Concordia telecon 20 May 2008
From Project Concordia
Contents |
Attending
Eve Maler, Brett McDowell, George Fletcher, Mike Jones, Paul Madsen, Eric Tiffany, Vijay Simha, Scott Cantor, Britta Glade
Next meeting
We'll plan to meet again on Tuesday, June 3 at 10:30am PT. We might be entertaining the NTT/NRI proposal at that time (see below) if it's ready.
What's front-burner vs. back-burner right now?
Paul notes that NTT and NRI are preparing a "use case submission" on OpenID and SAML involving authn context, to be done in a couple of weeks. Perhaps we can put out a call for input, similar/dissimilar use cases, and so on for a targeted future telecon.
Eve notes that Adrian Gropper may have interest in sharing MedCommons use cases involving OAuth, OpenID, and other things. Eric notes that a number of healthcare use cases have been showing up (e.g., one at the SSTC just today), and maybe these could be added to that mix.
And let's not forget the planned profiling activities, targeted for June, that follow on from our Scenario 1 work at RSA. Scott asks when InfoCard will be changed to be based on the OASIS WS-Trust Standard? Mike responds that MSFT's products already adhere to that version, and the protocol will be updated in a few months.
Brett briefly mentions some "RESTful ID-WSF" work going on in various places that might or might not be a Concordia topic. It could be useful for us to define scenarios we want to see solved. Scott also mentioned an Internet2 event that's coming up in Seattle in early June at which issues like this might be discussed; if you have questions about it, please get in touch with him.
Also see the section below for a potential front-burner area.
Bootstrapping scenario bucket
Eve reports that Colin Wallis thinks any specific use-case input from NZ SSC on non-SAML bootstrapping to ID-WSF is at least six months out. Eve asked for thoughts on whether Asa H.'s OpenLiberty.org work on OpenID-to-ID-WSF needs to be formalized as a scenario, to have any best practices/new profiling squeezed out of it for interop's sake. He used OpenID AX to pass an endpoint reference (EPR). That attribute hasn't been standardized anywhere, so there's a chance for interop to fail. There's also questions about different ways to provide the EPR (XRDS?). Paul expressed interest in contributing to scenario definition for OpenID and InfoCard bootstrapping to ID-WSF, but we're cautious about doing technical work untethered to felt needs in the deployer community.
George expounded briefly on his latest thoughts about how XRDS could be used to describe RP capabilities for a more seamless user experience. He noted that an EPR doesn't seem to fall nicely into Kim C.'s taxonomy of claim types. Mike clarifies that you have to use WS-MEX if an RP wants to say it "has some policy and you can find it over there".
Scott was hoping that doing an EPR as a regular SAML attribute/claim would mean that you can handle requests for it in the usual fashion for attributes/claims. Can we avoid special-casing the EPR entirely?
AIs for finding users/deployers interested in the bootstrapping scenario bucket:
- Eve to reach out to Andy Dale of ooTao
- Several people to chat with Bill Young this week about potential future NZ SSC needs
- Brett to reach out to Paul Trevithick of Higgins regarding the potential connection of XRDS to bootstrapping
- Everyone to do outreach as they see fit (blogging??) to drive input-gathering
Might there be interest among OSIS participants at Catalyst in showing interop in this scenario bucket? We hear there's another OSIS interop happening at Catalyst, but aren't sure if there would be interested in any of this except (maybe) InfoCard-to-ID-WSF, and we don't even have this documented yet.
IIW "lightning workshop" update
It was mostly a deep introduction to Concordia for an audience that included people unfamiliar with Concordia, as well as people unclear on its value proposition. We collected some good "marketing phrases" and diagrams for conveying this. Lucy Lynch of the Internet Society was one who attended.
Elsewhere at IIW, Jeff presented his OpenID/SAML comparison, and also his SASL/SAML and SIP/SAML work (the BYU students were keenly interested in this). Scott's advice is that some of this sort of work might need to be brought to IETF if we want to get the attention of key people on this.
Eve will write up the notes from the IIW Concordia session and put it on our wiki and the IIW wiki.
Catalyst workshop update
Britta sent out an emailed update; please see that for details.
