Skip to content

WG_Meeting 2022 01 11

Tim Cappalli edited this page Jan 26, 2022 · 1 revision

Agenda

  • Intros and Reintros
  • Website update
  • RISC spec next steps: resolve backwards compat issue
  • Developer relations
  • New participants onboarding
  • Identiverse 2022
  • WG work and alignment with 2022 goals (Gail)

Attendees

  • Atul Tulshibagwale (SGNL)
  • Tim Cappalli (Microsoft)
  • Shayne Miel (Cisco)
  • Tom Sato (VeriClouds)
  • Joshua Metz (Cisco)
  • Manuel Cornello
  • Rifaat Shekh-Yusef (Auth0 - Okta)
  • Stan Bounev (VeriClouds)
  • Arturo Elias Anton
  • Mike Kiser (SailPoint)
  • Stefan
  • Lee Tschetter (Okta)

Notes

  • Gail's presentation re: SSE 2022 plan
  • Cisco SSE open source implementation is available, but no opinion on certification
  • Implementation maturity should precede creating a certification program
  • Is interop testing more important than certification? Seem so, given the number of implementations
  • What does an interop test look like? Gail shared how GAIN and other WGs are doing it
  • We would like to have OIDF support for doing the interop test
  • Support from OIDF to revamp the website (aligned with the OIDF "website refresh" initiative)
  • Tom Sato volunteered to draft the new website - how did FAPI get their page (fapi.openid.net)
  • FAPI page was a collaboration with FDX that didn't come to fruition. Not a model we should follow right now.
  • WG should update the home page on their own
  • OIDF is separately working on a website refresh
  • We should link to the sse.guide page from the WG home page.

Intros and Re-intros

  • Atul - CTO at SGNL, a new company working on enterprise authorization. Formerly at Google. Been with the WG from the beginning.
  • Shayne - works at Cisco, with SSE since mid-summer. Working diligently to implement some of this implementer's draft. Architect at Cisco working on authentication.
  • Lee - Director of Technical Strategy at Okta. Working on this in the past year. Championing this internally (program, strategy). Reach out to me if you would like to do anything with Okta
  • Gail - Executive Director of OIDF
  • Tom - Joined working group last autumn. Speciality is market adoption and outreach
  • Joshua Metz - Cisco, building the sample reference implementation. Work on the Duo security space
  • Tim - Standards architect at Microsoft and one of the original folks working on CAEP
  • Rifaat - Auth0 / Okta, Chair of the OAuth working group at the IETF. First time attending this meeting.
  • Stan - CEO of VeriClouds - provide identity threat intelligence. Contributing to the WG for about 3 years now.

Backward compatibility issue

  • How much compatibility should we maintain with a previous draft spec. Complicating this is that Google already has an implementation.
  • Precedent in the OIDC is that there is no backward compatibility with OIDF, but we could follow the OIDC model where we can add non-normative text at the end of the spec. The text may or may not mention specific implementations
  • There could be some value to improve some OIDF processes. How do we reference prior implementer's drafts of the spec?
  • We could follow the IETF model where we have multiple published versions of a draft spec, but you could reference a previous draft for backwards compatibility
  • Is it a nomenclature issue? Or is it just the WG flagging something as a referenceable draft?
  • WG assigns a specific numbered draft and can refer to it normatively
  • We should copy the style of the OIDC spec
  • Atul to update the PR with that language

Developer relations

  • People are getting interested in SSE
  • Talked to Ebay, Rakuten, Facebook, Booking.com, Coupang and so on
  • We should have developer onboarding style webinars or meetings
  • People who are interested need to convince their colleagues, so they need materials
  • Masterclass at Identiverse - proposed by Tom Sato

Identiverse 2022

  • Proposed Panel
  • OIDF is going to be a non-profit sponsor of the conference
  • OIDF may get a breakout room, which we can use even if we do not get on the formal agenda

Agenda proposal

  • Can we alternate between one week of technical discussions and one week of other discussion so that we make progress on both fronts
  • We should mark each meeting in the wiki with a Tech / non-tech annotation
Clone this wiki locally