AMDG Notes from attribute break-out session

Who is interested in attributes? - Notes from the ISOC Identity Ecosystem Working Group

Open Groups defining standards / schemas / frameworks

  • OIX Attribute Exchange: only having its first meeting this week .
  • IETF: ABFAB.
  • MACE-DIR / eduperson / SHAC.

More closed defining standards / schemas / frameworks

  • ITU SG 17 U10: open to liaison with experts on board and open to members.
  • ISO.

These are possibly at a higher level than attribute schema.

Discussion / implementation groups:

  • Kantara Attribute Discussion Group.
  • REFEDS Attribute Release.
  • Other.
  • SCIM.
  • eID initiatives.

Problem areas

  • Sharing across the groups
    • it is difficult to share across where information is closed off by non-release before final / copyright / behind closed doors. The earlier in the process you share work, the easier interoperability is later. Where is convergence?
    • How are we ensuring that the correct feedback is being created when outputs / schemas / proposals are coming out of these groups? Is Kantara the feature for this?

Solutions:

  • making John Bradley be the lynch-pin.
  • use existing discussion groups – Kantara is the obvious place.
  • Go out to all the places having discussions – unscaleable.

What is the “internet of things” attribute schema?

  • MIBS (++).
  • Attributes of things as well as attributes of people.
  • Devices – as identity consumers as well as having identities themselves. Is device identity more a projection of personal identity?
  • Too much, too many, too patchy.
  • Collision-resistant namespaces - the OpenID Connect approach.

Solutions:

  • A simple way to design attribute schema.
  • Attribute registry?
  • Things that don’t assume that there will be one of every type.
  • Agreement around extensibility.
  • IANA?
  • Context provider – in what context can I use this context?

Where does the conversation about this happen? Who operates an attribute registry? We need real participants who will benefit from this.

  • Fostering Implementation
  • Developing the business case, putting time and effort in to adoption of what we have now.
  • Discussions to be had around what is the right scope to put around the structure of attributes – filtering, flexibility, assertion.

Solutions:

  • ????

Unclear spaces

  • Language code – still not a coherent way to express preferred language.

Solutions:

  • write up an RFC on problematic points?

 

OVERALL ACTION: Give these notes to OIX and Kantara