[Openid-specs-risc] Call notes
Atul Tulshibagwale
atul at sgnl.ai
Tue Feb 7 19:03:51 UTC 2023
Hi all,
Here are the notes from today's call. They are also stored here
<https://hackmd.io/@oidf-wg-sse/wg-meeting-20230207>:
Thanks,
Atul
--
<https://sgnl.ai/>
Atul Tulshibagwale
CTO
<https://linkedin.com/in/tulshi> <https://twitter.com/zirotrust>
<atul at sgnl.ai>
WG Meeting: 2023-02-07
<https://hackmd.io/e7_DlOVlQ9yNB_0-7ecwZA?view#Agenda>Agenda
- [Atul] PR Update
- Any New Inputs
- [Eric] Stream Configuration Question
<https://hackmd.io/e7_DlOVlQ9yNB_0-7ecwZA?view#Attendees>Attendees
- Atul Tulshibagwale (SGNL)
- Greg Brown (Axiad)
- Vinayak Shenoy (Okta)
- Shayne Miel (Cisco)
- Eric Karlinsky (Okta)
- Debora Comparin (Thales)
- Stan Bounev (VeriClouds)
- Edmund Jay ()
- Hemil (Yahoo)
- Frank Taylor (VMware)
- Mike Kiser (SailPoint)
- Steve Venema (ForgeRock)
- Gail Hodges (OIDF)
- Matt Topper ()
<https://hackmd.io/e7_DlOVlQ9yNB_0-7ecwZA?view#Notes>Notes
<https://hackmd.io/e7_DlOVlQ9yNB_0-7ecwZA?view#PR-Update>PR Update
- One more pull request in the works
<https://hackmd.io/e7_DlOVlQ9yNB_0-7ecwZA?view#Use-Cases>Use Cases
- Frank would like to get involved in the use-cases discussion
- How customers connect this technology to the various products they are
buying. How does VMWare play in that space, and how do customers integrate
- We do not have a clear view into how various products use various
events.
- We should start with the older use-case document and make it current
to reflect the current interest from the WG
- We should aim for interoperability testing between products
- There are some private efforts of interoperability testing
- It will help for implementers to showcase this technology
- Two levels of interop: technical interop and value demonstration
- An “Architecture Document” could be really useful
- There is a Catch-22 with this standard right now: There is hesitation
because the use-cases are not clear, and because use-cases are not clear
there is hesitation
- What is the consensus around how each of these CAEP events would work.
There are just 5, so it should be doable.
- Eric Karlinsky can take the lead, Steve Venema, Stan Bounev, Frank
Taylor, Vinayak Shenoy and Atul Tulshibagwale can help.
- Is anyone aware of OIX? They have a Guide to Shared Signals (Aug 2022)
- NIST has an interest in using RISC events
- Current doc that could serve as background is here
<https://docs.google.com/document/d/1tmMqiXNB-lW9HXIzrivOvaFSts23zAzKLWPcSD740kE/edit#heading=h.fsduc31pruxn>
<https://hackmd.io/e7_DlOVlQ9yNB_0-7ecwZA?view#Slack-Channel-Update>Slack
Channel Update
- OIDF cannot affort the cost of the Slack channel
- Free version deletes messages after 90 days
- So we can have informal discussions on Slack, but any formal
communication needs to be through the Listserv
- Some entities are not allowed to use Slack
- OIDF is looking for an alternative to Slack
- Reach out to Mike Leszcz mike.leszcz at oidf.org to get yourself added.
-
<https://hackmd.io/e7_DlOVlQ9yNB_0-7ecwZA?view#Stream-Configuration-Question>Stream
Configuration Question
- When there are multiple subject entities in a complex subject,
- There needs to be more precise specification of a list of users in a
subject definition.
- [Shayne] If you want to specify multiple subjects, the spec allows for
it. Q: How? Add Subject only taks one subject
- Okta would like to know the specific list of IDs for whom the events
need to be sent, which cannot be achieved by specifying it as a general
“tenant”
- This comes down to the use-case: Who is the Transmitter, what is your
relationship. One may have different Transmitters for device management and
user identities, and the streams with those Transmitters would cover all
members of the respective tenants
- This might work for simpler organizations, but for complex
organizations, this abstraction may fail
- Is the ask that there should be multiple subjects in the same “add
subject” event? A: It could be a group of users within a tenant.
- There is a “group” subject type. But the Tx and Rx would need to agree
on the group membership.
- Wouldn’t this even be true of user identities? Tx and Rx need to know
that they’re talking about the same user when they pass a shared identifier.
- Yes, there needs to be agreement, but there needs to be an extra level
of coordination between Tx and Rx in the group case
- In agreeing to the group membership, Tx and Rx may share user Ids, so
that exchange could be used instead of the group.
- Could SCIM be used for group membership agreement
- One more approach: Use the Receiver to make “add event” calls to
specific members instead of the whole group
- There’s a job to be done between the Rx and Tx about group membership
agreement. That can be done by just adding individual members to the
stream, or it can be done out-of-band, and then referred to in the protocol
- If instead, there was an “add subject” method that allowed multiple
subjects to be added together, it could be easier.
- Pre-agreed groupings are a higher complexity than user-identity (it
would seem)
- There is a transactionality to it: An add-event with multiple members
is an all-or-nothing semantic, whereas multiple add-events could result in
some being added and some failing to be added
- “Cold start problem” - SCIM could be useful, but is there a way to
avoid that dependency
- Perhaps we can tackle this as a part of the use-cases work
<https://hackmd.io/e7_DlOVlQ9yNB_0-7ecwZA?view#IIW-WG-Meeting>IIW WG Meeting
- Atul to send out a form to solicit interest in the in-person meeting
on the Monday before IIW Spring 2023
- We should arrive at an agenda for this meeting
- The OIDF workshop covers all workgroups’ activities, but this WG
meeting would be separate and we would talk about specific agenda items
that are interesting specifically to the WG members
- This can be an agenda item for the next meeting
- Hybrid is also a possibility
- Confirm if it’s in SF or Mt View
-
<https://hackmd.io/e7_DlOVlQ9yNB_0-7ecwZA?view#Action-Items>Action Items
- Atul to reach out to Asad (Thales) to get the use-cases document
- Gail and Steve to discuss OIX approach
- Eric and Atul to talk about previous work
- Atul to send out a form to gauge interest in an in-person meeting
around IIW Spring 2023
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-risc/attachments/20230207/6acd50ca/attachment-0001.html>
More information about the Openid-specs-risc
mailing list