[WG-OTTO] Proposal for extending the WG charter

Mike Schwartz mike at gluu.org
Tue Jan 12 16:20:38 CST 2016


OTTO WG,

Let's discuss Rainer's proporsal at tomorrow's meeting and we can vote 
on it.

thx,

Mike



On 2016-01-12 16:14, Rainer Hoerbe wrote:
> Some time ago we discussed to design the OTTO specification in a way
> that will be useful to create SAML metadata and X.509 certificates
> from a common underlying data structure, too. Also, we talked about
> making „Trust Taxonomies“ a model to manage many circles of trust.
> I understood that we were basically in agreement. Therefore I would
> like to ask if WG members agree to extend the charter to reflect these
> goals. I think that this should be included in the first phase of the
> WG, but I am not sure about the implications on the workplan of the
> WG.
> 
> I am proposing following changes. Text in red is new:
> ===
> 
> PURPOSE
> 
> The working group will develop the basic structures needed for the
> creation of multi-party federations between OAuth2 entities. The
> intent is to create a foundation of trust and drive down the cost of
> collaboration by publishing technical and legal information. These
> structures will include the set of APIs and related data structures
> enabling an OAuth entity to manage which entities it trusts and for
> other OAuth entities to discover members of the federation and details
> of the services.
> The design will feature interoperability with other trust taxonomies
> such as SAML metadata and X.509 certificates. An underlying layer
> independent from OAuth2/SAML/X509 will enable the sharing of common
> data elements.
> Another goal is to allow the operation of many federations within an
> instance of the trust taxonomy, thus allowing an entity to be part of
> multiple federations.
> 
> The Work Group is necessary to bring together collaborators from
> existing SAML federations and the OAuth community to collaborate on a
> draft solution that meets their shared goals in this area and takes
> into account lessons learned from the past ten years of SAML.
> 
> Specifically, this Work Group is responsible for:
> 
> 	* Developing a set of use cases and requirements that are specific
> enough to guide the specification design work
> 	* Developing a set of modular draft specifications meeting these use
> cases and requirements
> 	* Overseeing the contribution of each resulting draft specification
> to a standards-setting organization
> 
> The group will target completion of the specifications by 1/15/16.
> 
> SCOPE
> 
> The APIs and data structures will enable discovery of the members of
> the federation and details about their services, key material and
> technical capabilities. The final scope will be refined after
> consideration of the use cases.
> 
> Existing SAML Federation XML structures will inform this work, but the
> data structures will not be expressed in XML but in JSON. The
> functions supported in existing SAML federations should be supported.
> Additionally, support for a more efficient and scalable discovery
> process and dynamic integration process will be considered.
> 
> DRAFT TECHNICAL SPECIFICATIONS
> 
> The following technical specifications should be produced, with
> modular spec boundaries subject to change. The specifications will
> then be submitted to appropriate standards bodies for further work and
> completion:
> 
> 	* Open Trust Taxonomy for OAuth2 and Others Use Cases
> 	* Open Trust Taxonomy for OAuth2 and Others Core Specification
> 
> ===
> 
> The WG might need another name. OTTOO (Open Trust Taxonomy for OAuth2
> and Others) or OTTOMAN (... for OAuth2 Metadata And Non-Oauth2
> metadata)?
> 
> The rationale for the wider scope is the benefit of a larger base of
> trusting entities, which would result in reduction of redundancy.
> Trust relationships may require the application of different
> protocols, creating the need to support multiple technology stacks
> such as PKIX, SAML and OIDC. E.g. a secure collaboration scenario
> might require both document signature and encryption (PKIX) and
> federated access to web applications; a federation might support both
> SAML and OIDC endpoints.
> 
> Regards, Rainer
> _______________________________________________
> WG-OTTO mailing list
> WG-OTTO at kantarainitiative.org
> http://kantarainitiative.org/mailman/listinfo/wg-otto

-- 
-------------------------------------
Michael Schwartz
Gluu
Founder / CEO
mike at gluu.org


More information about the WG-OTTO mailing list