<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=Windows-1252">
<style type="text/css" style="display:none;"> P {margin-top:0;margin-bottom:0;} </style>
</head>
<body dir="ltr">
<div style="font-family: Arial, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">
Sorry for missing the last call. <span style="color: rgb(237, 92, 87);"><i>Some comments/questions inline</i></span>.</div>
<div style="font-family: Arial, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">
<br>
</div>
<div style="font-family: Arial, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">
I would also add that there continues to be confusion about the spec names. I think we need to better align the CAEP and RISC spec names from a constistency standpoint.</div>
<div style="font-family: Arial, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">
<br>
</div>
<div style="font-family: Arial, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">
I propose the following two tweaked names:</div>
<div style="font-family: Arial, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">
<ul>
<li><span>OpenID Risk and Incident Sharing and Collaboration Profile Specification</span></li><li>OpenID Continuous Access Evaluation Profile Specification</li></ul>
</div>
<div id="appendonsend"></div>
<div style="font-family:Arial,Helvetica,sans-serif; font-size:12pt; color:rgb(0,0,0)">
<br>
</div>
<hr tabindex="-1" style="display:inline-block; width:98%">
<div id="divRplyFwdMsg" dir="ltr"><font face="Calibri, sans-serif" color="#000000" style="font-size:11pt"><b>From:</b> Openid-specs-risc <openid-specs-risc-bounces@lists.openid.net> on behalf of Atul Tulshibagwale via Openid-specs-risc <openid-specs-risc@lists.openid.net><br>
<b>Sent:</b> Tuesday, September 14, 2021 13:32<br>
<b>To:</b> Openid-specs-risc <openid-specs-risc@lists.openid.net><br>
<b>Subject:</b> [Openid-specs-risc] Call notes</font>
<div> </div>
</div>
<div>
<div dir="ltr">Hi all,<br>
<div>Notes from today's call are here: </div>
<div><b>TL;DR</b>: Suggest dropping the "sessions revoked" event from RISC in favor of the one from CAEP, so that RISC is more about account management and CAEP more about session management. </div>
<div><br>
</div>
<div><span id="x_gmail-docs-internal-guid-ac253646-7fff-380c-97d8-9e9169d9d23e">
<h1 dir="ltr" style="line-height:1.38; margin-top:20pt; margin-bottom:6pt"><span style="font-size:20pt; font-family:Arial; color:rgb(0,0,0); background-color:transparent; font-weight:400; font-variant-numeric:normal; font-variant-east-asian:normal; text-decoration-line:underline; vertical-align:baseline; white-space:pre-wrap">Call
 on </span><span style="font-size:20pt; font-family:Arial; color:rgb(0,0,0); background-color:transparent; font-weight:400; font-variant-numeric:normal; font-variant-east-asian:normal; text-decoration-line:underline; vertical-align:baseline; white-space:pre-wrap">Sep
 14, 2021</span></h1>
<p dir="ltr" style="line-height:1.38; margin-top:0pt; margin-bottom:0pt"><span style="font-size:11pt; font-family:Arial; color:rgb(0,0,0); background-color:transparent; font-variant-numeric:normal; font-variant-east-asian:normal; vertical-align:baseline; white-space:pre-wrap">Attendees:</span></p>
<ul style="margin-top:0px; margin-bottom:0px">
<li dir="ltr" style="list-style-type:disc; font-size:11pt; font-family:Arial; color:rgb(0,0,0); background-color:transparent; font-variant-numeric:normal; font-variant-east-asian:normal; vertical-align:baseline; white-space:pre">
<p dir="ltr" role="presentation" style="line-height:1.38; margin-top:0pt; margin-bottom:0pt">
<span style="font-size:11pt; background-color:transparent; font-variant-numeric:normal; font-variant-east-asian:normal; vertical-align:baseline; white-space:pre-wrap">Atul Tulshibagwale (Google)</span></p>
