<div dir="ltr"><span id="gmail-docs-internal-guid-a2a21625-d03f-c7b8-f181-353be7aba923"><p style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:14.6667px;font-family:arial;color:rgb(0,0,0);background-color:transparent;vertical-align:baseline;white-space:pre-wrap">Notes from Dec 5 meeting. Please update with any corrections or omissions.</span></p><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><br></p><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:14.6667px;font-family:arial;color:rgb(0,0,0);background-color:transparent;vertical-align:baseline;white-space:pre-wrap">Attendees</span></p><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:14.6667px;font-family:arial;color:rgb(0,0,0);background-color:transparent;vertical-align:baseline;white-space:pre-wrap">Adam Dawes, Marius Scurtescu, Dick Hardt, Phil Hunt, Adam Migus, John Bradley, George Fletcher</span></p><div dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><br></div><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:14.6667px;font-family:arial;color:rgb(0,0,0);background-color:transparent;vertical-align:baseline;white-space:pre-wrap">Agenda</span></p><ul style="margin-top:0pt;margin-bottom:0pt"><li dir="ltr" style="list-style-type:disc;font-size:14.6667px;font-family:arial;color:rgb(0,0,0);background-color:transparent;vertical-align:baseline"><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:14.6667px;background-color:transparent;vertical-align:baseline;white-space:pre-wrap">Sharing agreement</span></p></li><ul style="margin-top:0pt;margin-bottom:0pt"><li dir="ltr" style="list-style-type:circle;font-size:14.6667px;font-family:arial;color:rgb(0,0,0);background-color:transparent;vertical-align:baseline"><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:14.6667px;background-color:transparent;vertical-align:baseline;white-space:pre-wrap">Amazon thinks that they’ll be ready in mid January. Agreement generally looks okay but they are most concerned with the actual info that will be shared.</span></p></li><li dir="ltr" style="list-style-type:circle;font-size:14.6667px;font-family:arial;color:rgb(0,0,0);background-color:transparent;vertical-align:baseline"><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:14.6667px;background-color:transparent;vertical-align:baseline;white-space:pre-wrap">AoL gotten prelim ok from legal but need to get buy-in from CISO.</span></p></li><li dir="ltr" style="list-style-type:circle;font-size:14.6667px;font-family:arial;color:rgb(0,0,0);background-color:transparent;vertical-align:baseline"><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:14.6667px;background-color:transparent;vertical-align:baseline;white-space:pre-wrap">Confyrm want to participate, need to talk to Andrew for details</span></p></li><li dir="ltr" style="list-style-type:circle;font-size:14.6667px;font-family:arial;color:rgb(0,0,0);background-color:transparent;vertical-align:baseline"><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:14.6667px;background-color:transparent;vertical-align:baseline;white-space:pre-wrap">Oracle doesn’t quite know how to digest this from a legal process standpoint, coming up with a general template instead of an actual agreement. There may be more comfort to join an industry consortium, perhaps one hosted at OIX instead of a common bi-lateral agreement.</span></p></li><li dir="ltr" style="list-style-type:circle;font-size:14.6667px;font-family:arial;color:rgb(0,0,0);background-color:transparent;vertical-align:baseline"><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:14.6667px;background-color:transparent;vertical-align:baseline;white-space:pre-wrap">Ping doesn’t have a great use case and not likely to participate.</span></p></li><li dir="ltr" style="list-style-type:circle;font-size:14.6667px;font-family:arial;color:rgb(0,0,0);background-color:transparent;vertical-align:baseline"><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:14.6667px;background-color:transparent;vertical-align:baseline;white-space:pre-wrap">Conclusion: for Google data, Google will wait to get feedback from interested parties until the end of January. We’ll then work through once with the parties that have given feedback to get to the preferred agreement. Further asks for changes will be very difficult. [Dick] thinks that there won’t be that many direct agreements.