09-swxg-minutes.html
36.8 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html lang='en' xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
<head>
<meta name="generator" content=
"HTML Tidy for Linux (vers 6 November 2007), see www.w3.org" />
<title>Social Web Incubator Group Teleconference -- 09 Jun
2010</title>
<link type="text/css" rel="STYLESHEET" href=
"http://www.w3.org/StyleSheets/base.css" />
<link type="text/css" rel="STYLESHEET" href=
"http://www.w3.org/StyleSheets/public.css" />
<link type="text/css" rel="STYLESHEET" href=
"http://www.w3.org/2004/02/minutes-style.css" />
<meta content="Social Web Incubator Group Teleconference" name=
"Title" />
<meta content="text/html; charset=utf-8" http-equiv=
"Content-Type" />
</head>
<body>
<p><a href="http://www.w3.org/"><img src=
"http://www.w3.org/Icons/w3c_home" alt="W3C" border="0" height=
"48" width="72" /></a></p>
<h1>- DRAFT -</h1>
<h1>Social Web Incubator Group Teleconference</h1>
<h2>09 Jun 2010</h2>
<p><a href=
'http://lists.w3.org/Archives/Public/public-xg-socialweb/2010Jun/0010.html'>
Agenda</a></p>
<p>See also: <a href="http://www.w3.org/2010/06/09-swxg-irc">IRC
log</a></p>
<h2><a name="attendees" id="attendees">Attendees</a></h2>
<div class="intro">
<dl>
<dt>Present</dt>
<dd>MacTed, Thomas, +1.781.416.aaaa, +1.218.296.aabb, paul,
rreck, hhalpin, danbri, oshani, +1.510.931.aadd, melvster,
+1.510.931.aaee</dd>
<dt>Regrets</dt>
<dt>Chair</dt>
<dd>hhalpin</dd>
<dt>Scribe</dt>
<dd>danbri</dd>
</dl>
</div>
<h2>Contents</h2>
<ul>
<li>
<a href="#agenda">Topics</a>
<ol>
<li><a href="#item01">final report updates</a></li>
<li><a href="#item02">Paul Trethevick on the State of
Digital Identity</a></li>
</ol>
</li>
<li><a href="#ActionSummary">Summary of Action Items</a></li>
</ul>
<hr />
<div class="meeting">
<p class='phone'></p>
<p class='phone'></p>
<p class='irc'><<cite>trackbot</cite>> Date: 09 June
2010</p>
<p class='irc'><<cite>MacTed</cite>> paul, is that 416
number you?</p>
<p class='irc'><<cite>paul</cite>> I'm on a 781
number</p>
<p class='irc'><<cite>tlr</cite>> 781.416...?</p>
<p class='irc'><<cite>rreck</cite>> are we meeting?</p>
<p class='irc'><<cite>rreck</cite>> me too</p>
<p class='phone'>i'm having trouble geting in too</p>
<p class='irc'><<cite>tlr</cite>> the UK and FR lines
seem to have issues, yes</p>
<p class='irc'><<cite>rreck</cite>> afk</p>
<p class='irc'><<cite>hhalpin</cite>> Mischa - can you
scribe?</p>
<p class='irc'><<cite>hhalpin</cite>> scribe: danbri</p>
<p class='phone'>is the log loggering?</p>
<p class='irc'><<cite>hhalpin</cite>> PROPOSED: to
approve minutes from June 2nd meeting.</p>
<p class='irc'><<cite>hhalpin</cite>> <a href=
"http://www.w3.org/2010/06/02-swxg-minutes.html">http://www.w3.org/2010/06/02-swxg-minutes.html</a></p>
<p class='irc'><<cite>hhalpin</cite>> +1</p>
<p class='phone'>+1</p>
<p class='irc'><<cite>hhalpin</cite>> RESOLVED: approved
minutes from June 2nd meeting</p>
<p class='phone'>danbri regrets for next week (Notube f2f
project meeting)</p>
<p class='irc'><<cite>hhalpin</cite>> Next Meeting:
Distributed access control languages for privacy providers, MIT
on AIR and PrimeLife on XACML</p>
<h3 id="item01">final report updates</h3>
<p class='phone'><cite>hhalpin:</cite> run-thru of final report
actions<br />
... we had several regrets<br />
... mischa started an etherpad draft</p>
<p class='irc'><<cite>hhalpin</cite>> melvster: share
etherpad with the rest of the group?</p>
