[Openid-specs-risc] Call notes

Atul Tulshibagwale atultulshi at gmail.com
Tue Jan 11 19:09:23 UTC 2022 

Hi all,
Thanks for attending the call today. Here are the notes I took. They are
also saved in the WG wiki here
<https://bitbucket.org/openid/risc/wiki/SSE_WG-20220111>.

Agenda

   - Intros and Reintros
   - Website update
   - RISC spec next steps: resolve backwards compat issue
   - Developer relations
   - New participants onboarding
   - Identiverse 2022
   - WG work and alignment with 2022 goals (Gail)

Attendees

   - Atul Tulshibagwale (SGNL)
   - Tim Cappalli (Microsoft)
   - Shayne Miel (Cisco)
   - Tom Sato (VeriClouds)
   - Joshua Metz (Cisco)
   - Manuel Cornello
   - Rifaat Shekh-Yusef (Auth0 - Okta)
   - Stan Bounev (VeriClouds)
   - Arturo Elias Anton
   - Mike Kiser (SailPoint)
   - Stefan

Notes

   - Gail's presentation re: SSE 2022 plan
   - Cisco SSE open source implementation is available, but no opinion on
   certification
   - Implementation maturity should precede creating a certification program
   - Is interop testing more important than certification? Seem so, given
   the number of implementations
   - What does an interop test look like? Gail shared how GAIN and other
   WGs are doing it
   - We would like to have OIDF support for doing the interop test
   - Support from OIDF to revamp the website (aligned with the OIDF
   "website refresh" initiative)
   - Tom Sato volunteered to draft the new website - how did FAPI get their
   page (fapi.openid.net)
   - FAPI page was a collaboration with FDX that didn't come to fruition.
   Not a model we should follow right now.
   - WG should update the home page on their own
   - OIDF is separately working on a website refresh
   - We should link to the sse.guide page from the WG home page.

Intros and Re-intros

   - Atul - CTO at SGNL, a new company working on enterprise authorization.
   Formerly at Google. Been with the WG from the beginning.
   - Shayne - works at Cisco, with SSE since mid-summer. Working diligently
   to implement some of this implementer's draft. Architect at Cisco working
   on authentication.
   - Lee - Director of Technical Strategy at Okta. Working on this in the
   past year. Championing this internally (program, strategy). Reach out to me
   if you would like to do anything with Okta
   - Gail - Executive Director of OIDF
   - Tom - Joined working group last autumn. Speciality is market adoption
   and outreach
   - Joshua Metz - Cisco, building the sample reference implementation.
   Work on the Duo security space
   - Tim - Standards architect at Microsoft and one of the original folks
   working on CAEP
   - Rifaat - Auth0 / Okta, Chair of the OAuth working group at the IETF.
   First time attending this meeting.
   - Stan - CEO of VeriClouds - provide identity threat intelligence.
   Contributing to the WG for about 3 years now.

Backward compatibility issue

   - How much compatibility should we maintain with a previous draft spec.
   Complicating this is that Google already has an implementation.
   - Precedent in the OIDC is that there is no backward compatibility with
   OIDF, but we could follow the OIDC model where we can add non-normative
   text at the end of the spec. The text may or may not mention specific
   implementations
   - There could be some value to improve some OIDF processes. How do we
   reference prior implementer's drafts of the spec?
   - We could follow the IETF model where we have multiple published
   versions of a draft spec, but you could reference a previous draft for
   backwards compatibility
   - Is it a nomenclature issue? Or is it just the WG flagging something as
   a referenceable draft?
   - WG assigns a specific numbered draft and can refer to it normatively
   - We should copy the style of the OIDC spec
   - Atul to update the PR with that language

Developer relations

   - People are getting interested in SSE
   - Talked to Ebay, Rakuten, Facebook, Booking.com, Coupang and so on
   - We should have developer onboarding style webinars or meetings
   - People who are interested need to convince their colleagues, so they
   need materials
   - Masterclass at Identiverse - proposed by Tom Sato

Identiverse 2022

   - Proposed Panel
   - OIDF is going to be a non-profit sponsor of the conference
   - OIDF may get a breakout room, which we can use even if we do not get
   on the formal agenda

Agenda proposal

   - Can we alternate between one week of technical discussions and one
   week of other discussion so that we make progress on both fronts
   - We should mark each meeting in the wiki with a Tech / non-tech
   annotation
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-risc/attachments/20220111/22d50e93/attachment-0001.html>

More information about the Openid-specs-risc mailing list