09-swxg-minutes.html 36.8 KB
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 231 232 233 234 235 236 237 238 239 240 241 242 243 244 245 246 247 248 249 250 251 252 253 254 255 256 257 258 259 260 261 262 263 264 265 266 267 268 269 270 271 272 273 274 275 276 277 278 279 280 281 282 283 284 285 286 287 288 289 290 291 292 293 294 295 296 297 298 299 300 301 302 303 304 305 306 307 308 309 310 311 312 313 314 315 316 317 318 319 320 321 322 323 324 325 326 327 328 329 330 331 332 333 334 335 336 337 338 339 340 341 342 343 344 345 346 347 348 349 350 351 352 353 354 355 356 357 358 359 360 361 362 363 364 365 366 367 368 369 370 371 372 373 374 375 376 377 378 379 380 381 382 383 384 385 386 387 388 389 390 391 392 393 394 395 396 397 398 399 400 401 402 403 404 405 406 407 408 409 410 411 412 413 414 415 416 417 418 419 420 421 422 423 424 425 426 427 428 429 430 431 432 433 434 435 436 437 438 439 440 441 442 443 444 445 446 447 448 449 450 451 452 453 454 455 456 457 458 459 460 461 462 463 464 465 466 467 468 469 470 471 472 473 474 475 476 477 478 479 480 481 482 483 484 485 486 487 488 489 490 491 492 493 494 495 496 497 498 499 500 501 502 503 504 505 506 507 508 509 510 511 512 513 514 515 516 517 518 519 520 521 522 523 524 525 526 527 528 529 530 531 532 533 534 535 536 537 538 539 540 541 542 543 544 545 546 547 548 549 550 551 552 553 554 555 556 557 558 559 560 561 562 563 564 565 566 567 568 569 570 571 572 573 574 575 576 577 578 579 580 581 582 583 584 585 586 587 588 589 590 591 592 593 594 595 596 597 598 599 600 601 602 603 604 605 606 607 608 609 610 611 612 613 614 615 616 617 618 619 620 621 622 623 624 625 626 627 628 629 630 631 632 633 634 635 636 637 638 639 640 641 642 643 644 645 646 647 648 649 650 651 652 653 654 655 656 657 658 659 660 661 662 663 664 665 666 667 668 669 670 671 672 673 674 675 676 677 678 679 680 681 682 683 684 685 686 687 688 689 690 691 692 693 694 695 696 697 698 699 700 701 702 703 704 705 706 707 708 709 710 711 712 713 714 715 716 717 718 719 720 721 722 723 724 725 726 727 728 729 730 731 732 733 734 735 736 737 738 739 740 741 742 743 744 745 746 747 748 749 750 751 752 753 754 755 756 757 758 759 760 761 762 763 764 765 766 767 768 769 770 771 772 773 774 775 776 777 778 779 780 781 782 783 784 785 786 787 788 789 790 791 792 793 794 795 796 797 798 799 800 801 802 803 804 805 806 807 808 809 810 811 812 813 814 815 816 817 818 819 820 821 822 823 824 825 826 827 828 829 830 831 832 833 834 835 836 837 838 839 840 841 842 843 844 845 846 847 848 849 850 851 852 853 854 855 856 857 858 859 860 861 862 863 864 865 866 867 868 869 870 871 872 873 874 875 876 877 878 879 880 881 882 883 884 885 886 887 888 889 890 891 892 893 894 895 896 897 898 899 900 901 902 903 904 905 906 907 908 909 910 911 912 913 914 915 916 917 918 919 920 921 922 923 924 925 926 927 928 929 930 931 932 933 934 935 936 937 938 939 940 941 942 943 944 945 946 947 948 949 950 951 952 953 954 955 956 957 958 959 960 961 962 963 964 965 966 967 968 969 970 971 972 973 974 975 976 977 978 979 980 981 982 983 984 985 986 987 988 989 990 991 992 993 994 995 996 997 998 999
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
    "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html lang='en' xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
<head>
  <meta name="generator" content=
  "HTML Tidy for Linux (vers 6 November 2007), see www.w3.org" />

  <title>Social Web Incubator Group Teleconference -- 09 Jun
  2010</title>
  <link type="text/css" rel="STYLESHEET" href=
  "http://www.w3.org/StyleSheets/base.css" />
  <link type="text/css" rel="STYLESHEET" href=
  "http://www.w3.org/StyleSheets/public.css" />
  <link type="text/css" rel="STYLESHEET" href=
  "http://www.w3.org/2004/02/minutes-style.css" />
  <meta content="Social Web Incubator Group Teleconference" name=
  "Title" />
  <meta content="text/html; charset=utf-8" http-equiv=
  "Content-Type" />
</head>

<body>
  <p><a href="http://www.w3.org/"><img src=
  "http://www.w3.org/Icons/w3c_home" alt="W3C" border="0" height=
  "48" width="72" /></a></p>

  <h1>- DRAFT -</h1>

  <h1>Social Web Incubator Group Teleconference</h1>

  <h2>09 Jun 2010</h2>

  <p><a href=
  'http://lists.w3.org/Archives/Public/public-xg-socialweb/2010Jun/0010.html'>
  Agenda</a></p>