<p class='irc'><<cite>melvster</cite>> one sec</p>
<p class='irc'><<cite>melvster</cite>> just dailing
in</p>
<p class='irc'><<cite>melvster</cite>> sure!</p>
<p class='irc'><<cite>melvster</cite>> *work in progress*
<a href=
"http://openetherpad.org/Ea4YsoZGeU">http://openetherpad.org/Ea4YsoZGeU</a></p>
<p class='phone'><cite>hhalpin:</cite> i didn't make muh
progress on gap analysis</p>
<p class='phone'>any prog on use cases?</p>
<p class='irc'><<cite>hhalpin</cite>> <a href=
"http://openetherpad.org/Ea4YsoZGeU">http://openetherpad.org/Ea4YsoZGeU</a></p>
<p class='phone'>(i dropped some messy notes into etherpad but
not done much yet)</p>
<h3 id="item02">Paul Trethevick on the State of Digital
Identity</h3>
<p class='phone'>(welcome Paul...)</p>
<p class='irc'><<cite>hhalpin</cite>> <a href=
"http://www.slideshare.net/ptrevithick/swxg-201069">http://www.slideshare.net/ptrevithick/swxg-201069</a></p>
<p class='phone'>ok i won't scribe things that are in the
slides</p>
<p class='irc'><<cite>hhalpin</cite>> <a href=
"http://www.slideshare.net/ptrevithick/active-clients-and-pd-ses-4452852">
http://www.slideshare.net/ptrevithick/active-clients-and-pd-ses-4452852</a></p>
<p class='phone'>who joined?</p>
<p class='irc'><<cite>hhalpin</cite>> Paul, do you wish
to begin?</p>
<p class='phone'><cite>Paul:</cite> Harry asked for a few
thoughts on state of Identity industry. Hard challenge!</p>
<p class='irc'><<cite>hhalpin</cite>> So we are on first
slide-deck, i.e. <a href=
"http://www.slideshare.net/ptrevithick/swxg-201069">http://www.slideshare.net/ptrevithick/swxg-201069</a></p>
<p class='phone'><cite>Paul:</cite> identity hard problem as
perceived differently in different communities<br />
... language varies by community; it 'obviously' means x to
some, something quite different / richer to others</p>
<p class='irc'><<cite>bblfish</cite>> hi</p>
<p class='phone'><cite>Paul:</cite> some call that more
advanced form 'claims based' identity<br />
... you don't necessarily need to identify a person to haev an
interaction<br />
... some see authorisation as primal, identification as
secondary</p>
<p class='irc'><<cite>melvster</cite>> bblfish: <a href=
"http://www.slideshare.net/ptrevithick/swxg-201069">http://www.slideshare.net/ptrevithick/swxg-201069</a></p>
<p class='phone'><cite>Paul:</cite> most of us tend to drop the
word entirely due to these kinds of confusion<br />
... i was looking yesterday at privacy aware Web definitions,
use of 'publisher', ... have to get over these kinds of
terminological problems<br />
... - requirements vary by community<br />
... idea that different people are trying to solve slightly
different problems<br />
... why do we look at this so differently?<br />
... idea of levels of assurance, eg. NIST's 4 levels<br />
... how much can relying party depend on strength of some
assertions<br />
... some need levels of assurance > 1</p>
<p class='phone'>(hmm this? <a href=
"http://en.wikipedia.org/wiki/Identity_Assurance_Framework#Assurance_Level_Criteria">
http://en.wikipedia.org/wiki/Identity_Assurance_Framework#Assurance_Level_Criteria</a>
)</p>
<p class='irc'><<cite>hhalpin</cite>> NIST levels are
interesting...</p>
<p class='phone'><cite>scribe:</cite> challenge here , some
feel that anything > 1 is irrelevant, uninteresting<br />
... that perspective driven by high volume, low value social
web transactions<br />
... those on higher level (payment, govt) sometimes feel like
'long tail' cornercases</p><br />
.
