Kantara FI-WG Teleconference

Approved by quorum on 2019-07-17 call

Date and Time

• Date: Wednesday, June 5, 2019
• Time: 16:30 EDT

Attendees

• Roy, Nicholas (v),
• Bush, Judith (v)
• Cantor, Scott (v)
• Buxey, Alan (v)
• Morgan, Andrew (v)

Apologies

• Hoehn, Walter (v)
  
• Wessel, Keith (v)
• Goodman, Eric

Agenda

1. Roll call (QV group participation agreement - 5 of 9)
2. Agenda bash
3. Approval of previous meeting's minutes: https://kantarainitiative.org/confluence/x/2IDJBg
4. Review of previous AIs:
1. Walter: formatting revisions
5. Review of feedback received so far: https://kantarainitiative.org/confluence/x/6IDJBg
6. Broader community participation
1. Note sent to the larger list as well as a couple of additional nudges sent by Colin and Rainer to specific groups.
2. Are we making progress?
3. Do we need to do more? If so, brainstorm additional channels.

Minutes

1. Roll call
2. Agenda bash -- no new topics
3. No Quorum, therefore no minutes approval
4. AI: Nick will ask Walter re formatting on the list [DONE]
5. Discussion of open issues
   1. Scott needs to refresh his memory on the specs.
   2. RFC doesn’t really matter, that’s the underlying-underlying spec. It’s XML encryption that matters.
   3. There is a newer one that allows for more pluggability.
   4. AI: Scott to do some research on this and get back to the group
   5. OAEP is a pain, confusing, like six different algorithms floating around.
   6. Intent “Use the standard default function, don’t get fancy.”
1. Issue #129 from github
6. Minutes approved from last meeting
7. Issue 1: contrast the two profile and reference other.
1. No disagreements
2. Would slot in after first paragraph
3. AI: Nick will propose language
8. Issue 2: Scott already has a comment
1. Scott explains other ecosystems may not have the issue, eg federated PKI or some other trust anchor, completely trusted CAs… There are other ways to do this but not relevant to R&E feds.
2. Scott says it’s hard to explain why the requirement is true in practice even if not in theory.
3. Can we have a nuanced response to Rainer? We do have italicised comments …. MUST NOT is “false” unless … we need to explain the metadata verification….  NO we do need to change this to be correct.
4. We should give examples that tie back to different ways that trust can be verified.
5. We can say must not if we preclude other ways. SWITCH might do something different? Some R&E feds do use different patterns, but it’s not the same issue as Reiner is bringing up. Since we are trying to avoid bringing up federations, we don’t want to preclude.
6. Let’s focus on a positive requirement -last sentence in italics.  We’ll need to turn it into a technical requirement
7. AI: Scott will take this approach
9. Issue 3: Ajax…. Single page apps
1. AI: Andy will fix this one
10. Issue 4: SP23
1. NoOp - answered by Scott
2. AI: Nick to ask Rainer to clarify [DONE]
11. No thoughts on beating additional bushes for feedback --we have attracted some ….

Next Meeting

• Date: Tues, June 19#, 2019
• Time: 16:30 EDT
• Code: https://global.gotomeeting.com/join/110596309

• You can also dial in using your phone.
  
  

  United States: +1 (669) 224-3318

  
  

  Access Code: 110-596-309

  
  

  More phone numbers
  
  

  Australia: +61 2 8355 1038
  
  

  Austria: +43 1 2530 22500
  
  

  Belgium: +32 28 93 7002
  
  

  Canada: +1 (647) 497-9380
  
  

  Denmark: +45 32 72 03 69
  
  

  Finland: +358 923 17 0556
  
  

  France: +33 170 950 590
  
  

  Germany: +49 692 5736 7300
  
  

  Ireland: +353 15 360 756
  
  

  Italy: +39 0 230 57 81 80
  
  

  Netherlands: +31 207 941 375
  
  

  New Zealand: +64 9 282 9510
  
  

  Norway: +47 21 93 37 37
  
  

  Spain: +34 932 75 1230
  
  

  Sweden: +46 853 527 818
  
  

  Switzerland: +41 225 4599 60
  
  

  United Kingdom: +44 330 221 0097

NOTE: Do not follow the code with a "#" symbol as it may cause the code not to be recognized.