Skip to end of banner Go to start of banner

ULX Teleconference 2010-11-08

Skip to end of metadata

Created by Former user, last modified on Nov 08, 2010

Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

Logistics

Time: 08:00 PT | 11:00 ET | 16:00 UTC/GMT | 18:00 CEST (Time Chart)
Skype: +9900827042954214
US Dial-In: +1-201-793-9022
Room Code: 295-4214

Agenda

1) Roll Call

THIS IS A TEMPLATE

Voting:

Scott Cantor
RL "Bob" Morgan
John Bradley
Paul Trevithick

Voting, but not present:

Axel Nennker
Keith Uber
Philippe Clement

Non-voting:

Bob Pinhero
Benoit Bailleux
Valeska O'Leary

Not present

Gael Gourmelen
Trent Adams

Quorate meeting (4 of 6)

2) Minutes

Approved the following minutes:

http://kantarainitiative.org/confluence/display/ulx/ULX+Teleconference+2010-10-25

3) Terminology

Three Identity Selector architectures:

RP-Managed Selector (like our HTML mockup)
Cloud Selector (like Janrain, Avoco, Shiboleth Discovery etc.) --formerly called "ISA" by this ULX WG (and its predecessors)
Active Client Selector (e.g. a browser integrated application or an enhanced browser)

Recent discussions about Active Client Selectors:

It is self-evident that the scope of ULX be limited to "next gen" active clients
Some feel that "next gen" active clients should rely on OAuth instead of using:
- Dedicated client UI to gather auth materials
- Dedicated UI to review/approve attribute/claim release
- WS-Trust to fetch (e.g. SAML) token

Identity Selector Variations:

User-configurable (or not) - can the IS be configured with the user's preferred set of IdPs. Being user-configurable implies that the user has an account on the IS
Request-and-forward (IS fetches token and POSTs to RP) vs. Selection-only -- can we think of better names?

4) Review ULX Scope (Creep)

User <--> ISA UX
ISA <--> RP (RP metadata)
ISA <--> IdP (IdP metadata)
NEW: ISA invocation for #2 and #3

5) ULX Sequence diagram

To discuss and correct from some points of view:

Diagram tries to cover all three ISA architectures, does it succeed?
It shows that ISA is directly fetching attributes and thus acting as an intermediary. Do we need another diagram variant that shows the architecture where the ISA makes the selection and does nothing else (aka "gets out of the way")

6) Proposal for an active client trigger:

ulx://path-to-RP-metadata-JSON-for-HTTP
ulxs//path-to-RP-metadata-JSON-for-HTTPS

7) ULX in HTTP request header

Proposal: include ISA-related preference info in HTTP request header
Info
- Most important: the user's choice of cloud selector URL
- Also: a set of user's preferred service providers (e.g. IdPs)
How?
- Long term: Browsers could build this in
- Short term: a small browser extension could implement
Why?
- Would provide a standard way for the user to exert their preference

8) Unresolved issues from previous meeting

See http://kantarainitiative.org/confluence/display/ulx/ULX+Teleconference+2010-10-25
- Walkthrough of Finnish selector use case (eg SP-driven IdP grouping and priorities) http://kantarainitiative.org/confluence/display/ulx/Use+Case+Finnish+services+for+citizens|../../../../../../../../../display/ulx/Use+Case+Finnish+services+for+citizens||||\

Next Meeting

Time: 08:00 PT | 11:00 ET | 16:00 UTC/GMT (Time Chart)
Skype: +9900827042954214
US Dial-In: +1-201-793-9022
Room Code: 295-4214

No labels