  <p>See also: <a href="http://www.w3.org/2010/06/09-swxg-irc">IRC
  log</a></p>

  <h2><a name="attendees" id="attendees">Attendees</a></h2>

  <div class="intro">
    <dl>
      <dt>Present</dt>

      <dd>MacTed, Thomas, +1.781.416.aaaa, +1.218.296.aabb, paul,
      rreck, hhalpin, danbri, oshani, +1.510.931.aadd, melvster,
      +1.510.931.aaee</dd>

      <dt>Regrets</dt>

      <dt>Chair</dt>

      <dd>hhalpin</dd>

      <dt>Scribe</dt>

      <dd>danbri</dd>
    </dl>
  </div>

  <h2>Contents</h2>

  <ul>
    <li>
      <a href="#agenda">Topics</a>

      <ol>
        <li><a href="#item01">final report updates</a></li>

        <li><a href="#item02">Paul Trethevick on the State of
        Digital Identity</a></li>
      </ol>
    </li>

    <li><a href="#ActionSummary">Summary of Action Items</a></li>
  </ul>
  <hr />

  <div class="meeting">
    <p class='phone'></p>

    <p class='phone'></p>

    <p class='irc'>&lt;<cite>trackbot</cite>&gt; Date: 09 June
    2010</p>

    <p class='irc'>&lt;<cite>MacTed</cite>&gt; paul, is that 416
    number you?</p>

    <p class='irc'>&lt;<cite>paul</cite>&gt; I'm on a 781
    number</p>

    <p class='irc'>&lt;<cite>tlr</cite>&gt; 781.416...?</p>

    <p class='irc'>&lt;<cite>rreck</cite>&gt; are we meeting?</p>

    <p class='irc'>&lt;<cite>rreck</cite>&gt; me too</p>

    <p class='phone'>i'm having trouble geting in too</p>

    <p class='irc'>&lt;<cite>tlr</cite>&gt; the UK and FR lines
    seem to have issues, yes</p>

    <p class='irc'>&lt;<cite>rreck</cite>&gt; afk</p>

    <p class='irc'>&lt;<cite>hhalpin</cite>&gt; Mischa - can you
    scribe?</p>

    <p class='irc'>&lt;<cite>hhalpin</cite>&gt; scribe: danbri</p>

    <p class='phone'>is the log loggering?</p>

    <p class='irc'>&lt;<cite>hhalpin</cite>&gt; PROPOSED: to
    approve minutes from June 2nd meeting.</p>

    <p class='irc'>&lt;<cite>hhalpin</cite>&gt; <a href=
    "http://www.w3.org/2010/06/02-swxg-minutes.html">http://www.w3.org/2010/06/02-swxg-minutes.html</a></p>

    <p class='irc'>&lt;<cite>hhalpin</cite>&gt; +1</p>

    <p class='phone'>+1</p>

    <p class='irc'>&lt;<cite>hhalpin</cite>&gt; RESOLVED: approved
    minutes from June 2nd meeting</p>

    <p class='phone'>danbri regrets for next week (Notube f2f
    project meeting)</p>

    <p class='irc'>&lt;<cite>hhalpin</cite>&gt; Next Meeting:
    Distributed access control languages for privacy providers, MIT
    on AIR and PrimeLife on XACML</p>

    <h3 id="item01">final report updates</h3>

    <p class='phone'><cite>hhalpin:</cite> run-thru of final report
    actions<br />
    ... we had several regrets<br />
    ... mischa started an etherpad draft</p>

    <p class='irc'>&lt;<cite>hhalpin</cite>&gt; melvster: share
    etherpad with the rest of the group?</p>

    <p class='irc'>&lt;<cite>melvster</cite>&gt; one sec</p>

    <p class='irc'>&lt;<cite>melvster</cite>&gt; just dailing
    in</p>

    <p class='irc'>&lt;<cite>melvster</cite>&gt; sure!</p>

    <p class='irc'>&lt;<cite>melvster</cite>&gt; *work in progress*
    <a href=
    "http://openetherpad.org/Ea4YsoZGeU">http://openetherpad.org/Ea4YsoZGeU</a></p>

    <p class='phone'><cite>hhalpin:</cite> i didn't make muh
    progress on gap analysis</p>

    <p class='phone'>any prog on use cases?</p>

    <p class='irc'>&lt;<cite>hhalpin</cite>&gt; <a href=
    "http://openetherpad.org/Ea4YsoZGeU">http://openetherpad.org/Ea4YsoZGeU</a></p>

    <p class='phone'>(i dropped some messy notes into etherpad but
    not done much yet)</p>

    <h3 id="item02">Paul Trethevick on the State of Digital
    Identity</h3>

    <p class='phone'>(welcome Paul...)</p>

    <p class='irc'>&lt;<cite>hhalpin</cite>&gt; <a href=
    "http://www.slideshare.net/ptrevithick/swxg-201069">http://www.slideshare.net/ptrevithick/swxg-201069</a></p>

    <p class='phone'>ok i won't scribe things that are in the
    slides</p>

    <p class='irc'>&lt;<cite>hhalpin</cite>&gt; <a href=
    "http://www.slideshare.net/ptrevithick/active-clients-and-pd-ses-4452852">
    http://www.slideshare.net/ptrevithick/active-clients-and-pd-ses-4452852</a></p>

    <p class='phone'>who joined?</p>

    <p class='irc'>&lt;<cite>hhalpin</cite>&gt; Paul, do you wish
    to begin?</p>

    <p class='phone'><cite>Paul:</cite> Harry asked for a few
    thoughts on state of Identity industry. Hard challenge!</p>

