Versions Compared

Old Version 8

changes.mady.by.user Former user

Saved on

compared with

New Version Current

changes.mady.by.user Former user

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Migration of unmigrated content due to installation of a new plugin
Table of Contents
maxLevel4
minLevel3
maxLevel4
typeflat
separatorpipe

Logistics

  • Time: 08:00 PT | 11:00 ET | 16:00 UTC/GMT | 18:00 CEST (Time Chart)
  • Skype: +9900827042954214
  • US Dial-In: +1-201-793-9022
  • Room Code: 295-4214

Agenda

1) Roll Call

THIS IS A TEMPLATE

Voting:

  1. Scott CantorKeith Uber
  2. RL "Bob" Morgan
  3. John Bradley
  4. Philippe ClementPaul Trevithick

Voting, but not present:

  1. Paul Trevithick
  2. Axel Nennker
  3. Keith Uber
  4. Philippe Clement

Non-voting:

  1. Trent AdamsBob Pinhero
  2. Benoit Bailleux
  3. Valeska O'Leary

Not present

  1. Gael Gourmelen
  2. Trent Adams

Quorate meeting (x 4 of y6)

2) Minutes

Approve Approved the following minutes:

3

...

(a) ULX sequence diagram

To discuss and correct:

Image Removed

(b) Proposal for an active client trigger:

  • ulx://path-to-RP-metadata-JSON-for-HTTP
  • ulxs//path-to-RP-metadata-JSON-for-HTTPS

(c) ULX in HTTP request header

  • Proposal: include ISA-related preference info in HTTP request header
  • Info
    • Most important: the user's choice of cloud selector URL
    • Also: a set of user's preferred service providers (e.g. IdPs)
  • How?
    • Long term: Browsers could build this in
    • Short term: a small browser extension could implement
  • Why?
    • Would provide a standard way for the user to exert their preference

(d) Terminology: ISA architectures

  • RP-embedded (like our HTML mockup)
  • cloud selector (like Janrain) --formerly called "ISA" by this ULX WG (and predecessors)
  • active client selector

(e) Unresolved issues from previous meeting

...

) Terminology

We discussed and agreed on the names for these three Identity Selector architectures:

  1. RP-Managed Selector (e.g. our HTML mockup)
  2. Cloud Selector (e.g. Janrain, Avoco, Shiboleth Discovery etc.) --we formerly called this "ISA in the network"
  3. Active Client Selector (e.g. a browser integrated application or an enhanced browser) --we formerly called this "ISA in the device"

Paul made some comments about recent discussions, e.g. at IIW, about Active Client Selectors:

  • It is self-evident that the scope of ULX be limited to "next gen" active clients
  • Some feel that "next gen" active clients should rely on OAuth instead of using:
    • Dedicated client UI to gather auth materials
    • Dedicated UI to review/approve attribute/claim release
    • WS-Trust to fetch (e.g. SAML) token

Identity Selector Variations:

  • User-configurable - the Identity Selector can be configured with the user's preferred set of IdPs and other preferences
4) ULX Scope

We discussed and agreed that the ULX WG scope includes working on the following kinds of interactions between an Identity Selector and:

  • User
    • User Experience
    • Status: this is the first thing we worked on, we have an initial prototype
  • Relying Party (1) 
    • Defining what metadata the RP must supply to the IS
    • We have a JSON sample being circulated/discussed
  • Relying Party (2) NEW
    • Defining how a Cloud Selector and/or an Active Client Selector is invoked by the RP
  • IdP
    • Defining what metadata the IdP must supply to the IS

Scott: The "IdP Discovery Protocol" is not SAML dependent and could be used for the "Cloud Selector" case.

Next Meeting

  • Time: 08:00 PT | 11:00 ET | 16:00 UTC/GMT (Time Chart)
  • Skype: +9900827042954214
  • US Dial-In: +1-201-793-9022
  • Room Code: 295-4214