[Openid-specs-risc] Workshop summary

Atul Tulshibagwale atultulshi at google.com
Sat Jun 6 01:05:46 UTC 2020 

Hi all,
Thanks to all who attended the virtual workshop yesterday and today.
Appreciate the commitment and enthusiasm in bringing the SSE spec to a
mature form.

Also my apologies to Gopal and Stan that I did not get your requests to
join the virtual conference.

Here are the highlights:

   - We agreed that the SSE set of specs will be 6 in number:
      1. *SSE Profile of SETs* (replaces RISC profile of SETs)
      2. RISC Use Cases (non-normative)
      3. *CAEP Use Cases *(non-normative)
      4. RISC Event Types
      5. *CAEP Event Types*
      6. OIDC Event Types

Of the above, the ones in bold are new documents. The CAEP Event Types and
OIDC Event Types may be combined if appropriate, but that needs some
discussion.


   - We discussed the "compromised credentials" use case presented by Stan
   <http://stanb@vericlouds.com>. There was general agreement on the value
   of the use-case to SSE. However we generally agreed that specific claims
   that reveal compromised credential data should not be defined in the spec.
   They may be included where appropriate through an extensible metadata
   mechanism.
   - We reviewed the draft of the SSE profile of SET
   <https://docs.google.com/document/d/1EShCGEAI_m3Syu5ZF-zcK-dAxEh4p_HrVNQA4kjKtOM/edit?usp=sharing>
   spec. We discussed all open comments and identified specific actions to be
   taken. I will update the draft based on the feedback in the workshop.
   - One area we identified as requiring some work is about defining
   mandatory and extensible event properties and the discovery of such
   extended / custom properties for specific transmitters. Morteza
   <http://morteza@sharppics.com> will lead this effort. Anyone interested
   in participating please contact Morteza.
   - The CAEP Event Types spec is still in development, and Jordan
   <jwright at duo.com> is leading the effort there.
   - We reviewed the CAEP Use Cases edited by Asad
   <asad.ali at thalesgroup.com> and Jordan. We need to convert this document
   into XML format so that it may be included in the set of specs to be
   published.
   - We agreed that some of the working documents we currently share
   through Google Drive
   <https://drive.google.com/drive/folders/1EqDJaDzIXHkE59gGi-yLUhHPr-iTthz4?usp=sharing>
   need to be linked to from the SSE WG page and be made available without a
   Google login.

The detailed notes are here:

 SSE Virtual Workshop Notes
<https://docs.google.com/document/d/13aBPTFAVLuwIaFzafKe4O-84ILSw95RjLHlj5Ej-l0Q/edit?usp=drive_web>

Atul
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-risc/attachments/20200605/42c0ff01/attachment.html>

More information about the Openid-specs-risc mailing list