    <p class='irc'>&lt;<cite>hhalpin</cite>&gt; So we are on first
    slide-deck, i.e. <a href=
    "http://www.slideshare.net/ptrevithick/swxg-201069">http://www.slideshare.net/ptrevithick/swxg-201069</a></p>

    <p class='phone'><cite>Paul:</cite> identity hard problem as
    perceived differently in different communities<br />
    ... language varies by community; it 'obviously' means x to
    some, something quite different / richer to others</p>

    <p class='irc'>&lt;<cite>bblfish</cite>&gt; hi</p>

    <p class='phone'><cite>Paul:</cite> some call that more
    advanced form 'claims based' identity<br />
    ... you don't necessarily need to identify a person to haev an
    interaction<br />
    ... some see authorisation as primal, identification as
    secondary</p>

    <p class='irc'>&lt;<cite>melvster</cite>&gt; bblfish: <a href=
    "http://www.slideshare.net/ptrevithick/swxg-201069">http://www.slideshare.net/ptrevithick/swxg-201069</a></p>

    <p class='phone'><cite>Paul:</cite> most of us tend to drop the
    word entirely due to these kinds of confusion<br />
    ... i was looking yesterday at privacy aware Web definitions,
    use of 'publisher', ... have to get over these kinds of
    terminological problems<br />
    ... - requirements vary by community<br />
    ... idea that different people are trying to solve slightly
    different problems<br />
    ... why do we look at this so differently?<br />
    ... idea of levels of assurance, eg. NIST's 4 levels<br />
    ... how much can relying party depend on strength of some
    assertions<br />
    ... some need levels of assurance &gt; 1</p>

    <p class='phone'>(hmm this? <a href=
    "http://en.wikipedia.org/wiki/Identity_Assurance_Framework#Assurance_Level_Criteria">
    http://en.wikipedia.org/wiki/Identity_Assurance_Framework#Assurance_Level_Criteria</a>
    )</p>

    <p class='irc'>&lt;<cite>hhalpin</cite>&gt; NIST levels are
    interesting...</p>

    <p class='phone'><cite>scribe:</cite> challenge here , some
    feel that anything &gt; 1 is irrelevant, uninteresting<br />
    ... that perspective driven by high volume, low value social
    web transactions<br />
    ... those on higher level (payment, govt) sometimes feel like
    'long tail' cornercases</p><br />
    .

    <p class='irc'>&lt;<cite>hhalpin</cite>&gt; but the high-volume
    transactions can eventually get need higher NIST level, i.e.
    binding payment to your social networking account ala
    Payswarm</p>

    <p class='phone'><cite>scribe:</cite> also eg yesterday talked
    w/ natioanl cancer institute re sharing medical records<br />
    ... also Verified vs self-asserted attributes<br />
    ... much socialweb stuff is just asserted by end users<br />
    ... other scenarios (reputation systems, payment systems), ...
    some people / communities will look at these requirements and
    say 'no thanks'<br />
    ... eg. equifax can issue 'bearer of assertion is &gt; 21 years
    old' (but we'll reveal nothing else about them)<br />
    ... a lot of probs around protecting children are around lack
    of verified 3rd party assertions of attributes<br />
    ... also req: need to aggregate from multiple different
    providers<br />
    ... for high volume / simple sites, this isn't a problem<br />
    ... other use cases, you distinguish even from an ID provider
    and an attribute provider</p>

    <p class='irc'>&lt;<cite>hhalpin</cite>&gt; attribute
    provider/identity provider an interesting distinction.</p>

    <p class='phone'><cite>scribe:</cite> you can not have to keep
    authenticating but can aggregate attribs [missed]</p>

    <p class='phone'>[slide 5 now on slideshare]</p>

    <p class='phone'><cite>scribe:</cite> linkability<br />
    ... this makes perfect sense to some, but too much for others
    [see kim camerons laws of id ... re deployable systems]<br />
    ... you can agree / disagree, but this is the landscape of
    [lack of ] consensus</p>

    <p class='phone'>"Some uses cases require high assurance and
    unlinkability (and sometimes even offline presentation of
    security tokens)."</p>

    <p class='phone'>submarine example; disconnected from 'net but
    need to auth things internally</p>

    <p class='phone'><cite>scribe:</cite> a lot of discussion
    lately re levels of protection<br />
    ... converse of levels of assurance<br />
    ... coudl we could to a world where use is a party to digitally
    signed contract<br />
    ... it's released to relying party, but the rp is bound not to
    resell<br />
    ... for that to be non-repudiable, need ... [missed detail,
    sorry]<br />
    ... concern that lately too much emphasis on crypto<br />
    ... some control, but also more on accountability, in everyday
    life</p>

    <p class='irc'>&lt;<cite>bblfish</cite>&gt; zakim aaee is
    bblfish</p>

    <p class='phone'><cite>scribe:</cite> so there are only
    prototypes of tech currently that can handle this<br />
    ... again these are just examples of why this [consensus] is
    hard<br />
    ... hard to build something universal, addressing all
    requirements<br />
    ... ie. this talk might be considered something of an apology
    for lack of progress given the energy/effort</p>

    <p class='irc'>&lt;<cite>hhalpin</cite>&gt; no apologies needed
    paul, there is clearly progress being made and the problem is
    hard!</p>

    <p class='phone'><cite>scribe:</cite> several community</p>

    <p class='phone'>Identity Commons (2005) <a href=
    "http://idcommons.net">http://idcommons.net</a></p>