</li><li dir="ltr" style="list-style-type:disc; font-size:11pt; font-family:Arial; color:rgb(0,0,0); background-color:transparent; font-variant-numeric:normal; font-variant-east-asian:normal; vertical-align:baseline; white-space:pre">
<p dir="ltr" role="presentation" style="line-height:1.38; margin-top:0pt; margin-bottom:0pt">
<span style="font-size:11pt; background-color:transparent; font-variant-numeric:normal; font-variant-east-asian:normal; vertical-align:baseline; white-space:pre-wrap">Stan Bounev (VeriClouds)</span></p>
</li><li dir="ltr" style="list-style-type:disc; font-size:11pt; font-family:Arial; color:rgb(0,0,0); background-color:transparent; font-variant-numeric:normal; font-variant-east-asian:normal; vertical-align:baseline; white-space:pre">
<p dir="ltr" role="presentation" style="line-height:1.38; margin-top:0pt; margin-bottom:0pt">
<span style="font-size:11pt; background-color:transparent; font-variant-numeric:normal; font-variant-east-asian:normal; vertical-align:baseline; white-space:pre-wrap">Tom Sato (VeriClouds)</span></p>
</li><li dir="ltr" style="list-style-type:disc; font-size:11pt; font-family:Arial; color:rgb(0,0,0); background-color:transparent; font-variant-numeric:normal; font-variant-east-asian:normal; vertical-align:baseline; white-space:pre">
<p dir="ltr" role="presentation" style="line-height:1.38; margin-top:0pt; margin-bottom:0pt">
<span style="font-size:11pt; background-color:transparent; font-variant-numeric:normal; font-variant-east-asian:normal; vertical-align:baseline; white-space:pre-wrap">Martin Gallo (SecureAuth)</span></p>
</li></ul>
<br>
<p dir="ltr" style="line-height:1.38; margin-top:0pt; margin-bottom:0pt"><span style="font-size:11pt; font-family:Arial; color:rgb(0,0,0); background-color:transparent; font-variant-numeric:normal; font-variant-east-asian:normal; vertical-align:baseline; white-space:pre-wrap">Agenda:</span></p>
<ul style="margin-top:0px; margin-bottom:0px">
<li dir="ltr" style="list-style-type:disc; font-size:11pt; font-family:Arial; color:rgb(0,0,0); background-color:transparent; font-variant-numeric:normal; font-variant-east-asian:normal; vertical-align:baseline; white-space:pre">
<p dir="ltr" role="presentation" style="line-height:1.38; margin-top:0pt; margin-bottom:0pt">
<span style="font-size:11pt; background-color:transparent; font-variant-numeric:normal; font-variant-east-asian:normal; vertical-align:baseline; white-space:pre-wrap">Pending requests for the SSE and CAEP specs post implementer’s drafts</span></p>
</li><li dir="ltr" style="list-style-type:disc; font-size:11pt; font-family:Arial; color:rgb(0,0,0); background-color:transparent; font-variant-numeric:normal; font-variant-east-asian:normal; vertical-align:baseline; white-space:pre">
<p dir="ltr" role="presentation" style="line-height:1.38; margin-top:0pt; margin-bottom:0pt">
<span style="font-size:11pt; background-color:transparent; font-variant-numeric:normal; font-variant-east-asian:normal; vertical-align:baseline; white-space:pre-wrap">Voting period for the RISC spec</span></p>
</li></ul>
<p dir="ltr" style="line-height:1.38; margin-top:0pt; margin-bottom:0pt"><span style="font-size:11pt; font-family:Arial; color:rgb(0,0,0); background-color:transparent; font-variant-numeric:normal; font-variant-east-asian:normal; vertical-align:baseline; white-space:pre-wrap">Notes:</span></p>
<ul style="margin-top:0px; margin-bottom:0px">
<li dir="ltr" style="list-style-type:disc; font-size:11pt; font-family:Arial; color:rgb(0,0,0); background-color:transparent; font-variant-numeric:normal; font-variant-east-asian:normal; vertical-align:baseline; white-space:pre">
<p dir="ltr" role="presentation" style="line-height:1.38; margin-top:0pt; margin-bottom:0pt">
<span style="font-size:11pt; background-color:transparent; font-variant-numeric:normal; font-variant-east-asian:normal; vertical-align:baseline; white-space:pre-wrap">Propose a new draft that incorporates feedback so far, which could go through another review
 process.</span></p>