<p class='irc'><<cite>hhalpin</cite>> but the high-volume
transactions can eventually get need higher NIST level, i.e.
binding payment to your social networking account ala
Payswarm</p>
<p class='phone'><cite>scribe:</cite> also eg yesterday talked
w/ natioanl cancer institute re sharing medical records<br />
... also Verified vs self-asserted attributes<br />
... much socialweb stuff is just asserted by end users<br />
... other scenarios (reputation systems, payment systems), ...
some people / communities will look at these requirements and
say 'no thanks'<br />
... eg. equifax can issue 'bearer of assertion is > 21 years
old' (but we'll reveal nothing else about them)<br />
... a lot of probs around protecting children are around lack
of verified 3rd party assertions of attributes<br />
... also req: need to aggregate from multiple different
providers<br />
... for high volume / simple sites, this isn't a problem<br />
... other use cases, you distinguish even from an ID provider
and an attribute provider</p>
<p class='irc'><<cite>hhalpin</cite>> attribute
provider/identity provider an interesting distinction.</p>
<p class='phone'><cite>scribe:</cite> you can not have to keep
authenticating but can aggregate attribs [missed]</p>
<p class='phone'>[slide 5 now on slideshare]</p>
<p class='phone'><cite>scribe:</cite> linkability<br />
... this makes perfect sense to some, but too much for others
[see kim camerons laws of id ... re deployable systems]<br />
... you can agree / disagree, but this is the landscape of
[lack of ] consensus</p>
<p class='phone'>"Some uses cases require high assurance and
unlinkability (and sometimes even offline presentation of
security tokens)."</p>
<p class='phone'>submarine example; disconnected from 'net but
need to auth things internally</p>
<p class='phone'><cite>scribe:</cite> a lot of discussion
lately re levels of protection<br />
... converse of levels of assurance<br />
... coudl we could to a world where use is a party to digitally
signed contract<br />
... it's released to relying party, but the rp is bound not to
resell<br />
... for that to be non-repudiable, need ... [missed detail,
sorry]<br />
... concern that lately too much emphasis on crypto<br />
... some control, but also more on accountability, in everyday
life</p>
<p class='irc'><<cite>bblfish</cite>> zakim aaee is
bblfish</p>
<p class='phone'><cite>scribe:</cite> so there are only
prototypes of tech currently that can handle this<br />
... again these are just examples of why this [consensus] is
hard<br />
... hard to build something universal, addressing all
requirements<br />
... ie. this talk might be considered something of an apology
for lack of progress given the energy/effort</p>
<p class='irc'><<cite>hhalpin</cite>> no apologies needed
paul, there is clearly progress being made and the problem is
hard!</p>
<p class='phone'><cite>scribe:</cite> several community</p>
<p class='phone'>Identity Commons (2005) <a href=
"http://idcommons.net">http://idcommons.net</a></p>
<p class='phone'><cite>scribe:</cite> distinguishing open /
user centric id folk from enterprise / proprietary world (of
which i know little)</p>
<p class='phone'>IIW is the (intense, 3 day) hub of this
world</p>
<p class='phone'><cite>scribe:</cite> OpenID Foundation (2007)
<a href="http://openid.net">http://openid.net</a></p>
<p class='phone'>[ is <a href=
"http://community.livejournal.com/lj_dev/683939.html">http://community.livejournal.com/lj_dev/683939.html</a>
the 1st openid spec btw?]</p>
<p class='phone'><cite>scribe:</cite> internal competition
within openid now<br />
... different groups, perceive problem sets differently<br />
...Qs: what is the openid foundation? a broad church or an
advocacy org for one particiular protocol?</p>
<p class='phone'>dataportability? DataPortability.org
(2007)</p>
<p class='phone'><cite>scribe:</cite> struck a nerve re user
control</p>
<p class='phone'>Information Card Foundation (2008) <a href=
"http://informationcard.net">http://informationcard.net</a></p>
<p class='phone'><cite>scribe:</cite> began around ms cardspace
and oasis IMI, ...<br />
... "Next generation: Integrated with the browser. Consistent
UX across protocols including: un/pw, OpenID (to reduce
phishing), IMI (legacy), and OpenID V.Next, client side certs
(perhaps)?"<br />
... that foundation also at a crossroads<br />