    <p class='phone'><cite>scribe:</cite> distinguishing open /
    user centric id folk from enterprise / proprietary world (of
    which i know little)</p>

    <p class='phone'>IIW is the (intense, 3 day) hub of this
    world</p>

    <p class='phone'><cite>scribe:</cite> OpenID Foundation (2007)
    <a href="http://openid.net">http://openid.net</a></p>

    <p class='phone'>[ is <a href=
    "http://community.livejournal.com/lj_dev/683939.html">http://community.livejournal.com/lj_dev/683939.html</a>
    the 1st openid spec btw?]</p>

    <p class='phone'><cite>scribe:</cite> internal competition
    within openid now<br />
    ... different groups, perceive problem sets differently<br />
    ...Qs: what is the openid foundation? a broad church or an
    advocacy org for one particiular protocol?</p>

    <p class='phone'>dataportability? DataPortability.org
    (2007)</p>

    <p class='phone'><cite>scribe:</cite> struck a nerve re user
    control</p>

    <p class='phone'>Information Card Foundation (2008) <a href=
    "http://informationcard.net">http://informationcard.net</a></p>

    <p class='phone'><cite>scribe:</cite> began around ms cardspace
    and oasis IMI, ...<br />
    ... "Next generation: Integrated with the browser. Consistent
    UX across protocols including: un/pw, OpenID (to reduce
    phishing), IMI (legacy), and OpenID V.Next, client side certs
    (perhaps)?"<br />
    ... that foundation also at a crossroads<br />
    ... is more emphasising active clients<br />
    ... found some issues w/ active clients</p>

    <p class='phone'>esp requiring a download, and insisting on a
    single unifying protocol</p>

    <p class='phone'><cite>scribe:</cite> soul-searching and next
    gen work<br />
    ... moving beyond single protocol</p>

    <p class='phone'>makign it 'better with'</p>

    <p class='phone'>"Kantara (2009) - <a href=
    "http://kantarainitiative.org">http://kantarainitiative.org</a></p>

    <p class='phone'><cite>scribe:</cite> kinda interesting<br />
    ... analysis coupleyears ago, interviewed rigorously many from
    ID scene<br />
    ... under NDA<br />
    ... to make a new org<br />
    ... they [we] concluded that we have moved into a
    cross-protocol era<br />
    ... needed a pulling together of a number of these disperate
    communities<br />
    ... was then the old liberty alliance, saml work<br />
    ... which was a response to hailstorm/passport<br />
    ... also openid appeared<br />
    ... 3 tech groups appeared<br />
    ... to some extent it's an unrealised objective<br />
    ... strategically it's right<br />
    ... Kantara replaced liberty alliance<br />
    ... and working on some crosscutting stuff</p>

    <p class='phone'>( also new ones this year )</p>

    <p class='phone'>a joint board, infocard and openid(?)</p>

    <p class='phone'><cite>scribe:</cite> discussion of what's
    missing, usability vs specs<br />
    ... role of biz agreements that allocate liability<br />
    ... joint sales efforts<br />
    ... obama team wanted to open govt up and use commercial ids
    from industry<br />
    ... catalytic effect<br />
    ... govt said we like openid, but want also stronger
    assurances, info card stuff, ... but hey we're just a
    customer,...<br />
    ... big enough that got attention of those 2 foundations, who
    self-organized and stopped quibbling<br />
    ... in some way stopped competing a bit<br />
    ... united front to the federal govt, and said 'whichever, we
    see the fed govt won't enter into commercial relationships w/
    for example paypal, yahoo, google, whoever... unless there are
    certifiable properties, privacy characteristics, audits,
    ...<br />
    ... understand liability, ...<br />
    ... caused spontaneous creation of the Open Identity
    Exchange</p>

    <p class='phone'>(OIX?)</p>

    <p class='phone'><cite>scribe:</cite> so they joined forces to
    form that</p>

    <p class='irc'>&lt;<cite>Zakim</cite>&gt; danbri, you wanted to
    ask how messy patent situation is (what is feasible
    royalty-free?)</p>

    <p class='phone'>(patent talk later)</p>

    <p class='phone'>kantara and others ... corporate sponsors, +
    leadership council</p>

    <p class='phone'>(i missed some detail)</p>

    <p class='irc'>&lt;<cite>hhalpin</cite>&gt; likes the community
    members and corporate sponsor model, maybe that could work for
    the w3c</p>

    <p class='phone'>oidf and icf ,... same governance model,
    blender board, 1 member one vote, community members
    outweigh</p>

    <p class='phone'><cite>scribe:</cite> re participartion, indivs
    and companies can join, but $100 for an indiv, in some cases
    $25<br />
    ... in terms of how openly they operate, that could be
    debated<br />
    ... theoretically, all open to all<br />
    ... but strong interpersonal relationships and personalities
    are in many cases the driver of what happens than the formal
    structures<br />
    ... has to be seen to be believed<br />
    ... this is not something like w3c or oasis<br />
    ... kantara is most formal/structure, icf more, openid
    foundation</p>

    <p class='phone'>they all have public archived mailing
    lists</p>

    <p class='phone'>all 3 have private board lists</p>

    <p class='phone'>vast majority of everything is public</p>

    <p class='phone'>last one, Xauth, is interesting ---</p>

    <p class='phone'>--- it's a way to personalise the login
    situation</p>

    <p class='phone'><cite>scribe:</cite> if oyu only have an
    unmodified browser, you show up with a fresh browser it can't
    be customised</p>

