[Openid-specs-risc] CAEP profile

Jordan Wright jwright at duo.com
Tue Feb 11 03:50:30 UTC 2020 

Thanks for sending this over, Atul! 100% agreed on your topics to discuss.

To kick things off, I'd be happy to give a quick overview of the doc I
wrote a while back covering CAEP vs RISC
<https://docs.google.com/document/d/12RJOrrAlnojuFx8MlZ3xGGAarLiUkaimns5rSmELp1c/edit>,
largely to give a reminder on the specifics of RISC that are relevant to us.

There are a few open questions (some of which you mentioned above) that I
think we should talk about:

   - What new event types do we need?
   - Do we need to create new subject types, or can we leverage existing
   ones such as the "issuer + subject"?
   - Agreed on looking at the transmitter configuration - what do we need
   to change here, if anything?
   - Regarding the management API (spec is here
   <https://bitbucket.org/openid/risc/src/5fb03c6c9ab75f3dbf0da943b7e40b328b45161e/openid-risc-profile-1_0.txt#lines-477>),
   is there anything we need to add to either the transport or the session
   management? For example, do we want to talk about possible authentication
   strategies or leave that to the implementations?

Once we feel we have a good baseline, then I'm with you- we can run through
scenarios and iterate when we find any gaps.

Looking forward to the workshop!
Jordan

On Mon, Feb 10, 2020 at 10:15 AM 'Atul Tulshibagwale' via caep-discuss <
caep-discuss at googlegroups.com> wrote:

> Hi all,
> During the workshop at Cisco, I'd like to suggest that we spend some time
> working on the following specifications:
>
>    - A profile of SET for CAEP subjects and events. This may be a
>    superset of the RISC profile of SET
>    <https://openid.net/specs/openid-risc-profile-1_0-ID1.html>. I've
>    started putting together subject identifiers of interest
>    <https://docs.google.com/document/d/1TDHYCFu0h0Hpf94cz8z0KnKp1wUFJT2GrNSV9f6ggS4/edit?usp=sharing>,
>    and we had a list of event types
>    <https://docs.google.com/spreadsheets/d/1GUrWQOyp3hz6KJ7rRDnuB0PrsgAqkKNeX85wQSkrzPA/edit?usp=sharing>
>    from the last workshop, which is a good starting point for event types.
>    - Review RISC transmitter configuration and evaluate if any changes
>    are needed for CAEP.
>    - Review RISC work on SET Management (could not find a spec for this).
>
> A good way to evaluate what we need is to verify that we can implement
> these scenarios
> <https://docs.google.com/document/d/1Ip2D9cr5yi3r-XA9x3qZT8xdCaQlJR43_wTxBiwpCzY/edit?usp=sharing>
> based on the proposals that we come up with. Any background attendees can
> bring around what they need to implement CAEP in their products and / or
> companies, and what they see as gaps in the current specifications will be
> great too.
>
> Thanks,
>
> Atul Tulshibagwale
>
> Software Engineer
>
> +14157613123 Mobile
>
> 1600 Amphitheatre Parkway, Mountain View, CA 94043
>
>
> --
> You received this message because you are subscribed to the Google Groups
> "caep-discuss" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to caep-discuss+unsubscribe at googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/caep-discuss/CAMCkG5tXPE1PL5-ZJnezoMOS%2BWWwaoE0qT%2BwU8V9zJZX6Vz_pw%40mail.gmail.com
> <https://groups.google.com/d/msgid/caep-discuss/CAMCkG5tXPE1PL5-ZJnezoMOS%2BWWwaoE0qT%2BwU8V9zJZX6Vz_pw%40mail.gmail.com?utm_medium=email&utm_source=footer>
> .
>


-- 
*Jordan Wright*
/ Principal R&D Engineer


jwright at duo.com


Duo.com <https://duo.com/>

----------
The Most Loved Company in Security
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-risc/attachments/20200210/142f3e69/attachment.html>

More information about the Openid-specs-risc mailing list