... is more emphasising active clients<br />
... found some issues w/ active clients</p>
<p class='phone'>esp requiring a download, and insisting on a
single unifying protocol</p>
<p class='phone'><cite>scribe:</cite> soul-searching and next
gen work<br />
... moving beyond single protocol</p>
<p class='phone'>makign it 'better with'</p>
<p class='phone'>"Kantara (2009) - <a href=
"http://kantarainitiative.org">http://kantarainitiative.org</a></p>
<p class='phone'><cite>scribe:</cite> kinda interesting<br />
... analysis coupleyears ago, interviewed rigorously many from
ID scene<br />
... under NDA<br />
... to make a new org<br />
... they [we] concluded that we have moved into a
cross-protocol era<br />
... needed a pulling together of a number of these disperate
communities<br />
... was then the old liberty alliance, saml work<br />
... which was a response to hailstorm/passport<br />
... also openid appeared<br />
... 3 tech groups appeared<br />
... to some extent it's an unrealised objective<br />
... strategically it's right<br />
... Kantara replaced liberty alliance<br />
... and working on some crosscutting stuff</p>
<p class='phone'>( also new ones this year )</p>
<p class='phone'>a joint board, infocard and openid(?)</p>
<p class='phone'><cite>scribe:</cite> discussion of what's
missing, usability vs specs<br />
... role of biz agreements that allocate liability<br />
... joint sales efforts<br />
... obama team wanted to open govt up and use commercial ids
from industry<br />
... catalytic effect<br />
... govt said we like openid, but want also stronger
assurances, info card stuff, ... but hey we're just a
customer,...<br />
... big enough that got attention of those 2 foundations, who
self-organized and stopped quibbling<br />
... in some way stopped competing a bit<br />
... united front to the federal govt, and said 'whichever, we
see the fed govt won't enter into commercial relationships w/
for example paypal, yahoo, google, whoever... unless there are
certifiable properties, privacy characteristics, audits,
...<br />
... understand liability, ...<br />
... caused spontaneous creation of the Open Identity
Exchange</p>
<p class='phone'>(OIX?)</p>
<p class='phone'><cite>scribe:</cite> so they joined forces to
form that</p>
<p class='irc'><<cite>Zakim</cite>> danbri, you wanted to
ask how messy patent situation is (what is feasible
royalty-free?)</p>
<p class='phone'>(patent talk later)</p>
<p class='phone'>kantara and others ... corporate sponsors, +
leadership council</p>
<p class='phone'>(i missed some detail)</p>
<p class='irc'><<cite>hhalpin</cite>> likes the community
members and corporate sponsor model, maybe that could work for
the w3c</p>
<p class='phone'>oidf and icf ,... same governance model,
blender board, 1 member one vote, community members
outweigh</p>
<p class='phone'><cite>scribe:</cite> re participartion, indivs
and companies can join, but $100 for an indiv, in some cases
$25<br />
... in terms of how openly they operate, that could be
debated<br />
... theoretically, all open to all<br />
... but strong interpersonal relationships and personalities
are in many cases the driver of what happens than the formal
structures<br />
... has to be seen to be believed<br />
... this is not something like w3c or oasis<br />
... kantara is most formal/structure, icf more, openid
foundation</p>
<p class='phone'>they all have public archived mailing
lists</p>
<p class='phone'>all 3 have private board lists</p>
<p class='phone'>vast majority of everything is public</p>
<p class='phone'>last one, Xauth, is interesting ---</p>
<p class='phone'>--- it's a way to personalise the login
situation</p>
<p class='phone'><cite>scribe:</cite> if oyu only have an
unmodified browser, you show up with a fresh browser it can't
be customised</p>
<p class='phone'>(forgetting the CSS History hack :)</p>
<p class='phone'><cite>scribe:</cite> school of thought that
says 'browsers don't know who you are ...<br />
... nor who your preferred attribute/identity providers
are<br />
... hence the 'nascar problem', long list of logos<br />
... so a tyranny of the mega-brands<br />
... so relying parties put facebook/google/yahoo at the
top<br />
... which has a somewhat perverse effect<br />
... xauth says with html5 and some tricks, we can hack a way
for the relying party to learn what someone's prefs are<br />