    <p class='phone'>(forgetting the CSS History hack :)</p>

    <p class='phone'><cite>scribe:</cite> school of thought that
    says 'browsers don't know who you are ...<br />
    ... nor who your preferred attribute/identity providers
    are<br />
    ... hence the 'nascar problem', long list of logos<br />
    ... so a tyranny of the mega-brands<br />
    ... so relying parties put facebook/google/yahoo at the
    top<br />
    ... which has a somewhat perverse effect<br />
    ... xauth says with html5 and some tricks, we can hack a way
    for the relying party to learn what someone's prefs are<br />
    ... shorter list<br />
    ... these are ways to work around an architectural
    problem<br />
    ... which is that browsers don't know who you are<br />
    ... slide 7 <a href=
    "http://www.slideshare.net/ptrevithick/swxg-201069">http://www.slideshare.net/ptrevithick/swxg-201069</a><br />

    ... openid 2.0 (legacy openid)</p>

    <p class='phone'>50k sites and growing, relying parties</p>

    <p class='phone'><cite>scribe:</cite> q is where we go from
    here</p>

    <p class='phone'>openid has a number of problems</p>

    <p class='phone'>3 key</p>

    <p class='phone'>1 - OpenID-AB [Attribute Binding] - <a href=
    "http://bitbucket.org/openid/ab/wiki/Home">http://bitbucket.org/openid/ab/wiki/Home</a></p>

    <p class='phone'>Proposed by Nat Sakamura and others in early
    2009</p>

    <p class='phone'><cite>scribe:</cite> has not had much
    attention yet</p>

    <p class='phone'>2 - OpenID V.Next</p>

    <p class='phone'>(discussed last fall and this spring at
    IIW)</p>

    <p class='phone'>v.Next codename for whatever appens</p>

    <p class='phone'>in May, OpenID Connect proposal from David
    Recordon (and social Web friends)</p>

    <p class='phone'>all these 3 are breaking changes</p>

    <p class='phone'>not backwards compatible</p>

    <p class='phone'><cite>scribe:</cite> I don't yet see how this
    is going to get resolved<br />
    ... openid connect is 'get a spec out there ... let's just do
    it!'<br />
    ... caught some ppl by suprise<br />
    ... openid community is trying to figure out a way fwd thru all
    this<br />
    ... I hope the earlier slides set some context for this<br />
    ... and difficulty in agreeing even common requirements</p>

    <p class='phone'>Slide 9 -</p>

    <p class='phone'>personal opinion -</p>

    <p class='phone'><cite>scribe:</cite> we can't stop creation of
    new protocols<br />
    ... open, etc<br />
    ... what happens a lot is much reinvention<br />
    ... come up with stuff, don't see what came before<br />
    ... do something quick/dirty that solves some problems
    now<br />
    ... then start making it more robust<br />
    ... realise it isn't 80% solution, but 45%, ...<br />
    ... then someone new jumps in<br />
    ... natural cycle of reinvention<br />
    ... yesterday/last-night investigating webid [ie. foaf+ssl]</p>

    <p class='irc'>&lt;<cite>bblfish</cite>&gt; I'd say WebId being
    based on the semweb, in one protocol that can then bind all of
    them together.... One can bind in OpenId for example. (not sure
    about the others)</p>

    <p class='phone'><cite>scribe:</cite> looks like it would solve
    some fraction of use cases, has nice characteristics<br />
    ... but partial solution<br />
    ... not clear how much things will converge<br />
    ... or how much analogy with email, where Internet email
    eventually dominated<br />
    ... i note that whenever we build something new that gets used,
    ... it is out there and not going away<br />
    ... and that username + password could easily stay dominant for
    10+ more years<br />
    ... we have learned things<br />
    ... users don't care<br />
    ... they want something that makes sense to them<br />
    ... ux is the key to them<br />
    ... if you go to an RP and say 'this is great tech, saml no
    infocard no openid no ...." the RP will say "well, we have to
    support at least username/ password .. and i'll have to link
    the accounts ...</p>

    <p class='irc'>&lt;<cite>bblfish</cite>&gt; (note on above
    there is work integrating WebID with SAML in Machester, with
    SOAP in University of Southampton...)</p>

    <p class='phone'><cite>scribe:</cite> so the RPs live in a
    necessarily multi-protocol world</p>

    <p class='phone'>but our communities don't organize in those
    terms</p>

    <p class='phone'><cite>scribe:</cite> eg create a common apache
    module<br />
    ... this is a structural problem</p>

