[Concordia] Notes from 29 Jul 2008 Concordia community call

Eve Maler Eve.Maler at Sun.COM
Tue Jul 29 11:43:07 EDT 2008 


> I apologize in advance for missing anyone on the attendance list;
> please help me out with corrections.  I promise I'll never try to take
> notes directly on the wiki ever again. :-)
>
>
> == Attending ==
>
> Eve Maler (Sun), Britta Glade (Liberty), Eric Tiffany (Liberty), Sampo
> Kellomaki (Symlabs), Lena Kannappan (FuGen Solutions), Paul Madsen
> (NTT), John Bradley (ooTao), Charles Andres (Parity), Mary Ruddy
> (Social Physics), Ashish Jain (Pind Identity), Patrick Harding (Ping
> Identity), Rick Levinson (Oracle), Scott Cantor (Internet2)
>
>
> == Activities in the DIDW timeframe ==
>
> [http://public.cxo.com/conferences/index.html?conferenceID=24 DIDW
> conference 8-10 Sep 2008 in Anaheim]
>
>
> === Concordia-themed speaking slot ===
>
> Paul M. is scheduled to speak.  Patrick and Mary are interested to
> contribute content to his talk; Patrick may even be interested in
> formally joining as a co-speaker.  Britta will help field bio
> submissions and the like with these three folks.
>
> The topic is generally focused on bootstrapping between different
> technologies (which Eve is labeling "heterogeneous bootstrapping").
> This has at least a couple of interesting components:
>
> * Preserving the authentication context across systems (e.g., OpenID
> PAPE + SAML authentication context)
> * Preserving the interpretation of attributes/claims across systems
> (e.g., OpenID attributes, InfoCard self-issued claims, some of the
> standardized SAML attribute profiles if they're commonly used, and
> maybe even Liberty Personal Profile service info?)
>
> While these topics came up in last year's Concordia workshop at DIDW,
> they didn't get prioritized highly enough for us to begin work on
> them.  Perhaps their time has come...
>
>
> === OSIS workshop coordination ===
>
> [http://osis.idcommons.net/wiki/I4_User-Centric_Identity_Interop_through_Digital_ID_World_2008
>  OSIS I4 interop workshop]
>
> Charles reports that OSIS is thinking of structuring the time as more
> of a workshop vs. an interop demo in the style of previous events.
> 9am-11am would likely be an OSIS meeting, and 11am-3pm might be more
> "public", with various talks to be given each hour.
>
> John Bradley has added some placeholder matrix cells for a few likely
> combinations, and seeks information on who wants to interop on the
> basis of these.
>
> OSIS and Concordia folks generally are interested to get more specific
> about the use cases driving the need.  Here are some questions we  
> have:
>
> * Is it interesting to deployers to allow for using infocards directly
> for OpenID login, bypassing the redirect process for security reasons?
>
> * Do any deployers actually want OpenID and/or infocard bootstrapping
> to ID-WSF (with an EPR) right now?  (We anticipate getting more input
> from the NZ SSC in a few months when they really dig into this.)
>
> * To what extent is SAML-to-OAuth interesting among deployers?
>
> Netting this all out, does it make sense to offer a "Concordia input
> session" during the public portion of the OSIS workshop, sort of
> embedded in it?  We'd have to round up a solid group of deployers
> interested to offer substantive feedback, which is a pretty resource-
> intensive job.  Eve is willing to facilitate such a session if she can
> attend, which is not certain at this point!  Britta can help a bit
> with logistics, but will be attending the Liberty Identity Assurance
> workshop 1-3pm on the Monday so probably couldn't attend this sub-
> session.
>
> Eve and Charles will follow up on the idea of a bootstrapping use-case
> gathering sub-session, and will contact Britta if it's a go.
>
>
> == SAML authn context/LOA encoding issues ==
>
> Where is the Liberty eGov SIG in its deliberations?  Does it make
> sense for Concordia to finally develop some overall use cases here?
> Colin and Eric weighed in on the list preparatory to this call.  It
> seems there's a variety of considerations around this, only some of
> which are multi-protocol in the Concordia sense:
>
> * "Semantic": NIST levels, the work being done in the Liberty Identity
> Assurance group, etc.
> * "Syntactic": what are the URL names for the levels in the different
> technologies such as PAPE and SAML? etc.
> * "Messaging": if you use SAML attributes to hold levels, how can an
> SP dynamically request the level they want? etc.
> * What else?  "Security" considerations (such as the recent flap about
> Level 4 and its problems with bearer assertions)?
>
> We don't know exactly who owns which pieces and how much Concordia
> should get involved at this point.  So the question remains  
> unresolved.
>
> 	Eve
>
> Eve Maler                                         +1 425 947 4522
> Principal Engineer                            eve.maler @ sun.com
> Business Alliances group                    Sun Microsystems, Inc.
> _______________________________________________
> Community mailing list
> Community at projectconcordia.org
> http://lists.projectconcordia.org/mailman/listinfo/community

More information about the Community mailing list