[Openid-specs-risc] Call notes

Atul Tulshibagwale atul at sgnl.ai
Tue Nov 19 19:07:35 UTC 2024 

Hi all,
Here are the notes for today's call. They are also stored here
<https://hackmd.io/@oidf-wg-sse/wg-meeting-20241119>.

Thanks to those who attended,
Atul

-- 

 Atul Tulshibagwale

 CTO

  <https://www.linkedin.com/in/tulshi/> <atul at sgnl.ai>
<https://x.com/zirotrust>

WG Meeting: 2024-11-19 <#Agenda>Agenda

   - Performance of streams
   <https://github.com/openid/sharedsignals/issues/211>
   - Machine readable event schema
   <https://github.com/openid/sharedsignals/issues/158>
   - Risk level change event
   <https://github.com/openid/sharedsignals/issues/200>
   - OpenID Budget for 2025 - SSWG items
   - Status of SSF conformance tests

<#Attendees>Attendees

   - Erik Gomez (JGSW)
   - Atul Tulshibagwale (SGNL)
   - Thomas Darimont (OIDF)
   - Sean O'Neill (Easy Dynamics
   - Jay Leslie (Easy Dynamics)
   - Jen Schreiber (Workday)
   - Gail Hodges (OIDF)
   - Sean O'Dell (Disney)
   - Keiko Itakura(Okta)
   - Mike Kiser (SailPoint)
   - Yair Sarig (Omnissa)
   - Stan Bounev (VeriClouds)

<#Notes>Notes <#Budget-discussion>Budget discussion

   - (Gail) What are the high-level goals of the WG?
      - Final specs, additional schemas, etc.
      - Interop events (Gartner, new forums), cross the adoption chasm
         - Major prospects could include US Government
      - More security analyses?
      - Support for comms (4 planned blog posts), white paper
      - In-person workshop
      - A big prospect for SSF is an ecosystem that already uses another
      OpenID spec (e.g. FAPI)
         - Ecosystem white paper?
         - Outreach to specific communities (like we did in Brazil and
         Chile)
      - AuthZEN and IPSIE
      - Australia thinking of a community group for the Australia market
      - Conformance and certification
   - (Sean) How do you implement the spec? They want more hands on
   consulting (as OIDF members, not private company representatives)
   - (Gail) OIDF could set aside budget for very selective engagement with
   key organizations to build broad support
      - (Mike) Some of the general advice part can be left to IPSIE,
      because that is what it was meant for
      - (Sean) They want the details, not the high-level vision
      - (Mike) OIDF may not be the right place to do this kind of consulting
      - (Sean) We need a practitioner group, I might start it, but I don't
      know where
      - (Stan) Can we offer certifications to consulting companies and also
      employees of implementer companies? "Certified Shared Signals Expert"
      courses offered by OIDF and a test to give a certification to the peopole
      successfuly complete it.
      - (Gail) IDPro could do this with OIDF funding
      - (Sean) That might work
   - (Gail) We need a clear sense of what the major initiatives are, and
   what their scope is.

<#Certification--Conformance-update>Certification / Conformance update

   - (Thomas) Conformance tests current status:
      - Thomas shared a demo
   - (Thomas) What can we do in the Gartner interop timeframe
      - (Atul) Other than encouraging participants to test, we can't do
      anything because of the close timing
      - (Mike) Agree
   - (Thomas) I'm testing with three different providers (caep.dev,
   Omnissa, and Okta) Various degrees of success
   - (Atul) When / where can we get access to the conformance tests?
      - (Thomas) It's already in the OIDF GitLab, but not live yet because
      it is in development
   - (Atul) How do we go about verifying the tests
      - (Thomas) Let's do a deep dive, where we go through every test, with
      the knowledge of the implementation and the spec, we should be able to
      build confidence
   - (Thomas) We would like to get to a "mergeable" state by the end of the
   week, hopefully ready by next week end
   - (Yair) Can the responses be stored in a file?
      - (Thomas) There is a "Download logs" feature that lets you view all
      the requests and responses
      - (Thomas) This is how some FAPI participants are certifying their
      implementations
      - (Thomas) They run the tests on their staging environment, and have
      tools to verify the results with the expected results
   - (Atul) Can we go to GitLab today and download it?
   - (Thomas)
      - Main GitLab link <https://gitlab.com/openid/conformance-suite>
      - Branch for SSF development: Gitlab Link
      <https://gitlab.com/openid/conformance-suite/-/tree/gl1386-ssf-tests?ref_type=heads>

<#Machine-Readable-Schema>Machine Readable Schema

   - Notes added as a comment in: - Machine readable event schema
   <https://github.com/openid/sharedsignals/issues/158>

<#Action-Items>Action Items
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-risc/attachments/20241119/9d749002/attachment-0001.htm>

More information about the Openid-specs-risc mailing list