</span></p></li></ul><li dir="ltr" style="list-style-type:disc;font-size:14.6667px;font-family:arial;color:rgb(0,0,0);background-color:transparent;vertical-align:baseline"><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:14.6667px;background-color:transparent;vertical-align:baseline;white-space:pre-wrap">Another use case around account recovery, leveraging credit card details. RISC would be very helpful here. [</span><a href="https://www.schneier.com/blog/archives/2016/12/guessing_credit.html" style="text-decoration:none"><span style="font-size:14.6667px;background-color:transparent;text-decoration:underline;vertical-align:baseline;white-space:pre-wrap">Bruce Schneier article</span></a><span style="font-size:14.6667px;background-color:transparent;vertical-align:baseline;white-space:pre-wrap">]</span></p></li><li dir="ltr" style="list-style-type:disc;font-size:14.6667px;font-family:arial;color:rgb(0,0,0);background-color:transparent;vertical-align:baseline"><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:14.6667px;background-color:transparent;vertical-align:baseline;white-space:pre-wrap">IETF summary</span></p></li><ul style="margin-top:0pt;margin-bottom:0pt"><li dir="ltr" style="list-style-type:circle;font-size:14.6667px;font-family:arial;color:rgb(0,0,0);background-color:transparent;vertical-align:baseline"><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:14.6667px;background-color:transparent;vertical-align:baseline;white-space:pre-wrap">Formal meeting not too eventful. Some feedback on the name. Follow up to incorporate Justin’s suggestion on payload. </span></p></li><li dir="ltr" style="list-style-type:circle;font-size:14.6667px;font-family:arial;color:rgb(0,0,0);background-color:transparent;vertical-align:baseline"><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:14.6667px;background-color:transparent;vertical-align:baseline;white-space:pre-wrap">Dick and Yaron Shefer are chairs for the Security Events WG. </span><span style="font-size:14.6667px;background-color:transparent;vertical-align:baseline;white-space:pre-wrap"><br class="gmail-kix-line-break"></span><span style="font-size:14.6667px;background-color:transparent;vertical-align:baseline;white-space:pre-wrap">AI: Dick needs to nominate </span><a href="https://tools.ietf.org/html/draft-hunt-idevent-token-07" style="text-decoration:none"><span style="font-size:14.6667px;background-color:transparent;text-decoration:underline;vertical-align:baseline;white-space:pre-wrap">current draft</span></a><span style="font-size:14.6667px;background-color:transparent;vertical-align:baseline;white-space:pre-wrap"> for the WG to adopt.</span></p></li><li dir="ltr" style="list-style-type:circle;font-size:14.6667px;font-family:arial;color:rgb(0,0,0);background-color:transparent;vertical-align:baseline"><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:14.6667px;background-color:transparent;vertical-align:baseline;white-space:pre-wrap">Transport</span></p></li><ul style="margin-top:0pt;margin-bottom:0pt"><li dir="ltr" style="list-style-type:square;font-size:14.6667px;font-family:arial;color:rgb(0,0,0);background-color:transparent;vertical-align:baseline"><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:14.6667px;background-color:transparent;vertical-align:baseline;white-space:pre-wrap">Subscription management. Sorting out control plane from transmission into possibly two documents. Phil sorting out different requirements from different use cases (RISC, SCIM, OIDC). The transport seems quite different with RISC so need to factor out what should go into general spec and what into the RISC profile. </span></p></li><li dir="ltr" style="list-style-type:square;font-size:14.6667px;font-family:arial;color:rgb(0,0,0);background-color:transparent;vertical-align:baseline"><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:14.6667px;background-color:transparent;vertical-align:baseline;white-space:pre-wrap">Phil will split the transport into control plane and messaging. We’ll take some time to figure out control plane but let’s not slow down data sharing for it.</span></p></li></ul><li dir="ltr" style="list-style-type:circle;font-size:14.6667px;font-family:arial;color:rgb(0,0,0);background-color:transparent;vertical-align:baseline"><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:14.6667px;background-color:transparent;vertical-align:baseline;white-space:pre-wrap">SETs</span></p></li><ul style="margin-top:0pt;margin-bottom:0pt"><li dir="ltr" style="list-style-type:square;font-size:14.6667px;font-family:arial;color:rgb(0,0,0);background-color:transparent;vertical-align:baseline"><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:14.6667px;background-color:transparent;vertical-align:baseline;white-space:pre-wrap">Google is working on events for: All sessions terminated, All tokens revoked, Account Locked and Account Restored. Google will propose some common definitions based on the properties of their system and we can work towards more general definitions based on other companies’ systems.</span></p></li></ul></ul><li dir="ltr" style="list-style-type:disc;font-size:14.6667px;font-family:arial;color:rgb(0,0,0);background-color:transparent;vertical-align:baseline"><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:14.6667px;background-color:transparent;vertical-align:baseline;white-space:pre-wrap">Google Pubsub and Event Pipeline</span></p></li><ul style="margin-top:0pt;margin-bottom:0pt"><li dir="ltr" style="list-style-type:circle;font-size:14.6667px;font-family:arial;color:rgb(0,0,0);background-color:transparent;vertical-align:baseline"><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:14.6667px;background-color:transparent;vertical-align:baseline;white-space:pre-wrap">Will be ready to go with manually configured data plane whenever we can get another party to work with. </span><span style="font-size:14.6667px;background-color:transparent;vertical-align:baseline;white-space:pre-wrap"><br class="gmail-kix-line-break"></span><span style="font-size:14.6667px;background-color:transparent;vertical-align:baseline;white-space:pre-wrap">AI: Adam to reach out to MSFT to get things coordinated. When the agreeement is baked, we’ll have more that we can work with.