Versions Compared

Old Version 2

changes.mady.by.user Former user

Saved on

compared with

New Version 3

changes.mady.by.user Former user

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Agenda

  1. Assurance Survey
  2. Oauth and Delegated access
  3. Whitelisting and Meta data

Roll Call

Paul Madsen NTT (Chair), Ari Karameir ?, Bob Morgan Internet2, Tatsuhito ? NTT?, Hiroki ? NTT?, Mike Beach, Boeing, Scott Cantor Internet2, Ingo Friese ?, Nat Sakimura NRI, Eve Maler Paypal, Lucy Lynch, Colin Wallis, NZ Gov, Joni Brennan (staff).

Discussion

Discussion on Oauth definitions of what constitutes 3-legged:

3 legged Oauth – client service and 2 other services (but no IdP). If actors include an IdP is that still 3 legged? What is Oauth to SAML? What is Oauth to IC?

Discussion on Authz:

DR situations require- Prioritize/Assess Work Items
- eGov Profile - Consent Service
- Other
Possible Work Items:
- WS-* Harmonization
- OAuth
- eGov
- Possibly use of SSOS work in SAML TC
- "Keep on keeping on"
RESTful WSF?
    - subsumed by OAuth work
API standardization?
    - Consensus seems to be that would be another WG deliverable.
Debating Work Items:
    - WS-* probably the most work
    - Lot of political issues
    - eGov work seems the least effort
    - Consent service notion from Colin seems to be the new "Citizen Dashboard"
    - Initial WSF profile for eGov would get a "foot in the door" for WSF
    - eGov probably focused on on the federation/SSO layer, but starting
        to look at attribute aggregation issues
    - Lots of Euro govs using WSF internally, but need a mechanism to extend that
        across borders
    - OAuth use would imply products could switch out backplane with common API
    - Asessing Need for External Interaction
        - WS-*, / OAuth need a lot
        - SSOS -> SAML TC needs some
        - eGov little/none, just use case input
    - What would the output of the eGov item be?
        - A Kantara document? An SDO input?
        - Conor: can't submit a profile without the specs it's based on
        - The SAML 2.0 profile isn't headed anywhere, so this wouldn't
            need to be either
        - Is it useful absent a conformance program? Probably initially.
        - End game may depend on the use cases input
        - Anything is better than nothing, which is where we are today
        - Robin: shouldn't we take a longer view to ensure they have a path forward?
    - AS/SSOS
        - Interest in producing a SAML equivalent in OASIS
        - Difficult to do without copying ID-WSF, and without a submission, we can't
        - If it was submitted, not clear it's within the SAML TC charter
    - OAuth
        - Not clear we have the right "hooks" into community
    - IMI
        - TC is open for business
        - How do Infocard/IMI and WSF play together?
    - Peter is vice chair