[Openid-specs-risc] Notes from today's call

Tue Nov 23 19:12:53 UTC 2021

Hi all,
Here are the notes I took in today's call. They are also in this doc
<https://docs.google.com/document/d/1ZFwJJDwwSBNKX35VObClC1ctMbMMuHJtr5qY-7xsLW8/edit?usp=sharing>
.

Atul
Call on Nov 23, 2021

Attendees:

   -

   Atul Tulshibagwale (Google)
   -

   Shayne Miel (Cisco)
   -

   Adam Goodman (Cisco)
   -

   Mike Kiser (Sailpoint)
   -

   Gail Hodges (OIDF)
   -

   Tom Sato (VeriClouds)
   -

   Stan Bounev (VeriClouds)

Agenda:

   -

   Atul announcement
   -

   GitHub or BitBucket?
   -

   Update from MS on resourcing for open source
   -

   RISC Pull request
   -

   Do we have any new (second) thoughts on “Create Stream” and related
   methods?

Notes:

   -

   Potentially move all files including Notes to a zip file
   -

   Atul to leave Google at Dec 1st, to continue as co-chair in an
   individual capacity
   -

   Gail will follow up with Filip Verley <filipv at google.com> to figure out
   Google representation
   -

   Bitbucket to be the destination for all files for now
   -

   We can use the OpenID wiki for notes for now
   -

   We should consider moving everything to GitHub - Tim to come up with a
   plan / proposal
   -

   Any preference? Two strong votes for GitHub (Tim and Shayne), but no
   votes yet for Bitbucket
   -

   Update from MS on Open Source resourcing: MS (Tim) won’t be able to do
   this himself, but it’s something we can propose to Microsoft’s program for
   funding open source. Tim to figure out how to make the proposal to MS’s
   open source program.
   -

   If other companies have a open source program, we should explore those
   as well
   -

   Maintaining the open source becomes another concern once the initial
   code is created
   -

   Do other WGs have anyone doing this kind of open source work?
   -

   Someone within the WG could become a contractor to develop this, but if
   there isn’t anyone we can put out a request on the OpenID blog or something
   like that. Failing that we can try to get it built from a contract work
   website
   -

   We should try to do this in a way that the open source program also
   works towards creating a certification program
   -

   If certification were a target, then OpenID Foundation has a team
   working on that, so that’s a slightly different direction than a standalone
   open source project. So it could be both or we could do this separately
   -

   If there is no reservation, then we can just go for the certification
   program.
   -

   If certification is an ultimate goal then we should coordinate with the
   certification team (Joseph ?) to get their advice on how to go about
   building the open source program
   -

   Should interoperability be an intermediate step before certification?
   -

   We should have an SDK but we should also have a test service that serves
   as an interoperability rig.
   -

   We should consider interoperability event
   -

   Online / in-person? We should consider both
   -

   OIDC for Identity Assurance is doing a virtual sandbox / interop event.

Create Steam

   -

   MS engineering thinks it is a good idea, and having an identifier for
   the stream is valuable from an audit and reporting perspective
   -

   Should we have a proposal for the revised API
   -

   What information does the receiver provide as a part of the Create
   method?
   -

   Are we thinking of replacing “update”? Are streams immutable
   -

   Some properties could be immutable - e.g. endpoint and audience, and
   some others could be mutable - e.g. event types and subjects
   -

   Shayne, Mike Kiser, Tim and Atul to coordinate offline. Tim will find a
   time in the 1st, second or third week of December

Future Workshops / Other:

   -

   Dec 9th OIDF Workshop
   -

   Nov 29th GSMA Workshop - joining information: link
   <https://teams.microsoft.com/l/meetup-join/19%3ameeting_ODVhYzVmZjAtMzNjYi00Y2YwLWEwMzktZmEyMzJjZjFhZDg4%40thread.v2/0?context=%7b%22Tid%22%3a%2272a4ff82-fec3-469d-aafb-ac8276216699%22%2c%22Oid%22%3a%22f462f66c-319e-475f-bd70-1580eb3f6a16%22%7d>.
   6AM - 9AM PT - the session will probably be recorded. They had recorded the
   last one.
   -

   Tom has done some outreach and 3 of his contacts have expressed interest
   in attending the OIDF workshop
   -

   Does it make sense to have an SSE only workshop? Say about 1.5 hours of
   presentations and then Q&A sessions. Tom to provide a potential plan
   -

   Tom Sato proposed a virtual workshop with a detailed agenda:
   -

      What is the timing of this virtual event?
      -

      How many attendees can we attract for this?
      -

      Should we do this quickly (Jan) or should we make sure the
      certification / open source plans are more formalized / baked and then do
      this event?
      -

      How much effort is it to do this event? If we get one event out
      there, we can do a bigger event later
      -

      Create a presentation template that could be reused in later events.
      WG Chairs could collaborate with a designer to get a professional set of
      slides with a standardized design - does anyone in the WG know an ad hoc
      designer who could work on this? Need someone who is good with visual
      design and has experience with presenting complex technical concepts
      -

      Tom will reach out to WG members for speaking at this event,
      potentially targeting late Jan / Feb timeframe
      -

      We should discuss this in the next WG meeting
      -

   Next meeting is on Dec 7th, we will not have one on Dec 1st.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-risc/attachments/20211123/ba00c073/attachment-0001.html>