... shorter list<br />
... these are ways to work around an architectural
problem<br />
... which is that browsers don't know who you are<br />
... slide 7 <a href=
"http://www.slideshare.net/ptrevithick/swxg-201069">http://www.slideshare.net/ptrevithick/swxg-201069</a><br />
... openid 2.0 (legacy openid)</p>
<p class='phone'>50k sites and growing, relying parties</p>
<p class='phone'><cite>scribe:</cite> q is where we go from
here</p>
<p class='phone'>openid has a number of problems</p>
<p class='phone'>3 key</p>
<p class='phone'>1 - OpenID-AB [Attribute Binding] - <a href=
"http://bitbucket.org/openid/ab/wiki/Home">http://bitbucket.org/openid/ab/wiki/Home</a></p>
<p class='phone'>Proposed by Nat Sakamura and others in early
2009</p>
<p class='phone'><cite>scribe:</cite> has not had much
attention yet</p>
<p class='phone'>2 - OpenID V.Next</p>
<p class='phone'>(discussed last fall and this spring at
IIW)</p>
<p class='phone'>v.Next codename for whatever appens</p>
<p class='phone'>in May, OpenID Connect proposal from David
Recordon (and social Web friends)</p>
<p class='phone'>all these 3 are breaking changes</p>
<p class='phone'>not backwards compatible</p>
<p class='phone'><cite>scribe:</cite> I don't yet see how this
is going to get resolved<br />
... openid connect is 'get a spec out there ... let's just do
it!'<br />
... caught some ppl by suprise<br />
... openid community is trying to figure out a way fwd thru all
this<br />
... I hope the earlier slides set some context for this<br />
... and difficulty in agreeing even common requirements</p>
<p class='phone'>Slide 9 -</p>
<p class='phone'>personal opinion -</p>
<p class='phone'><cite>scribe:</cite> we can't stop creation of
new protocols<br />
... open, etc<br />
... what happens a lot is much reinvention<br />
... come up with stuff, don't see what came before<br />
... do something quick/dirty that solves some problems
now<br />
... then start making it more robust<br />
... realise it isn't 80% solution, but 45%, ...<br />
... then someone new jumps in<br />
... natural cycle of reinvention<br />
... yesterday/last-night investigating webid [ie. foaf+ssl]</p>
<p class='irc'><<cite>bblfish</cite>> I'd say WebId being
based on the semweb, in one protocol that can then bind all of
them together.... One can bind in OpenId for example. (not sure
about the others)</p>
<p class='phone'><cite>scribe:</cite> looks like it would solve
some fraction of use cases, has nice characteristics<br />
... but partial solution<br />
... not clear how much things will converge<br />
... or how much analogy with email, where Internet email
eventually dominated<br />
... i note that whenever we build something new that gets used,
... it is out there and not going away<br />
... and that username + password could easily stay dominant for
10+ more years<br />
... we have learned things<br />
... users don't care<br />
... they want something that makes sense to them<br />
... ux is the key to them<br />
... if you go to an RP and say 'this is great tech, saml no
infocard no openid no ...." the RP will say "well, we have to
support at least username/ password .. and i'll have to link
the accounts ...</p>
<p class='irc'><<cite>bblfish</cite>> (note on above
there is work integrating WebID with SAML in Machester, with
SOAP in University of Southampton...)</p>
<p class='phone'><cite>scribe:</cite> so the RPs live in a
necessarily multi-protocol world</p>
<p class='phone'>but our communities don't organize in those
terms</p>
<p class='phone'><cite>scribe:</cite> eg create a common apache
module<br />
... this is a structural problem</p>
<p class='phone'>[ very interesting! --danbri ]</p>
<p class='phone'><cite>scribe:</cite> communities eventually
say 'oh we have overlap, need to blend things ... '<br />
... attempts to say 'here is an active client, eg. ms cardspace
'. ... it just didn't work<br />
... to use the solution, you needed 'this thing', the right
version with your OS, download it if needed, need to be on
windows, etc etc<br />
... so the idea that active clients needed for system to work
... a nonstarterr<br />
... always this locked down enterprise computer, library kiosk,
... person can't install plugin, upgrade a pc, etc ...<br />
... so lately active client ppl have a 'better with'
approach<br />
... ie. it works normally but is 'better with' the addon
