisc&d=DwMFaQ&c=pLULRYW__RtkwsQUPxJVDGboCTdgji3AcHNJU0BpTJE&r=dpcjJJ2Kw0U8wmc6cf3Ku_VqbEeCE94lEeOq98aZ1z0&m=7ovzEJOc1ML8QgTVypus4bTCrsiom1lFm2gjYKOoGng&s=cBw6G8n53X9w_IPoOo0UxKFINXbV5EBJh-c_gdkSAkA&e=>
>>
> _______________________________________________
> Openid-specs-risc mailing list
> Openid-specs-risc at lists.openid.net
>
> https://urldefense.proofpoint.com/v2/url?u=http-3A__lists.openid.net_mailman_listinfo_openid-2Dspecs-2Drisc&d=DwICAg&c=pLULRYW__RtkwsQUPxJVDGboCTdgji3AcHNJU0BpTJE&r=dpcjJJ2Kw0U8wmc6cf3Ku_VqbEeCE94lEeOq98aZ1z0&m=7ovzEJOc1ML8QgTVypus4bTCrsiom1lFm2gjYKOoGng&s=cBw6G8n53X9w_IPoOo0UxKFINXbV5EBJh-c_gdkSAkA&e=
>

______________________________________________________________________



The information contained in this e-mail is confidential and/or proprietary to Capital One and/or its affiliates and may only be used solely in performance of work or services for Capital One. The information transmitted herewith is intended only for use by the individual or entity to which it is addressed. If the reader of this message is not the intended recipient, you are hereby notified that any review, retransmission, dissemination, distribution, copying or other use of, or taking of any action in reliance upon this information is strictly prohibited. If you have received this communication in error, please contact the sender and delete the material from your computer.



-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-risc/attachments/20191113/a3903f24/attachment.html>

More information about the Openid-specs-risc mailing list