Call - Jan 07 2010

Roll

Conor, Scott, Paul, George Inman, Hubert, Phil, Prateek, David

Approve minutes from Dec 10 call

http://kantarainitiative.org/confluence/display/idwsf/Call+-+December+10+-+2009

Hubert motions, Paul seconds

WSF DS enhancement requests

  • David Chadwick

http://kantarainitiative.org/pipermail/wg-idwsf/2010-January/000041.html

http://kantarainitiative.org/pipermail/wg-idwsf/2010-January/000043.html

David takes us through protocol sequence diagrams

4a) David's first req is that the IDP can return separable tokens. Conor points out that there are mechanisms to allow this.

Scott points out there are performance issues for all the separate signing

Paul - is this SSTC issue?

4b) next issue is

a boolean flag on the DS Query to allow the SP to indicate aggregation prefs.

4c) wants to be able to combine a ds Query and an AttributeQuery

Next steps

i) boolean is an attribute, warrants some sort of spec

ii) best practices for compartmentalizing tokens - discussion in SSTC

iii) how to combine messages? issue remains

Scott proposes new protocol preferable

Submission of WSF pieces to SSTC

  • Phil and/or Prateek

Prateek situation is that Oracle is boradly interested in attribute flows, Phil working on IGF, acquistion of id data distinct from authentication. One gap in SAML is that propogating attributes is undefined. Thus interest in Nokia-Siemens. Thats where the discussions in SSTC tocuhed on WSF.

Phil, ultimate requriement is to be able to update attributes. What parts of WSF are relevant?

Should SAML be a full read/write spec?

Prateek, one piece of discussion was Scott's suggestion that this work happen in a separate group (within SSTC) .

Scott has hard time to believe that its relevant to move on this until vendors participate/commit. Contends very few vendors participate in SSTC

Scott & Phil agree that original N/S proposal was too simple.

Same barriers to adoption that WSF has faced would confront a subset of WSF. DOes moving into OASIS address.

Scott points out that if you build something WSF-like, you may step on IPR & open up cans o worms. Need 100% clarity over IP issues- same situation as SAML as in, with non-assertion covenants etc

If there are problems that WSF addresses, things (IP etc) are much simpler if you build on WSF specs as they stand rather than trying to submit it to OASIS etc

Prateek suggests that he and Phil need to go off and do some homework. May be a while. Suggests that cloud emergence will make this relevant.

AOB

Next call Jan 21