[Openid-specs-risc] Call notes

Tue Jul 16 17:41:08 UTC 2024

Hi all,
Thanks to those who attended today's call. Here are the notes. They are
also stored here <https://hackmd.io/@oidf-wg-sse/wg-meeting-20240716>.

Atul

--

 Atul Tulshibagwale

 CTO

  <https://www.linkedin.com/in/tulshi/> <atul at sgnl.ai>
<https://x.com/zirotrust>

WG Meeting: 2024-07-16

Agenda
Review feedback / open issues
New events process
Pushpull delivery proposal
OIDF Japan developments
Attendees
Shayne Miel (Cisco)
Nick Wooler (Cisco)
Paul Briault ()
Atul Tulshibagwale (SGNL)
Sean O'Dell (Disney)
Nancy Cam Winget (Cisco)
Yair Sarig (VMWare)
Tom Sato (VeriClouds)
Stan Bounev (VeriClouds)
Apoorva Deshpande(Okta)
Mike Kiser (SailPoint)
Notes
Feedback / Open Issues
There was a question about what is the default behavior if the
"default_subjects" is not defined, it was addressed as being undefined by
design
Recommendation to review the open issues, and bring them up for discussion
if required.
Changes to the Specs
There was one change which was merged after the review process began, but
it was a non normative change, so it is OK to change it.
No one on the call seems to have concerns about it.
New Events Process
(Apoorva) We haven't progressed yet.
I was going to sync up with Jen and Tim about how it should be structured,
but we haven't met yet.
Pushpull delivery
latest draft is here: https://github.com/SGNL-ai/pushpull/
Older draft: Pushpull delivery proposal
(Apoorva) This is very interesting
(Sean) I like that the "setErrs" is now available in both push and poll
with pushpull
OIDF Japan developments
(Tom) The exec commmittee have been talking about an interop event in
Japan. We've spoken to the director of OIDF Japan
(Tom) We like the idea, but we are trying to figure out the logistics and
cost of it
(Tom) The industry is interested, but no one has started implementation yet.
(Tom) The OIDF committee has identified funds for it, but not enough
(Tom) I will be discussing with Mr. Fujiye, but nothing is decided yet.
(Tom) It will help for WG members for getting the Japanese industry going,
by conducting a tutorial on how to develop a Transmitter and Receiver. Any
volunteers? Please DM me on Slack
(Atul) The use-cases you discussed after the last SSF workshop to be
interesting
(Tom) I did a tutorial, and gave a full overview, including a technical
details
(Tom) The Japanese governemt is trying to solve issues related to
cybersecurity of bank accounts. People are sending Phishing emails that end
up compromising accounts
(Tom) Banks cannot tell each other that such accounts are being
compromised, closed, etc.
(Tom) SSF seems to be interesting in this resect
(Tom) They are also trying to figure out how to deal with closed accounts
of deceased people. They would like to send out messages about that, and
other events such as the death of the account holder.
(Tom) Another player who attended the workshop that credential compromise
was an interesting signal, mainly because a lot of sites still using very
old login methods
(Tom) all in all, a good response, but we need next steps.
(Tom) I'd suggest to do a Zoom based tutorial and Q&A to make progress
(Atul) A number of these are RISC use cases, so we could focus on RISC for
the interop
(Tom) Companies like Okta have done a lot of work in Japan
(Sean) FRom my notes during the Identiverse meeting, the "assurance level
change" events between banks is also interesting.
(Mike) I'd love to talk to people who are interested in the "death event"
application as well. If Atul needs backup on a webinar, I could help too.
(Atul) I'd love the participation
(Sean) From my IDV notes: They wanted to begin implementation in 2025, and
have it live by 2028
(Mike) I'd like to open-source my transmitter.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-risc/attachments/20240716/69b7fb9f/attachment-0001.html>