    <p class='phone'>[ very interesting! --danbri ]</p>

    <p class='phone'><cite>scribe:</cite> communities eventually
    say 'oh we have overlap, need to blend things ... '<br />
    ... attempts to say 'here is an active client, eg. ms cardspace
    '. ... it just didn't work<br />
    ... to use the solution, you needed 'this thing', the right
    version with your OS, download it if needed, need to be on
    windows, etc etc<br />
    ... so the idea that active clients needed for system to work
    ... a nonstarterr<br />
    ... always this locked down enterprise computer, library kiosk,
    ... person can't install plugin, upgrade a pc, etc ...<br />
    ... so lately active client ppl have a 'better with'
    approach<br />
    ... ie. it works normally but is 'better with' the addon
    (whether an ng-browser, or addon)<br />
    ... ppl look at 'open identity community' and they see a
    swirling churning mess of people putting down each other's
    stuff, partial penetration, etc<br />
    ... and they say 'ok, let's wait for this catfight to calm
    down'<br />
    ... status quo, is do nothing, use a proprietary thing, if
    username/password don't do it<br />
    ... with 1 exception: facebook connect, picking up a lot of use
    across Web<br />
    ... they have an id tech plus attributes<br />
    ... last pt: the identity community, with all these nonprofits,
    is not structurally in a good place to solve needs of the
    marketplace<br />
    ... couple of specific points re socialweb<br />
    ... identifiers and user experience<br />
    ... my perception<br />
    ... in beginning, was 'type in your openid URI'<br />
    ... rough consensus: not working<br />
    ... they understand it only as for pages/info<br />
    ... doesn't work on ppl<br />
    ... they understand email addresses<br />
    ... so openid said 'click on a button'<br />
    ... but measured results were higher conversion rates</p>

    <p class='irc'>&lt;<cite>dsearls2</cite>&gt; Hey Dan, all. It's
    Doc.</p>

    <p class='phone'><cite>scribe:</cite> with benefit to those at
    top of list</p>

    <p class='phone'>see link for logs, doc</p>

    <p class='irc'>&lt;<cite>dsearls2</cite>&gt; ok</p>

    <p class='phone'><cite>paul:</cite> 'people get that, re use of
    email<br />
    ... end-user re-education is a huge issue<br />
    ... and now with xauth we can personalise the nascar icon list
    to something more manageable<br />
    ... best we can do short of active client<br />
    ... slide 12:</p>

    <p class='irc'>&lt;<cite>oshani</cite>&gt; dsearls2, here's the
    slides: <a href=
    "http://www.slideshare.net/ptrevithick/swxg-201069">http://www.slideshare.net/ptrevithick/swxg-201069</a></p>

    <p class='phone'>attribute schemes</p>

    <p class='phone'><cite>scribe:</cite> there are so many of
    these things, so much overlap, ...<br />
    ... if you start taking view from biz point of view, that
    relying party is key ,... you want that to be easy as
    possible</p>

    <p class='phone'>too many schemas makes RP's life hard</p>

    <p class='irc'>&lt;<cite>Zakim</cite>&gt; danbri, you wanted to
    ask how messy patent situation is (what is feasible
    royalty-free?) and to</p>

    <p class='phone'>[other deck]</p>

    <p class='phone'>can you scribe harry?</p>

    <p class='irc'>&lt;<cite>rreck</cite>&gt; thanks for your
    presentation, it was very informative</p>

    <p class='irc'>&lt;<cite>hhalpin</cite>&gt; scribenick:
    hhalpin</p>

    <p class='phone'><cite>danbri:</cite> any patents in identity
    scene?<br />
    ... any idea how messy situation is?</p>

    <p class='phone'><cite>paul:</cite> it doesnt get talked about
    that much<br />
    ... varies by organization depending on struture<br />
    ... we try in ICF and Kantara to have IPR rules</p>

    <p class='irc'>&lt;<cite>danbri</cite>&gt; (w3c history - eg
    see <a href=
    "http://www.w3.org/TR/P3P-analysis">http://www.w3.org/TR/P3P-analysis</a>
    )</p>

    <p class='phone'><cite>paul:</cite> we can tell that things
    happen just willy nilly<br />
    ... not developed in a structure and not necessarily
    ideal<br />
    ... pretty confusing to me<br />
    ... hard to know whats lurking out there, esp. with OpenID</p>

    <p class='phone'><cite>danbri:</cite> if we wanted to get
    something in all the browsers<br />
    ... could we get those vendors to commit to RF-status?</p>

    <p class='phone'><cite>paul:</cite> I work in this Eclipse
    Higgins project<br />
    ... so our patent reviews are pretty good<br />
    ... an explicit license is being given to contribution</p>

    <p class='phone'><cite>danbri:</cite> relevant specification,
    go back to paper trail to see how the W3C developed its patent
    policy</p>

    <p class='phone'><cite>paul:</cite> not sure re specs</p>

    <p class='irc'>&lt;<cite>scribe</cite>&gt; scribenick:
    danbri</p>

    <p class='irc'>&lt;<cite>melvster</cite>&gt; paul: awesome
    job</p>

    <p class='irc'>&lt;<cite>bblfish_</cite>&gt; ?q</p>

    <p class='irc'>&lt;<cite>bblfish_</cite>&gt; heh</p>

    <p class='irc'>&lt;<cite>Zakim</cite>&gt; tlr, you wanted to
    ask whether Paul sees any chance for the identity work to move
    into less willy-nilly space, eventually</p>

    <p class='phone'><cite>tlr:</cite> thx for the talk, paul<br />
    ... in your answer to danbri's impossible q, you sounded mildly
    frustrated<br />
    ... re work happening in a 'willy nilly' way<br />
    ... see any chance for that to fix itself over time?</p>

    <p class='phone'><cite>paul:</cite> for full disclosure, ...
    there is a project 'bingo' towards consolidating a number of
    these efforts, back into a more structured but broad
    church<br />
    ... where the church is about consistent
    messaging/marketing/ipr, not tech<br />
    ... my personal bias is that we would do better to come up with
    a broad base consolidating a number of these</p>

    <p class='irc'>&lt;<cite>dsearls2</cite>&gt; Think big tent
    instead of church.</p>

