Kantara FI-WG Teleconference

Approved by quorum on 2019-07-17 call

Date and Time

Attendees

Apologies

Agenda

  1. Roll call (QV group participation agreement - 5 of 9)
  2. Agenda bash
  3. Approval of previous meeting's minutes: https://kantarainitiative.org/confluence/x/2IDJBg
  4. Review of previous AIs:
    1. Walter: formatting revisions
  5. Review of feedback received so far: https://kantarainitiative.org/confluence/x/6IDJBg
  6. Broader community participation
    1. Note sent to the larger list as well as a couple of additional nudges sent by Colin and Rainer to specific groups.
    2. Are we making progress?
    3. Do we need to do more? If so, brainstorm additional channels.

Minutes

  1. Roll call
  2. Agenda bash -- no new topics
  3. No Quorum, therefore no minutes approval
  4. AI: Nick will ask Walter re formatting on the list [DONE]
  5. Discussion of open issues
    1. Scott needs to refresh his memory on the specs.
    2. RFC doesn’t really matter, that’s the underlying-underlying spec. It’s XML encryption that matters.
    3. There is a newer one that allows for more pluggability.
    4. AI: Scott to do some research on this and get back to the group
    5. OAEP is a pain, confusing, like six different algorithms floating around.
    6. Intent “Use the standard default function, don’t get fancy.”
    1. Issue #129 from github
  6. Minutes approved from last meeting
  7. Issue 1: contrast the two profile and reference other.
    1. No disagreements
    2. Would slot in after first paragraph
    3. AI: Nick will propose language
  8. Issue 2: Scott already has a comment
    1. Scott explains other ecosystems may not have the issue, eg federated PKI or some other trust anchor, completely trusted CAs… There are other ways to do this but not relevant to R&E feds.
    2. Scott says it’s hard to explain why the requirement is true in practice even if not in theory.
    3. Can we have a nuanced response to Rainer? We do have italicised comments …. MUST NOT is “false” unless … we need to explain the metadata verification….  NO we do need to change this to be correct.
    4. We should give examples that tie back to different ways that trust can be verified.
    5. We can say must not if we preclude other ways. SWITCH might do something different? Some R&E feds do use different patterns, but it’s not the same issue as Reiner is bringing up. Since we are trying to avoid bringing up federations, we don’t want to preclude.
    6. Let’s focus on a positive requirement -last sentence in italics.  We’ll need to turn it into a technical requirement
    7. AI: Scott will take this approach
  9. Issue 3: Ajax…. Single page apps
    1. AI: Andy will fix this one
  10. Issue 4: SP23
    1. NoOp - answered by Scott
    2. AI: Nick to ask Rainer to clarify [DONE]
  11. No thoughts on beating additional bushes for feedback --we have attracted some ….


Next Meeting

NOTE: Do not follow the code with a "#" symbol as it may cause the code not to be recognized.