FIWG Meeting Notes 2011-09-29

Attendees:

John Bradley
Hank Mauldin
Mary Ruddy
RL "Bob" Morgan,
Leif Johansson

Notes:

  • Roll Call---non quorate (motion for minutes carried to the next call)

1. State of PEER:

  • LJ: currently 0.5 is released, and dev contract is at an end
  • but it is not in usable state
  • new contract being arranged to get it to 1.0
  • JB:  Rainer Horbe asked about support for automated compliance reports
  • answer:  no, but funding from AT gov could change that ...
  • comparison to Danish JANUS system?
  • LJ:  JANUS wasn't designed to be extended, so hasn't been
  • what is mechanism in PEER project for funding feature requests?
  • can FI-WG do so?  OIX?  some governments?
  • LJ:  needs to be one backlog with common prioritization,
  • modulated by funding
  • best to flow funding thru TERENA
  • JB:  may have to figure how usual USG contractors can be involved
  • for fundable work to meet GSA needs
  • LJ:  seems like Kantara/OIX operational requirements can be met with
  • current user stories around administrator control of entry tagging
  • JB:  this could be a good thing for OIX to fund
  • LJ:  could make sense to fund Shib work on MDX
  • JB:  PingID may have some interest in MDX
  • LJ:  the IETF draft on MDX needs some updating, may need new author
  • would be good to have it published even on Experimental track

2. AOB

  • RL:  useful to have official SSTC spec for SAML metadata in JSON?
  • since JSON would be more appealing to OpenID Connect community?
  • JB:  maybe, could be contentious, mechanical translations are ugly
  • then of course there's the namespace problem
  • aka the extensibility problem
  • LJ:  could be good engagement for Andreas Solberg
    who has already done something like SAML md for OpenID Connect
  • LJ:  Swedish "fed soup" event indicated interest in
    "federation management appliance" supporting sector federations
    JB:  this may be the market that PingID sees
  • Proposed multilateral federation requirements/architecture doc
  • JB:  will create the doc space for proposed architecture doc
    RL:  will add some content real soon now
  • RL:  something to be done in evangelizing FI work in OpenID Connect?
  • LJ:  presumably would be of interest in managing attribute trust
  • ie who is trusted to assert what kind of attribute
  • JB:  eg Google's work with Post Office on street addresses
  • MR:  yes, attributes are the key
  • RL:  could be good opportunity at upcoming IIW, especially if
  • architecture doc is available, to do a session on this
  • JB:  let's do it

Adjourned