Logistics
- Time: 08:00 PT | 11:00 ET | 16:00 UTC/GMT | 18:00 CEST (Time Chart)
- Skype: +9900827042954214
- US Dial-In: +1-201-793-9022
- Room Code: 295-4214
Agenda
1) Roll Call
THIS IS A TEMPLATE
Voting:
- Scott Cantor
- RL "Bob" Morgan
- John Bradley
- Paul Trevithick
Voting, but not present:
- Axel Nennker
- Keith Uber
- Philippe Clement
Non-voting:
- Bob Pinhero
- Benoit Bailleux
- Valeska O'Leary
Not present
- Gael Gourmelen
- Trent Adams
Quorate meeting (4 of 6)
2) Minutes
Approved the following minutes:
3) Terminology
Three Identity Selector architectures:
- RP-Managed Selector (like our HTML mockup)
- Cloud Selector (like Janrain, Avoco, Shiboleth Discovery etc.) --formerly called "ISA" by this ULX WG (and its predecessors)
- Active Client Selector (e.g. a browser integrated application or an enhanced browser)
Trends in Active Client Selectors:
- It is self-evident that the scope of ULX be limited to "next gen" active clients
- "next gen" active clients to rely on OAuth instead of using:
- Dedicated client UI to gather auth materials
- Dedicated UI to review/approve attribute/claim release
- WS-Trust to fetch token
ISA Variations:
- User-aware vs. stateless --can we think of better names?
- Request-and-forward (ISA fetches token and POSTs to RP) vs. Selection-only -- can we think of better names?
4) Review ULX Scope (Creep)
- User <--> ISA UX
- ISA <--> RP (RP metadata)
- ISA <--> IdP (IdP metadata)
- NEW: ISA invocation for #2 and #3
5) ULX Sequence diagram
To discuss and correct from some points of view:
- Diagram tries to cover all three ISA architectures, does it succeed?
- It shows that ISA is directly fetching attributes and thus acting as an intermediary. Do we need another diagram variant that shows the architecture where the ISA makes the selection and does nothing else (aka "gets out of the way")
6) Proposal for an active client trigger:
- ulx://path-to-RP-metadata-JSON-for-HTTP
- ulxs//path-to-RP-metadata-JSON-for-HTTPS
7) ULX in HTTP request header
- Proposal: include ISA-related preference info in HTTP request header
- Info
- Most important: the user's choice of cloud selector URL
- Also: a set of user's preferred service providers (e.g. IdPs)
- How?
- Long term: Browsers could build this in
- Short term: a small browser extension could implement
- Why?
- Would provide a standard way for the user to exert their preference
8) Unresolved issues from previous meeting
- See http://kantarainitiative.org/confluence/display/ulx/ULX+Teleconference+2010-10-25
- Walkthrough of Finnish selector use case (eg SP-driven IdP grouping and priorities) http://kantarainitiative.org/confluence/display/ulx/Use+Case+Finnish+services+for+citizens|../../../../../../../../../display/ulx/Use+Case+Finnish+services+for+citizens|||\
Next Meeting
- Time: 08:00 PT | 11:00 ET | 16:00 UTC/GMT (Time Chart)
- Skype: +9900827042954214
- US Dial-In: +1-201-793-9022
- Room Code: 295-4214