ULX Teleconference 2009-11-18

Owned by Former user (Deleted)
Last updated: Dec 08, 2009 by Former user (Deleted)Version comment

Kantara ULX Group Teleconference

Date and Time

  • Date: 2009-11-18
  • Time: 16:00 EDT

Attendees

  1. Trent Adams
  2. Eve Maler
  3. Joni Brennan
  4. Axel Nennker
  5. Barry Hieb
  6. Scott Cantor
  7. RL "Bob" Morgan

Regrets

  1. Paul Trevithick

Minutes

1. Attendance

  • Noted that quorum was achieved

2, MSFT Participation

  • Discussion about the importance of Microsoft participation, the potential obstacles to it, and likelihood of it

3. OpenID and OpenInfoCard Selector

  • Axel N reported that he is working on adding OpenID to openinfocard selector
  • Deutsche Telekom has several IdM/UI projects starting and may be joining Kantara (NOTE: DT has since joined KI)
  • he hopes to have something to show soon, perhaps by next call

4. Mozilla Weave

  • Mozilla Weave has some acct mgr functionality (eg replace OpenID UI with link invoking account manager / selector), now moved into separate Account Manager extension
    • SC: FF current pw manager is security nightmare concern that they don't recognize the security issues
    • AN: have seen UIs that are more secure but unusable
    • SC: FF password manager is very phishable today. Opera seems to do this better, with separate step but deployed client code creates great weight
    • AN: auto-software-update helps a lot
    • RL: discussion at IIW about whether OpenID selector has to have significant anti-phishing features, eg doing OP interaction in selector context
    • SC: trigger question remains also, eg Object Tag
    • AN: have expressed opinion against Object Tag in favor of Meta tag
    • RL: maybe we're also concerned about RP developer experience here?
    • SC: maybe what's needed is strawman proposals for middle ground between Object Tag and WS-Policy to explore the space
    • AN: WS-Policy expressions in latest Geneva code are very complicated would like to do white lists, can't do that maybe WS-Policy-Lite is needed to cover 80%

5. Typepad post about OpenID/federation usage

  • shows that if technology isn't a barrier, people can/will use it but that patterns of deployment are being set by big players
  • is the game already over for consumer sites?
  • Google itself is a victim of "the Google button" since most "Google accounts" are in Google Apps domains so not discoverable via generic Google OP link

6. How disparate are ULX use cases, even the non-consumer ones?

  • are we going to be left recommending patterns etc or can we do the "best possible" as envisioned in the charter?

7. Relationship to Kantara Identity Selector WG

  • if they're working on "gap fit" that might be premature or could be fed into ULX after some UI had been developed

8. Action Items

  • None

Next Meeting