[Openid-specs-risc] Call notes
Atul Tulshibagwale
atul at sgnl.ai
Tue May 2 23:53:31 UTC 2023
Hi all,
Here are the notes from today's call. They are also stored here
<https://hackmd.io/vaICoUIPRSOTFcYcVD5ZbQ?view>:
--
<https://sgnl.ai>
Atul Tulshibagwale
CTO
<https://linkedin.com/in/tulshi> <https://twitter.com/zirotrust>
<atul at sgnl.ai>
WG Meeting: 2023-05-02
<https://hackmd.io/vaICoUIPRSOTFcYcVD5ZbQ?view#Agenda>Agenda
- Meeting frequency - weekly post Identiverse? (atul)
- Async communication (smiel)
- Combine add and remove subject endpoints:
https://github.com/openid/sharedsignals/issues/39
- Complex Subject with incomplete info:
https://github.com/openid/sharedsignals/issues/32
- Move subject out of events:
https://github.com/openid/sharedsignals/issues/52
- ComplexSubject format claim:
https://github.com/openid/sharedsignals/issues/53
- PUT/PATCH behavior for “events_delivered”:
https://github.com/openid/sharedsignals/issues/55
<https://hackmd.io/vaICoUIPRSOTFcYcVD5ZbQ?view#Attendees>Attendees
- Stan Bounev (VeriClouds)
- Atul Tulshibagwale (SGNL)
- Nancy Cam Winget (Cisco)
- Philip Hunt (Independent Identity)
- Mike Kiser (SailPoint)
- Asad Ali (Thales)
- Jen Schreiber (Workday)
- Eric Karlinsky (Okta)
- Tim Cappalli (Microsoft)
- Shayne Miel (Cisco)
<https://hackmd.io/vaICoUIPRSOTFcYcVD5ZbQ?view#Notes>Notes
<https://hackmd.io/vaICoUIPRSOTFcYcVD5ZbQ?view#Meeting-Frequency>Meeting
Frequency
- Weekly frequency agreeable to Shayne, Asad, Tim, Eric, Phil, Mike
<https://hackmd.io/vaICoUIPRSOTFcYcVD5ZbQ?view#Async-Communication>Async
Communication
- Consider using async communication more - GitHub, Slack, Email
- Agreed to - Atul, Tim, Phil,
<https://hackmd.io/vaICoUIPRSOTFcYcVD5ZbQ?view#Combine-add-and-remove-subject-endpoints>Combine
add and remove subject endpoints
- Keep one endpoint for all subject operations, and use HTTP methods
like PATCH, DELETE on the endpoint
- (Phil) Does DELETE allow payload?
- Adding URL parameters is leaky due to logging
- A combined endpoint with a payload that provides a command and the
subject description may be another approach
- Is adding subjects / removing subjects even scalable
<https://hackmd.io/vaICoUIPRSOTFcYcVD5ZbQ?view#Complex-Subject-with-incomplete-info>Complex
Subject with incomplete info
- What happens when an event has some claims and not others in the
subject identifiers
- Missing claims in subject should act like wildcards
- If a Receiver has subscribed to a “user” and “session” combination,
and the Transmitter has an event that has “user” information but not
“session” information, should that event be sent to the Recevier?
- Atul (yes), Phil (yes)
- If a Receiver has subscribed to only a “user”, and the Transmitter has
an event that has “user” information and “session” information, should that
event be sent to the Recevier?
- Atul (yes)
- Missing fields are wildcards in both directions
<https://hackmd.io/vaICoUIPRSOTFcYcVD5ZbQ?view#Move-subject-out-of-events>Move
subject out of events
- Since the SecEvents standardizes subject identifiers, should they be
at the high level
- (Atul) But interpretation is dependent on event type
- Discussion is inconclusive so far
-
<https://hackmd.io/vaICoUIPRSOTFcYcVD5ZbQ?view#Action-Items>Action Items
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-risc/attachments/20230502/a3859d28/attachment-0001.html>
More information about the Openid-specs-risc
mailing list