</li><li dir="ltr" style="list-style-type:disc; font-size:11pt; font-family:Arial; color:rgb(0,0,0); background-color:transparent; font-variant-numeric:normal; font-variant-east-asian:normal; vertical-align:baseline; white-space:pre">
<p dir="ltr" role="presentation" style="line-height:1.38; margin-top:0pt; margin-bottom:0pt">
<span style="font-size:11pt; background-color:transparent; font-variant-numeric:normal; font-variant-east-asian:normal; vertical-align:baseline; white-space:pre-wrap">Feedback from Google: The old RISC spec discovery URL should be added as a discovery URL to
 the SSE spec, so that existing implementations don’t change</span></p>
</li><li dir="ltr" style="list-style-type:disc; font-size:11pt; font-family:Arial; color:rgb(0,0,0); background-color:transparent; font-variant-numeric:normal; font-variant-east-asian:normal; vertical-align:baseline; white-space:pre">
<p dir="ltr" role="presentation" style="line-height:1.38; margin-top:0pt; margin-bottom:0pt">
<span style="font-size:11pt; background-color:transparent; font-variant-numeric:normal; font-variant-east-asian:normal; vertical-align:baseline; white-space:pre-wrap">Existing Google implementation is available at:
</span><a href="https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdevelopers.google.com%2Fidentity%2Fprotocols%2Frisc&data=04%7C01%7Ctim.cappalli%40microsoft.com%7C023158facc1541d6c9d008d977a5b83d%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637672376685588841%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=h9rE90QA286IpTYR%2BQJTm0%2B6b6upLDmk%2FguwVfnkE4M%3D&reserved=0" originalsrc="https://developers.google.com/identity/protocols/risc" shash="WYuZRBYZtcekEJiZ81QCuTXOLZdt1/ZDsiwfmnnzolPsHK0umZ9QF/oNV8EQMM+BU7kAwrT/mAbhVSGV+RoAJ0jt00YlwZ8K2XkSbpxup0luAgY3YeV9eYaFBn6OKbF0lEPgpgMhC/eQvwr+9na9cJC1v7lPwYBLYnDW3xPO/+E=" style="text-decoration-line:none"><span style="font-size:11pt; background-color:transparent; font-variant-numeric:normal; font-variant-east-asian:normal; text-decoration-line:underline; vertical-align:baseline; white-space:pre-wrap">https://developers.google.com/identity/protocols/risc</span></a></p>
</li><li dir="ltr" style="list-style-type:disc; font-size:11pt; font-family:Arial; color:rgb(0,0,0); background-color:transparent; font-variant-numeric:normal; font-variant-east-asian:normal; vertical-align:baseline; white-space:pre">
<p dir="ltr" role="presentation" style="line-height:1.38; margin-top:0pt; margin-bottom:0pt">
<span style="font-size:11pt; background-color:transparent; font-variant-numeric:normal; font-variant-east-asian:normal; vertical-align:baseline; white-space:pre-wrap">Create a pull request and discuss it in the next call</span></p>
</li><li dir="ltr" style="list-style-type:disc; font-size:11pt; font-family:Arial; color:rgb(0,0,0); background-color:transparent; font-variant-numeric:normal; font-variant-east-asian:normal; vertical-align:baseline; white-space:pre">
<p dir="ltr" role="presentation" style="line-height:1.38; margin-top:0pt; margin-bottom:0pt">
<span style="font-size:11pt; background-color:transparent; font-variant-numeric:normal; font-variant-east-asian:normal; vertical-align:baseline; white-space:pre-wrap">Feedback so far about the RISC spec: Difference between “session revoked” in RISC versus CAEP.</span></p>
</li><li dir="ltr" style="list-style-type:disc; font-size:11pt; font-family:Arial; color:rgb(0,0,0); background-color:transparent; font-variant-numeric:normal; font-variant-east-asian:normal; vertical-align:baseline; white-space:pre">
<p dir="ltr" role="presentation" style="line-height:1.38; margin-top:0pt; margin-bottom:0pt">
<span style="font-size:11pt; background-color:transparent; font-variant-numeric:normal; font-variant-east-asian:normal; vertical-align:baseline; white-space:pre-wrap">Proposal: drop “sessions revoked” event from RISC spec and use the one from the CAEP spec.
