- Time: 11:00-12:00 Eastern
- Skype: +9900827042954214
- US Dial-In: +1-201-793-9022
- Room Code: 295-4214
1) Roll Call
- Paul Trevithick
- Axel Nennker
- Philippe Clement
- Jonas Hogberg
- Bob Sunday
- Trent Adams
- Benoit Bailleux
- John Bradley
2) Approve Minutes
Minutes of last week's meeting:
3) Benoit: Wiki updades
- Paul asked how the RP discovers the IdP Selection agent to launch.
- Philippe answered that at present this issued hadn't yet been addressed. At present the assumption that the RP would have already decided on which IdP selection agent to launch.
- John: Shouldn't it really be the user that chooses the agent?
- Jonas: If you let the RP to have logic to trigger what selector to start then you get a "selector of selectors"--this sounds really complicated.
- John: the Japanese aren't likely to be selecting the Orange IdP selection agent that consumers use in France.
- Paul proposed (and all agreed) to rename the page: Inputs to the Selection UI (since the page now covered more than the RP-driven scenario; it now covers RP-driven, active client and ISA scenarios)
4) Philippe: Discuss Orange's ID Selector
- See http://kantarainitiative.org/confluence/download/attachments/37750854/ORANGE+PClement+-+EEMA+2010+v0+1.ppt
- The above link has also been added to our Related Work
- Philippe presented these slides at EEMA and EIC earlier this year
- Started off on slide 11 with a historical circle of trust with one user, one IdP, and one RP.
- Slide 12: in real life the user has multiple IdPs and multiple RPs.
- Slide 13: introduces the Orange "ISA" (IdP selection agent) – a new "forth" actor. Users can simplicity and security. RPs want to increase their audience (and now they can do so with very simple integration).
- Slide 14: Shows the ISA UI and benefits
- Slide 15: The idea emerged from early Liberty work and recent market requirements work
- Slide 16: More details of UI
- Slide 17: iPhone UX (steady state: one click to make the ISA appear, one click to choose IdP and you come back authenticated)
- John: is your existing implementation doing protocol translation?
- Benoit: yes. So this is like RPX it does translation from IdP and JanRain and then from the RP to JanRain.
- Benoit: The benefit is that the RP only a single protocol.
- Paul: Isn't the chain of trust broken?
- Bob: The ISA is acting as both a selection agent and as a IdP proxy (SAML terminology). We had discussed having two agents: proxy and selection.
- Slide 20: User guide. Quick start guide to integrate and test the Orange ID Selector in less than half a day.
- Slide 22:
- Philippe: this idea of the forth party has emerged from a wide collaborative discussion about how we need to make this easier for
- Paul: thanks very much; very interesting area. Avoco Secure, Verizon, Higgins Cloud Selector also doing interesting work in this area. Also I had some interesting conversations with some folks at IIW from InnoPay (Holland?) about the need for an aggregating "forth" party in the identity ecosystem. So lots of us thinking similar things.
- John: At one end of the spectrum XAuth allows any IdPs to add extension documents...the other end of the spectrum is knowing the user's ISA (which is less damaging than knowing the IdP/accounts the user has).