[Openid-specs-risc] Meeting Minutes: February 4, 2020 call

Richard Backman, Annabelle richanna at amazon.com
Wed Feb 5 00:20:36 UTC 2020 

Minutes from the February 4, 2020 SSE call:

Attendees

  *   Morteza Ansari
  *   Annabelle Backman
  *   Stan Bounev
  *   Marius Scurtescu

Re-chartering Update

  *   Re-chartering approved, we are now Shared Signals and Events
  *   Working with OIDF to update working group website
  *   Atul Tushibagwale added to the BitBucket repository

Thank you all for attending!


CAEP Update

  *   Scenarios detailing all use-cases written and mostly reviewed.
  *   In person meeting planned for Feb 11-12 at Cisco San Jose. Rich Smith / Jordan Wright can provide details.
  *   Need to update the SSE WG page content to reflect new charter / co-chairs.

CAEP Artifact Discussion

  *   We do not have a good, organized storage place for documents that aren’t specs and spec-like work.
  *   Annabelle to follow up with OIDF to see if there are any organizational solutions.

Compromised Credential Event Use Case

  *   Stan Bounev proposes a “compromised credential” event that would transmit a hashed username and fragment of a hash of the compromised credential.
  *   Discussed security concerns related to sharing the credential hash fragment:
     *   A hash fragment is still susceptible to brute forcing, albeit with some error rate.
     *   Recipients need to have a password artifact that they can compare the fragment against, which may encourage them to store weaker hashes of passwords than they might otherwise use (e.g., using scrypt in the main authentication database, but storing SHA-256 hashes to compare against compromised credentials)
     *   Could look at PAKE<https://en.wikipedia.org/wiki/Password-authenticated_key_agreement> protocols to see if any could be adapted to this use case.
  *   Briefly discussed bulk compromise scenario, no conclusions.
  *   Stan to develop a use case document outlining relationships between different parties, scenarios where this event might apply.


–
Annabelle Richard Backman
Co-chair, Shared Signals and Events Working Group
OpenID Foundation
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-risc/attachments/20200205/4ed2141d/attachment.html>

More information about the Openid-specs-risc mailing list