(whether an ng-browser, or addon)<br />
... ppl look at 'open identity community' and they see a
swirling churning mess of people putting down each other's
stuff, partial penetration, etc<br />
... and they say 'ok, let's wait for this catfight to calm
down'<br />
... status quo, is do nothing, use a proprietary thing, if
username/password don't do it<br />
... with 1 exception: facebook connect, picking up a lot of use
across Web<br />
... they have an id tech plus attributes<br />
... last pt: the identity community, with all these nonprofits,
is not structurally in a good place to solve needs of the
marketplace<br />
... couple of specific points re socialweb<br />
... identifiers and user experience<br />
... my perception<br />
... in beginning, was 'type in your openid URI'<br />
... rough consensus: not working<br />
... they understand it only as for pages/info<br />
... doesn't work on ppl<br />
... they understand email addresses<br />
... so openid said 'click on a button'<br />
... but measured results were higher conversion rates</p>
<p class='irc'><<cite>dsearls2</cite>> Hey Dan, all. It's
Doc.</p>
<p class='phone'><cite>scribe:</cite> with benefit to those at
top of list</p>
<p class='phone'>see link for logs, doc</p>
<p class='irc'><<cite>dsearls2</cite>> ok</p>
<p class='phone'><cite>paul:</cite> 'people get that, re use of
email<br />
... end-user re-education is a huge issue<br />
... and now with xauth we can personalise the nascar icon list
to something more manageable<br />
... best we can do short of active client<br />
... slide 12:</p>
<p class='irc'><<cite>oshani</cite>> dsearls2, here's the
slides: <a href=
"http://www.slideshare.net/ptrevithick/swxg-201069">http://www.slideshare.net/ptrevithick/swxg-201069</a></p>
<p class='phone'>attribute schemes</p>
<p class='phone'><cite>scribe:</cite> there are so many of
these things, so much overlap, ...<br />
... if you start taking view from biz point of view, that
relying party is key ,... you want that to be easy as
possible</p>
<p class='phone'>too many schemas makes RP's life hard</p>
<p class='irc'><<cite>Zakim</cite>> danbri, you wanted to
ask how messy patent situation is (what is feasible
royalty-free?) and to</p>
<p class='phone'>[other deck]</p>
<p class='phone'>can you scribe harry?</p>
<p class='irc'><<cite>rreck</cite>> thanks for your
presentation, it was very informative</p>
<p class='irc'><<cite>hhalpin</cite>> scribenick:
hhalpin</p>
<p class='phone'><cite>danbri:</cite> any patents in identity
scene?<br />
... any idea how messy situation is?</p>
<p class='phone'><cite>paul:</cite> it doesnt get talked about
that much<br />
... varies by organization depending on struture<br />
... we try in ICF and Kantara to have IPR rules</p>
<p class='irc'><<cite>danbri</cite>> (w3c history - eg
see <a href=
"http://www.w3.org/TR/P3P-analysis">http://www.w3.org/TR/P3P-analysis</a>
)</p>
<p class='phone'><cite>paul:</cite> we can tell that things
happen just willy nilly<br />
... not developed in a structure and not necessarily
ideal<br />
... pretty confusing to me<br />
... hard to know whats lurking out there, esp. with OpenID</p>
<p class='phone'><cite>danbri:</cite> if we wanted to get
something in all the browsers<br />
... could we get those vendors to commit to RF-status?</p>
<p class='phone'><cite>paul:</cite> I work in this Eclipse
Higgins project<br />
... so our patent reviews are pretty good<br />
... an explicit license is being given to contribution</p>
<p class='phone'><cite>danbri:</cite> relevant specification,
go back to paper trail to see how the W3C developed its patent
policy</p>
<p class='phone'><cite>paul:</cite> not sure re specs</p>
<p class='irc'><<cite>scribe</cite>> scribenick:
danbri</p>
<p class='irc'><<cite>melvster</cite>> paul: awesome
job</p>
<p class='irc'><<cite>bblfish_</cite>> ?q</p>
<p class='irc'><<cite>bblfish_</cite>> heh</p>
<p class='irc'><<cite>Zakim</cite>> tlr, you wanted to
ask whether Paul sees any chance for the identity work to move
into less willy-nilly space, eventually</p>
<p class='phone'><cite>tlr:</cite> thx for the talk, paul<br />
... in your answer to danbri's impossible q, you sounded mildly
frustrated<br />
... re work happening in a 'willy nilly' way<br />
... see any chance for that to fix itself over time?</p>
<p class='phone'><cite>paul:</cite> for full disclosure, ...