    <p class='phone'><cite>paul:</cite> but saying that i can hear
    friends of mine like dave recordon, chris messina, saying 'we
    can just hack it...'<br />
    ... but when the recession came, they took jobs at big
    companies<br />
    ... so now when they say it you have to consider the source,
    they work for google, yahoo, facebook etc</p>

    <p class='irc'>&lt;<cite>bblfish_</cite>&gt; Hey, I am
    unemployed now!</p>

    <p class='irc'>&lt;<cite>dsearls2</cite>&gt; Dave works for a
    different big co every year.</p>

    <p class='irc'>&lt;<cite>bblfish_</cite>&gt; so you can trust
    me :-)</p>

    <p class='phone'><cite>paul:</cite> you always have to figure
    out what's personal view, and what [ not wanting to say
    something unfair here ] ... looking at openid connect,
    ...<br />
    ... could be perceived as a retrospective stdisation of fb
    connect</p>

    <p class='irc'>&lt;<cite>hhalpin</cite>&gt; theres also Google
    FriendConnect</p>

    <p class='irc'>&lt;<cite>hhalpin</cite>&gt; i.e. FriendSense
    :)</p>

    <p class='phone'><cite>paul:</cite> some aren't so concerned
    for the crypto<br />
    ... and oauth hardcodes rather a lot<br />
    ... so i'm somewhat at a loss to predict what'll happen</p>

    <p class='irc'>&lt;<cite>Zakim</cite>&gt; hhalpin, you wanted
    to ask about browser integration and w3c</p>

    <p class='phone'><cite>harry:</cite> a lot of discussion
    talking more now about browser-based integration<br />
    ... w3c has some work there w/ html5, ... and w/ big browser
    makers<br />
    ... discussion before re w3c involvement has focussed on its
    membership model which can be seen as exclusive<br />
    ... do you think w3c could have a role w/ one or more
    foundations, to see if some mature tech here could go into new
    browsers?<br />
    ... possibility of stdisation (at format level? more w3c's
    thing than protocols which go better at ietf)<br />
    ... if so, what to do about the number of these
    foundations?</p>

    <p class='irc'>&lt;<cite>rreck</cite>&gt; got to go, thanks
    again</p>

    <p class='phone'><cite>harry:</cite> trying to appreciate
    thigns on a tech level, and figure out what kind of a role
    might make sense for us<br />
    ... eg. browser aspect, html5 etc happening</p>

    <p class='phone'><cite>paul:</cite> I think now is a great
    time<br />
    ... things are at a crossroads in most of the foundations<br />
    ... kantara, oidf, ... [missed last acronym]<br />
    ... dan based on your comments last week, i've mentioned to
    others there might be a new actor [=w3c] to consider</p>

    <p class='irc'>&lt;<cite>dsearls2</cite>&gt; ICF... Information
    Card Foundation</p>

    <p class='phone'><cite>paul:</cite> there is sort of this
    feeling that, from the californian web kids' perspective, ...
    that w3c isn't relevant but browser folk are, ... if you get
    mozilla to build this stuff in, that's the way to go<br />
    ... and html5 is a part of the equation<br />
    ... more discussion about getting this into browsers [ie,
    firefox, chrome] than html5<br />
    ... but that's not to say there's nothing discussed there</p>

    <p class='irc'>&lt;<cite>hhalpin</cite>&gt; also notes two
    years ago I was talking about OpenID with Hixie at TPAC :)</p>

    <p class='phone'><cite>paul:</cite> 2 years ago, w/ david
    recordon, relying party metadata stuff should be in html5</p>

    <p class='phone'>(thx dsearls2)</p>

    <p class='phone'><cite>scribe:</cite> my personal belief, that
    w3c thru html5 angle, a great place to advance this idea of
    active clients, ID in the browser, ...<br />
    ... has in past been a lot of outreach from w3c on these
    things<br />
    ... in past, ID folks also tended to talk amongst themselves,
    but not have strong links to browser world<br />
    ... speaking for info card foundation, definitely
    interested</p>

    <p class='irc'>&lt;<cite>tlr</cite>&gt; paul, I'd be happy to
    help with that sort of discussion from the W3C side</p>

    <p class='phone'><cite>scribe:</cite> and kantara, new
    chair...</p>

    <p class='phone'>(tlr, can you put that in audio, don't know if
    paul reading irc)</p>

    <p class='irc'>&lt;<cite>tlr</cite>&gt; happy to</p>

    <p class='phone'><cite>paul:</cite> some will be wary of even
    more institutionalisation<br />
    ... there are threads, eg. 'if the openid foundation doesn't do
    it, we'll just do it'</p>

    <p class='phone'>tlr, these days we are shying away from joint
    work with the ietf ...</p>

    <p class='phone'><cite>scribe:</cite> in sense of a group being
    simultatnously belong to both<br />
    ... however we are doing much more heavily coordinated work
    with them, and it is going pretty well</p>

    <p class='irc'>&lt;<cite>hhalpin</cite>&gt; The IETF does make
    sense for OpenID connect, unless OpenID Connect feels like its
    need browser integration or the W3C RF Patent Policy</p>

    <p class='phone'><cite>scribe:</cite> re paul / infocard, ...
    i'd behappy to help from w3c side<br />
    ... can take it to email and see where it goes</p>

