Reviewed the OTTO API's: http://gluu.co/otto-api , adding documentation and more examples especially around the filter and depth parameters that enable searching a federation's entities. We started working on a SAML vocabulary for OTTO; SCIM will be next. Proposed OTTO JSON-LD format for OpenID Fastfed syntax. No feedback on the idea, but you can see Mike's slides at http://gluu.co/fast-fed-comments
Vocabulary development is progressing. The core vocabulary for OTTO, and the first extension for OpenID Connect are done. We are currently working on the vocabulary for SAML.
One interesting development was the possible coordination of OTTO with the OpenID Foundation Fast Feds working group.
Docs are getting more ready. Here are some short links:
Much of the content for the API spec exists on the OTTO Github Readme (https://github.com/KantaraInitiative/wg-otto) and in the Swagger interface. But it needs to be xml-ified.
This month, we're working on the OpenID, Badge, and Trustmark extensions.
What's happening at OTTO?
This year we started with a talk by Roland Hedberg, primary author of OpenID Connect Federation 1.0 - draft 01. One of the unique approaches of this federation draft is the use of "metadata statements", which include information about a federation participant, and the services it offers. The IT Architect at an organization submits an initial metadata statement to the federation operator, and then system administrators and developers at the organization submit additional information about the services. All of these metadata statements are bundled into one aggregated JWT. It makes sense for OTTO to leverage the OIDC Federation spec. An OTTO federation could provide a way to publish the public key of the organization. Also, a central federation could provide discovery services for the members of the ecosystem.
Work is proceeding on developing the API's and schema for OTTO. One of the drivers is the CCICADA project, which was approved in mid January. This project is the first real world application of OTTO. Gluu had already developed an OTTO API server, but the use cases presented by this project are helping to flush out the security and schema, and will result in end-to-end testing.
In the next three months, we expect the first draft of OTTO to be complete. The primary focus will be on OpenID Connect Providers, Relying Parties, and Trustmarks.