</span></p></li></ul><li dir="ltr" style="list-style-type:disc;font-size:14.6667px;font-family:arial;color:rgb(0,0,0);background-color:transparent;vertical-align:baseline"><span style="font-size:14.6667px;background-color:transparent;vertical-align:baseline;white-space:pre-wrap">For future discussion: Domain based relationships (Microsoft enterprise - Google enterprise)</span></li></ul></span></div><div class="gmail_extra"><br><div class="gmail_quote">On Sun, Dec 4, 2016 at 11:53 PM, Adam Dawes <span dir="ltr"><<a href="mailto:adawes@google.com" target="_blank">adawes@google.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr">Hi all,<div><br></div><div>Wanted to follow up from conversations at IETF around token spec and transport. </div><div><br></div><div><div>1.  Please join my meeting.</div><div><a href="https://global.gotomeeting.com/join/576653581" target="_blank">https://global.gotomeeting.<wbr>com/join/576653581</a></div><div><br></div><div>2.  Use your microphone and speakers (VoIP) - a headset is recommended. Or, call in using your telephone.</div><div><br></div><div>United States: <a href="tel:(312)%20757-3119" value="+13127573119" target="_blank">+1 (312) 757-3119</a></div><div>Australia: <a href="tel:+61%202%209091%207603" value="+61290917603" target="_blank">+61 2 9091 7603</a></div><div>Austria: +43 (0) 7 2088 0716</div><div>Belgium: +32 (0) 28 08 4372</div><div>Canada: <a href="tel:(647)%20497-9380" value="+16474979380" target="_blank">+1 (647) 497-9380</a></div><div>Denmark: +45 (0) 69 91 84 58</div><div>Finland: +358 (0) 931 58 1773</div><div>France: +33 (0) 170 950 590</div><div>Germany: <a href="tel:+49%2069%20257367300" value="+4969257367300" target="_blank">+49 (0) 692 5736 7300</a></div><div>Ireland: +353 (0) 15 133 006</div><div>Italy: +39 0 699 26 68 65</div><div>Netherlands: +31 (0) 208 080 759</div><div>New Zealand: <a href="tel:+64%209-974%209579" value="+6499749579" target="_blank">+64 9 974 9579</a></div><div>Norway: <a href="tel:+47%2021%2004%2030%2059" value="+4721043059" target="_blank">+47 21 04 30 59</a></div><div>Spain: <a href="tel:+34%20931%2076%2015%2034" value="+34931761534" target="_blank">+34 931 76 1534</a></div><div>Sweden: +46 (0) 852 500 691</div><div>Switzerland: +41 (0) 435 0026 89</div><div>United Kingdom: <a href="tel:+44%2020%203713%205011" value="+442037135011" target="_blank">+44 (0) 20 3713 5011</a></div><div><br></div><div>Access Code: 576-653-581</div><div>Audio PIN: Shown after joining the meeting</div><div><br></div><div>Meeting ID: 576-653-581</div><span class="HOEnZb"><font color="#888888"><div><br></div>-- <br><div class="m_3265660556582484864gmail_signature"><div dir="ltr"><div style="line-height:1.5em;padding-top:10px;margin-top:10px;color:rgb(85,85,85);font-family:sans-serif;font-size:small"><span style="border-width:2px 0px 0px;border-style:solid;border-color:rgb(213,15,37);padding-top:2px;margin-top:2px">Adam Dawes |</span><span style="border-width:2px 0px 0px;border-style:solid;border-color:rgb(51,105,232);padding-top:2px;margin-top:2px"> Sr. Product Manager |</span><span style="border-width:2px 0px 0px;border-style:solid;border-color:rgb(0,153,57);padding-top:2px;margin-top:2px"> <a href="mailto:adawes@google.com" target="_blank">adawes@google.com</a> |</span><span style="border-width:2px 0px 0px;border-style:solid;border-color:rgb(238,178,17);padding-top:2px;margin-top:2px"> <a href="tel:(650)%20214-2410" value="+16502142410" target="_blank"><wbr>+1 650-214-2410</a></span></div><br></div></div>
</font></span></div></div>
</blockquote></div><br><br clear="all"><div><br></div>-- <br><div class="gmail_signature" data-smartmail="gmail_signature"><div dir="ltr"><div style="line-height:1.5em;padding-top:10px;margin-top:10px;color:rgb(85,85,85);font-family:sans-serif;font-size:small"><span style="border-width:2px 0px 0px;border-style:solid;border-color:rgb(213,15,37);padding-top:2px;margin-top:2px">Adam Dawes |</span><span style="border-width:2px 0px 0px;border-style:solid;border-color:rgb(51,105,232);padding-top:2px;margin-top:2px"> Sr. Product Manager |</span><span style="border-width:2px 0px 0px;border-style:solid;border-color:rgb(0,153,57);padding-top:2px;margin-top:2px"> <a href="mailto:adawes@google.com" target="_blank">adawes@google.com</a> |</span><span style="border-width:2px 0px 0px;border-style:solid;border-color:rgb(238,178,17);padding-top:2px;margin-top:2px"> +1 650-214-2410</span></div><br></div></div>
</div>