there is a project 'bingo' towards consolidating a number of
these efforts, back into a more structured but broad
church<br />
... where the church is about consistent
messaging/marketing/ipr, not tech<br />
... my personal bias is that we would do better to come up with
a broad base consolidating a number of these</p>
<p class='irc'><<cite>dsearls2</cite>> Think big tent
instead of church.</p>
<p class='phone'><cite>paul:</cite> but saying that i can hear
friends of mine like dave recordon, chris messina, saying 'we
can just hack it...'<br />
... but when the recession came, they took jobs at big
companies<br />
... so now when they say it you have to consider the source,
they work for google, yahoo, facebook etc</p>
<p class='irc'><<cite>bblfish_</cite>> Hey, I am
unemployed now!</p>
<p class='irc'><<cite>dsearls2</cite>> Dave works for a
different big co every year.</p>
<p class='irc'><<cite>bblfish_</cite>> so you can trust
me :-)</p>
<p class='phone'><cite>paul:</cite> you always have to figure
out what's personal view, and what [ not wanting to say
something unfair here ] ... looking at openid connect,
...<br />
... could be perceived as a retrospective stdisation of fb
connect</p>
<p class='irc'><<cite>hhalpin</cite>> theres also Google
FriendConnect</p>
<p class='irc'><<cite>hhalpin</cite>> i.e. FriendSense
:)</p>
<p class='phone'><cite>paul:</cite> some aren't so concerned
for the crypto<br />
... and oauth hardcodes rather a lot<br />
... so i'm somewhat at a loss to predict what'll happen</p>
<p class='irc'><<cite>Zakim</cite>> hhalpin, you wanted
to ask about browser integration and w3c</p>
<p class='phone'><cite>harry:</cite> a lot of discussion
talking more now about browser-based integration<br />
... w3c has some work there w/ html5, ... and w/ big browser
makers<br />
... discussion before re w3c involvement has focussed on its
membership model which can be seen as exclusive<br />
... do you think w3c could have a role w/ one or more
foundations, to see if some mature tech here could go into new
browsers?<br />
... possibility of stdisation (at format level? more w3c's
thing than protocols which go better at ietf)<br />
... if so, what to do about the number of these
foundations?</p>
<p class='irc'><<cite>rreck</cite>> got to go, thanks
again</p>
<p class='phone'><cite>harry:</cite> trying to appreciate
thigns on a tech level, and figure out what kind of a role
might make sense for us<br />
... eg. browser aspect, html5 etc happening</p>
<p class='phone'><cite>paul:</cite> I think now is a great
time<br />
... things are at a crossroads in most of the foundations<br />
... kantara, oidf, ... [missed last acronym]<br />
... dan based on your comments last week, i've mentioned to
others there might be a new actor [=w3c] to consider</p>
<p class='irc'><<cite>dsearls2</cite>> ICF... Information
Card Foundation</p>
<p class='phone'><cite>paul:</cite> there is sort of this
feeling that, from the californian web kids' perspective, ...
that w3c isn't relevant but browser folk are, ... if you get
mozilla to build this stuff in, that's the way to go<br />
... and html5 is a part of the equation<br />
... more discussion about getting this into browsers [ie,
firefox, chrome] than html5<br />
... but that's not to say there's nothing discussed there</p>
<p class='irc'><<cite>hhalpin</cite>> also notes two
years ago I was talking about OpenID with Hixie at TPAC :)</p>
<p class='phone'><cite>paul:</cite> 2 years ago, w/ david
recordon, relying party metadata stuff should be in html5</p>
<p class='phone'>(thx dsearls2)</p>
<p class='phone'><cite>scribe:</cite> my personal belief, that
w3c thru html5 angle, a great place to advance this idea of
active clients, ID in the browser, ...<br />
... has in past been a lot of outreach from w3c on these
things<br />
... in past, ID folks also tended to talk amongst themselves,
but not have strong links to browser world<br />
... speaking for info card foundation, definitely
interested</p>
<p class='irc'><<cite>tlr</cite>> paul, I'd be happy to
help with that sort of discussion from the W3C side</p>
<p class='phone'><cite>scribe:</cite> and kantara, new
chair...</p>
<p class='phone'>(tlr, can you put that in audio, don't know if
paul reading irc)</p>
<p class='irc'><<cite>tlr</cite>> happy to</p>
<p class='phone'><cite>paul:</cite> some will be wary of even
more institutionalisation<br />
... there are threads, eg. 'if the openid foundation doesn't do
it, we'll just do it'</p>
<p class='phone'>tlr, these days we are shying away from joint
work with the ietf ...</p>
<p class='phone'><cite>scribe:</cite> in sense of a group being
simultatnously belong to both<br />
... however we are doing much more heavily coordinated work
with them, and it is going pretty well</p>
<p class='irc'><<cite>hhalpin</cite>> The IETF does make
sense for OpenID connect, unless OpenID Connect feels like its
need browser integration or the W3C RF Patent Policy</p>
<p class='phone'><cite>scribe:</cite> re paul / infocard, ...
