[Concordia] Notes from 29 Jul 2008 Concordia community call

Eve Maler Eve.Maler at Sun.COM
Tue Jul 29 10:23:37 EDT 2008 



> Notes are up on the wiki, with the addition of John Tolbert's (Boeing)
> name to the attendance list...
>
> http://projectconcordia.org/index.php/Concordia_telecon_29_Jul_2008
>
> 	Eve
>
> On Jul 29, 2008, at 11:43 AM, Eve Maler wrote:
>
>> I apologize in advance for missing anyone on the attendance list;
>> please help me out with corrections.  I promise I'll never try to  
>> take
>> notes directly on the wiki ever again. :-)
>>
>>
>> == Attending ==
>>
>> Eve Maler (Sun), Britta Glade (Liberty), Eric Tiffany (Liberty),  
>> Sampo
>> Kellomaki (Symlabs), Lena Kannappan (FuGen Solutions), Paul Madsen
>> (NTT), John Bradley (ooTao), Charles Andres (Parity), Mary Ruddy
>> (Social Physics), Ashish Jain (Pind Identity), Patrick Harding (Ping
>> Identity), Rick Levinson (Oracle), Scott Cantor (Internet2)
>>
>>
>> == Activities in the DIDW timeframe ==
>>
>> [http://public.cxo.com/conferences/index.html?conferenceID=24 DIDW
>> conference 8-10 Sep 2008 in Anaheim]
>>
>>
>> === Concordia-themed speaking slot ===
>>
>> Paul M. is scheduled to speak.  Patrick and Mary are interested to
>> contribute content to his talk; Patrick may even be interested in
>> formally joining as a co-speaker.  Britta will help field bio
>> submissions and the like with these three folks.
>>
>> The topic is generally focused on bootstrapping between different
>> technologies (which Eve is labeling "heterogeneous bootstrapping").
>> This has at least a couple of interesting components:
>>
>> * Preserving the authentication context across systems (e.g., OpenID
>> PAPE + SAML authentication context)
>> * Preserving the interpretation of attributes/claims across systems
>> (e.g., OpenID attributes, InfoCard self-issued claims, some of the
>> standardized SAML attribute profiles if they're commonly used, and
>> maybe even Liberty Personal Profile service info?)
>>
>> While these topics came up in last year's Concordia workshop at DIDW,
>> they didn't get prioritized highly enough for us to begin work on
>> them.  Perhaps their time has come...
>>
>>
>> === OSIS workshop coordination ===
>>
>> [http://osis.idcommons.net/wiki/I4_User-Centric_Identity_Interop_through_Digital_ID_World_2008
>> OSIS I4 interop workshop]
>>
>> Charles reports that OSIS is thinking of structuring the time as more
>> of a workshop vs. an interop demo in the style of previous events.
>> 9am-11am would likely be an OSIS meeting, and 11am-3pm might be more
>> "public", with various talks to be given each hour.
>>
>> John Bradley has added some placeholder matrix cells for a few likely
>> combinations, and seeks information on who wants to interop on the
>> basis of these.
>>
>> OSIS and Concordia folks generally are interested to get more  
>> specific
>> about the use cases driving the need.  Here are some questions we
>> have:
>>
>> * Is it interesting to deployers to allow for using infocards  
>> directly
>> for OpenID login, bypassing the redirect process for security  
>> reasons?
>>
>> * Do any deployers actually want OpenID and/or infocard bootstrapping
>> to ID-WSF (with an EPR) right now?  (We anticipate getting more input
>> from the NZ SSC in a few months when they really dig into this.)
>>
>> * To what extent is SAML-to-OAuth interesting among deployers?
>>
>> Netting this all out, does it make sense to offer a "Concordia input
>> session" during the public portion of the OSIS workshop, sort of
>> embedded in it?  We'd have to round up a solid group of deployers
>> interested to offer substantive feedback, which is a pretty resource-
>> intensive job.  Eve is willing to facilitate such a session if she  
>> can
>> attend, which is not certain at this point!  Britta can help a bit
>> with logistics, but will be attending the Liberty Identity Assurance
>> workshop 1-3pm on the Monday so probably couldn't attend this sub-
>> session.
>>
>> Eve and Charles will follow up on the idea of a bootstrapping use- 
>> case
>> gathering sub-session, and will contact Britta if it's a go.
>>
>>
>> == SAML authn context/LOA encoding issues ==
>>
>> Where is the Liberty eGov SIG in its deliberations?  Does it make
>> sense for Concordia to finally develop some overall use cases here?
>> Colin and Eric weighed in on the list preparatory to this call.  It
>> seems there's a variety of considerations around this, only some of
>> which are multi-protocol in the Concordia sense:
>>
>> * "Semantic": NIST levels, the work being done in the Liberty  
>> Identity
>> Assurance group, etc.
>> * "Syntactic": what are the URL names for the levels in the different
>> technologies such as PAPE and SAML? etc.
>> * "Messaging": if you use SAML attributes to hold levels, how can an
>> SP dynamically request the level they want? etc.
>> * What else?  "Security" considerations (such as the recent flap  
>> about
>> Level 4 and its problems with bearer assertions)?
>>
>> We don't know exactly who owns which pieces and how much Concordia
>> should get involved at this point.  So the question remains
>> unresolved.
>>
>> 	Eve
>>
>> Eve Maler                                         +1 425 947 4522
>> Principal Engineer                            eve.maler @ sun.com
>> Business Alliances group                    Sun Microsystems, Inc.
>> _______________________________________________
>> Community mailing list
>> Community at projectconcordia.org
>> http://lists.projectconcordia.org/mailman/listinfo/community
>
> Eve Maler                                         +1 425 947 4522
> Principal Engineer                            eve.maler @ sun.com
> Business Alliances group                    Sun Microsystems, Inc.
>
> _______________________________________________
> Community mailing list
> Community at projectconcordia.org
> http://lists.projectconcordia.org/mailman/listinfo/community

More information about the Community mailing list