    <p class='phone'><cite>bblfish:</cite> thx for mentioning webid
    ...<br />
    ... there has been work on linking that with SAML (from
    manchester), with [missed, SOAP??] from S/hampton<br />
    ... because semweb is an abstraction of all syntaxes that it is
    a perfect foundation for integrating all these different
    pieces; you can map anything into the sw</p>

    <p class='phone'>[any format at least? -- dan]</p>

    <p class='phone'><cite>scribe:</cite> so you can see semweb as
    a glue for all these pieces.</p>

    <p class='phone'>tlr, url for diagrams?</p>

    <p class='phone'><cite>paul:</cite> I understand, and happen to
    think semweb and linked data have a bigger role to play in
    future in identity ...</p>

    <p class='irc'>&lt;<cite>Zakim</cite>&gt; hhalpin, you wanted
    to ask about ostatus</p>

    <p class='irc'>&lt;<cite>tlr</cite>&gt; q0</p>

    <p class='phone'>hhalpin [asks about ostatus]</p>

    <p class='phone'><cite>paul:</cite> it absolutely is
    related</p>

    <p class='irc'>&lt;<cite>hhalpin</cite>&gt; ostatus framework
    hooking up to OpenID/WebID/etc.?</p>

    <p class='phone'><cite>paul:</cite> these 2 worlds have to come
    together in a coherent way<br />
    ... ostatus stuff has to come together in a coherent way<br />
    ... with the identity world<br />
    ... some admirable things happening via 'small pieces loosly
    joined'<br />
    ... ostatus is a great example of that<br />
    ... but if we step back and say 'lets look at it from ux
    perspective' [as we're doing in new kantara group]<br />
    ... moving beyond simple login, ... it is about sharing, things
    like ostatus, ... how do you make this understandable,
    coherent, simple?<br />
    ... what i've found, the need to knit things together becomes
    self-evident, and the gaps in the available technologies become
    clearer</p>

    <p class='phone'>lately am trying to be ux first, tech 2nd</p>

    <p class='irc'>&lt;<cite>hhalpin</cite>&gt; linked data has a
    fairly hostile user experience :)</p>

    <p class='phone'><cite>scribe:</cite> so there i think we need
    to think about ostatus, and about updates to linked data
    too</p>

    <p class='phone'><cite>paul:</cite> good to be here forming
    some bridges<br />
    ... diplomacy and tact may be undervalued in some community,
    but it's the only way we'll make progress in the bigger
    picture</p>

    <p class='irc'>&lt;<cite>tlr</cite>&gt; Thanks, again, Paul for
    joining!</p>

    <p class='phone'>+1, thanks Paul :)</p>

    <p class='irc'>&lt;<cite>paul</cite>&gt; My pleasure</p>

    <p class='irc'>&lt;<cite>melvster</cite>&gt; thanks paul,
    awesome call</p>

    <p class='irc'>&lt;<cite>bblfish_</cite>&gt; thanks, very
    much</p>

    <p class='irc'>&lt;<cite>bblfish_</cite>&gt; great talk</p>

    <p class='irc'>&lt;<cite>hhalpin</cite>&gt; trackbot, end
    meeting</p>

    <p class='irc'>&lt;<cite>paul</cite>&gt; Thank you all. I look
    forward to continuing</p>
  </div>

  <h2><a name="ActionSummary" id="ActionSummary">Summary of Action
  Items</a></h2><!-- Action Items -->
  [End of minutes]<br />
  <hr />

  <address>
    Minutes formatted by David Booth's <a href=
    "http://dev.w3.org/cvsweb/~checkout~/2002/scribe/scribedoc.htm">
    scribe.perl</a> version 1.135 (<a href=
    "http://dev.w3.org/cvsweb/2002/scribe/">CVS log</a>)<br />
    $Date: 2010/06/09 16:17:51 $
  </address>

  <div class="diagnostics">
    <hr />

    <h2>Scribe.perl diagnostic output</h2>[Delete this section
    before finalizing the minutes.]<br />
    <pre>
This is scribe.perl Revision: 1.135  of Date: 2009/03/02 03:52:20  
Check for newer version at <a href=
"http://dev.w3.org/cvsweb/~checkout~/2002/scribe/">http://dev.w3.org/cvsweb/~checkout~/2002/scribe/</a>

Guessing input format: RRSAgent_Text_Format (score 1.00)

Found Scribe: danbri
Inferring ScribeNick: danbri
Found ScribeNick: hhalpin
Found ScribeNick: danbri
ScribeNicks: danbri, hhalpin
Default Present: MacTed, Thomas, +1.781.416.aaaa, +1.218.296.aabb, paul, rreck, hhalpin, danbri, oshani, +1.510.931.aadd, melvster, +1.510.931.aaee
Present: MacTed Thomas +1.781.416.aaaa +1.218.296.aabb paul rreck hhalpin danbri oshani +1.510.931.aadd melvster +1.510.931.aaee
Agenda: <a href=
"http://lists.w3.org/Archives/Public/public-xg-socialweb/2010Jun/0010.html">http://lists.w3.org/Archives/Public/public-xg-socialweb/2010Jun/0010.html</a>
Found Date: 09 Jun 2010
Guessing minutes URL: <a href=
"http://www.w3.org/2010/06/09-swxg-minutes.html">http://www.w3.org/2010/06/09-swxg-minutes.html</a>
People with action items: 

</pre>[End of <a href=
"http://dev.w3.org/cvsweb/~checkout~/2002/scribe/scribedoc.htm">
    scribe.perl</a> diagnostic output]
  </div>
</body>
</html>