i'd behappy to help from w3c side<br />
... can take it to email and see where it goes</p>
<p class='phone'><cite>bblfish:</cite> thx for mentioning webid
...<br />
... there has been work on linking that with SAML (from
manchester), with [missed, SOAP??] from S/hampton<br />
... because semweb is an abstraction of all syntaxes that it is
a perfect foundation for integrating all these different
pieces; you can map anything into the sw</p>
<p class='phone'>[any format at least? -- dan]</p>
<p class='phone'><cite>scribe:</cite> so you can see semweb as
a glue for all these pieces.</p>
<p class='phone'>tlr, url for diagrams?</p>
<p class='phone'><cite>paul:</cite> I understand, and happen to
think semweb and linked data have a bigger role to play in
future in identity ...</p>
<p class='irc'><<cite>Zakim</cite>> hhalpin, you wanted
to ask about ostatus</p>
<p class='irc'><<cite>tlr</cite>> q0</p>
<p class='phone'>hhalpin [asks about ostatus]</p>
<p class='phone'><cite>paul:</cite> it absolutely is
related</p>
<p class='irc'><<cite>hhalpin</cite>> ostatus framework
hooking up to OpenID/WebID/etc.?</p>
<p class='phone'><cite>paul:</cite> these 2 worlds have to come
together in a coherent way<br />
... ostatus stuff has to come together in a coherent way<br />
... with the identity world<br />
... some admirable things happening via 'small pieces loosly
joined'<br />
... ostatus is a great example of that<br />
... but if we step back and say 'lets look at it from ux
perspective' [as we're doing in new kantara group]<br />
... moving beyond simple login, ... it is about sharing, things
like ostatus, ... how do you make this understandable,
coherent, simple?<br />
... what i've found, the need to knit things together becomes
self-evident, and the gaps in the available technologies become
clearer</p>
<p class='phone'>lately am trying to be ux first, tech 2nd</p>
<p class='irc'><<cite>hhalpin</cite>> linked data has a
fairly hostile user experience :)</p>
<p class='phone'><cite>scribe:</cite> so there i think we need
to think about ostatus, and about updates to linked data
too</p>
<p class='phone'><cite>paul:</cite> good to be here forming
some bridges<br />
... diplomacy and tact may be undervalued in some community,
but it's the only way we'll make progress in the bigger
picture</p>
<p class='irc'><<cite>tlr</cite>> Thanks, again, Paul for
joining!</p>
<p class='phone'>+1, thanks Paul :)</p>
<p class='irc'><<cite>paul</cite>> My pleasure</p>
<p class='irc'><<cite>melvster</cite>> thanks paul,
awesome call</p>
<p class='irc'><<cite>bblfish_</cite>> thanks, very
much</p>
<p class='irc'><<cite>bblfish_</cite>> great talk</p>
<p class='irc'><<cite>hhalpin</cite>> trackbot, end
meeting</p>
<p class='irc'><<cite>paul</cite>> Thank you all. I look
forward to continuing</p>
</div>
<h2><a name="ActionSummary" id="ActionSummary">Summary of Action
Items</a></h2><!-- Action Items -->
[End of minutes]<br />
<hr />
<address>
Minutes formatted by David Booth's <a href=
"http://dev.w3.org/cvsweb/~checkout~/2002/scribe/scribedoc.htm">
scribe.perl</a> version 1.135 (<a href=
"http://dev.w3.org/cvsweb/2002/scribe/">CVS log</a>)<br />
$Date: 2010/06/09 16:17:51 $
</address>
<div class="diagnostics">
<hr />
<h2>Scribe.perl diagnostic output</h2>[Delete this section
before finalizing the minutes.]<br />
<pre>
This is scribe.perl Revision: 1.135 of Date: 2009/03/02 03:52:20
Check for newer version at <a href=
"http://dev.w3.org/cvsweb/~checkout~/2002/scribe/">http://dev.w3.org/cvsweb/~checkout~/2002/scribe/</a>
Guessing input format: RRSAgent_Text_Format (score 1.00)
Found Scribe: danbri
Inferring ScribeNick: danbri
Found ScribeNick: hhalpin
Found ScribeNick: danbri
ScribeNicks: danbri, hhalpin
Default Present: MacTed, Thomas, +1.781.416.aaaa, +1.218.296.aabb, paul, rreck, hhalpin, danbri, oshani, +1.510.931.aadd, melvster, +1.510.931.aaee
Present: MacTed Thomas +1.781.416.aaaa +1.218.296.aabb paul rreck hhalpin danbri oshani +1.510.931.aadd melvster +1.510.931.aaee
Agenda: <a href=
"http://lists.w3.org/Archives/Public/public-xg-socialweb/2010Jun/0010.html">http://lists.w3.org/Archives/Public/public-xg-socialweb/2010Jun/0010.html</a>
Found Date: 09 Jun 2010
Guessing minutes URL: <a href=
"http://www.w3.org/2010/06/09-swxg-minutes.html">http://www.w3.org/2010/06/09-swxg-minutes.html</a>
People with action items:
</pre>[End of <a href=
"http://dev.w3.org/cvsweb/~checkout~/2002/scribe/scribedoc.htm">
scribe.perl</a> diagnostic output]
</div>
</body>
</html>