 Stan to review the differences between the RISC and the CAEP spec to see if it makes sense to keep it in RISC
</span><span style="font-size: 11pt; background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; vertical-align: baseline; white-space: pre-wrap; color: rgb(237, 92, 87);"><i><b>[tim] I agree. I often get this question and
 struggle to answer it.</b></i></span></p>
</li><li dir="ltr" style="list-style-type:disc; font-size:11pt; font-family:Arial; color:rgb(0,0,0); background-color:transparent; font-variant-numeric:normal; font-variant-east-asian:normal; vertical-align:baseline; white-space:pre">
<p dir="ltr" role="presentation" style="line-height:1.38; margin-top:0pt; margin-bottom:0pt">
<span style="font-size:11pt; background-color:transparent; font-variant-numeric:normal; font-variant-east-asian:normal; vertical-align:baseline; white-space:pre-wrap">Another feedback: In the “credential compromised” event, the “time” field is lacking.
</span><span style="font-size: 11pt; background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; vertical-align: baseline; white-space: pre-wrap; color: rgb(237, 92, 87);"><i><b>[tim] Is this essentially saying that this specific
 event needs some form of timestamp? The RISC events do not have a 'common' event_timestamp like the CAEP events.</b></i></span></p>
</li><li dir="ltr" style="list-style-type:disc; font-size:11pt; font-family:Arial; color:rgb(0,0,0); background-color:transparent; font-variant-numeric:normal; font-variant-east-asian:normal; vertical-align:baseline; white-space:pre">
<p dir="ltr" role="presentation" style="line-height:1.38; margin-top:0pt; margin-bottom:0pt">
<span style="font-size:11pt; background-color:transparent; font-variant-numeric:normal; font-variant-east-asian:normal; vertical-align:baseline; white-space:pre-wrap">CAEP should be more about sessions than accounts, and RISC should be more about accounts than
 sessions</span></p>
</li><li dir="ltr" style="list-style-type:disc; font-size:11pt; font-family:Arial; color:rgb(0,0,0); background-color:transparent; font-variant-numeric:normal; font-variant-east-asian:normal; vertical-align:baseline; white-space:pre">
<p dir="ltr" role="presentation" style="line-height:1.38; margin-top:0pt; margin-bottom:0pt">
<span style="font-size:11pt; background-color:transparent; font-variant-numeric:normal; font-variant-east-asian:normal; vertical-align:baseline; white-space:pre-wrap">Propose that the above changes should be made to the RISC draft in the master branch, and
 posted to the list as a pull-request. If no feedback is received for 1 week or more, we should ask the OpenID committee to start a new review process for the updated draft</span></p>
</li><li dir="ltr" style="list-style-type:disc; font-size:11pt; font-family:Arial; color:rgb(0,0,0); background-color:transparent; font-variant-numeric:normal; font-variant-east-asian:normal; vertical-align:baseline; white-space:pre">
<p dir="ltr" role="presentation" style="line-height:1.38; margin-top:0pt; margin-bottom:0pt">
<span style="font-size:11pt; background-color:transparent; font-variant-numeric:normal; font-variant-east-asian:normal; vertical-align:baseline; white-space:pre-wrap">Atul to update the draft</span></p>
</li><li dir="ltr" style="list-style-type:disc; font-size:11pt; font-family:Arial; color:rgb(0,0,0); background-color:transparent; font-variant-numeric:normal; font-variant-east-asian:normal; vertical-align:baseline; white-space:pre">
<p dir="ltr" role="presentation" style="line-height:1.38; margin-top:0pt; margin-bottom:0pt">
<span style="font-size:11pt; background-color:transparent; font-variant-numeric:normal; font-variant-east-asian:normal; vertical-align:baseline; white-space:pre-wrap">Which companies are working on CAEP / RISC services? Microsoft has made announcements and
 Google has a RISC service in production. SailPoint has produced the open source toolkit. SecureAuth status: prototyping SSE framework implementation and some selected CAEP/RISC events, thinking on moving those to preview at some point to get internal and external
 feedback.</span></p>
</li><li dir="ltr" style="list-style-type:disc; font-size:11pt; font-family:Arial; color:rgb(0,0,0); background-color:transparent; font-variant-numeric:normal; font-variant-east-asian:normal; vertical-align:baseline; white-space:pre">
<p dir="ltr" role="presentation" style="line-height:1.38; margin-top:0pt; margin-bottom:0pt">
<span style="font-size:11pt; background-color:transparent; font-variant-numeric:normal; font-variant-east-asian:normal; vertical-align:baseline; white-space:pre-wrap">Tom Sato (VeriClouds) will suggest some marketing activities to get more adoption for the
 specs</span></p>
</li></ul>
</span></div>
</div>
</div>
</body>
</html>