[dix] WAE BOF minutes (Final cut)
Pete Resnick <presnick@qualcomm.com> Tue, 15 August 2006 17:40 UTC
Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1GD2tx-0004I2-B7; Tue, 15 Aug 2006 13:40:29 -0400
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1GD2tw-0004EZ-53 for dix@ietf.org; Tue, 15 Aug 2006 13:40:28 -0400
Received: from 216-43-25-66.ip.mcleodusa.net ([216.43.25.66] helo=episteme-software.com) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1GD2tm-0002CP-AY; Tue, 15 Aug 2006 13:40:23 -0400
Received: from [216.43.25.67] (127.0.0.1) by episteme-software.com with ESMTP (EIMS X 3.3a1); Tue, 15 Aug 2006 12:40:15 -0500
Mime-Version: 1.0
X-Sender: resnick@resnick1.qualcomm.com
Message-Id: <p07000c0ec107b484f122@[216.43.25.67]>
In-Reply-To: <630749EE-9B10-4F84-A3DB-2D83C1D5C2DC@sxip.com>
References: <630749EE-9B10-4F84-A3DB-2D83C1D5C2DC@sxip.com>
X-Mailer: Eudora [Macintosh version 7.0a12]
Date: Tue, 15 Aug 2006 12:40:14 -0500
To: Digital Identity Exchange <dix@ietf.org>
From: Pete Resnick <presnick@qualcomm.com>
Content-Type: text/plain; charset="us-ascii"; format="flowed"
X-Spam-Score: 0.1 (/)
X-Scan-Signature: 36c793b20164cfe75332aa66ddb21196
Cc: Digital Identity Exchange <dix@ietf.org>, IETF HTTP Auth <ietf-http-auth@lists.osafoundation.org>
Subject: [dix] WAE BOF minutes (Final cut)
X-BeenThere: dix@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
Reply-To: Digital Identity Exchange <dix@ietf.org>
List-Id: Digital Identity Exchange <dix.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/dix>, <mailto:dix-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www1.ietf.org/pipermail/dix>
List-Post: <mailto:dix@ietf.org>
List-Help: <mailto:dix-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/dix>, <mailto:dix-request@ietf.org?subject=subscribe>
Errors-To: dix-bounces@ietf.org
Overdue time to send these in. Please make a last check before I send them and YELL QUICKLY if there are issues. I've incorporated Eliot's notes into Dick's and cleaned up a bit. ---- Web Authentication Enhancement BOF (WAE) FRIDAY, July 14, 2006 0900-1130 Morning Session I Room 519A Chair: Pete Resnick Minutes: Dick Hardt (Additional Notes: Eliot Lear) The meeting started off with the usual agenda review. Agenda was accepted as proposed. The first item was Terminology. Reading assignment: read RFC 2828 Internet Security Glossary http://www.ietf.org/rfc/rfc2828.txt Other Glossaries mentioned: Internet Security Glossary, Version 2 http://www.ietf.org/internet-drafts/draft-shirey-secgloss-v2-04.txt SAMLv2: Glossary http://docs.oasis-open.org/security/saml/v2.0/saml-glossary-2.0-os.pdf "identity gang" lexicon http://identitygang.org/Lexicon The next item was Problems we want to solve (see agenda) A few things were added: - whitelisting - claim minimality - proof of server identity Sam Hartman made his presentation, there were a few questions. There was then additional discussion on Problems we want to solve. Additional problems non-browsing HTTP support support for existing infrastructure Cross Application Credential (XAC) There was a general concern that we could end up boiling the ocean. Grouping of problems was then started. Dick Hardt's slide was presented. Ekr initially proposed grouping the problem up as: EKR1: Non-insane replacement for HTTP digest - anti-phishing - passwords and other EKR2: Cross-site identity - "Eliot's dad problem" (easily identify yourself to multiple sites), SSO EKR3: Claim & Attribute Transferral More detailed discussion on each problem then ensued: EKR1: Fix HTTP Auth AD questions to audience concluded with: - Liaise w/ W3C on GUI - Liaise w/ APWG - Layer / Arch TBD - can stand alone, but coordinate w/ EKR2 and EKR3 EKR1 does not require EKR2 EKR2: Cross-site identifier (Eliot's dad problem was broken off to be EKR4) - raw assertions of identity are easier to trust than attributes - name subordination - existing technology, but glue work Question: Is there glue work to be done by the IETF? - no one thinks there is no glue work, 15 think there is, 15 are not sure 12 ok on work if EKR1 not happening, EKR3: Claim & Attribute Transferral - existing claims and syntaxes may be used - binds attribute assertions to underlying communication - not limited to HTTP Question: Is there glue work to be done here by the IETF? 12 support, a couple object EKR4: - eliot's dad problem part of EKR1 & EKR 2 There seem to be strong support for working on the EKR 1 and EKR 2, weak support for the EKR 3, and a general agreement that EKR 4 should not be forgotten, although it was unclear whether EKR 4 needed to be solved separately from EKR 1 and EKR 2. There also seemed to be general agreement that we should focus our efforts on fixing HTTP browsing first, non-browsing second, and not worry about cross application credentials. Lisa and the IESG now have to determine whether there should be another BoF, separate BoFs for separate working groups or to do something else. Work done by other organizations, such as W3C, also need to take into account and note needs to be taken of UI concerns. Meeting concluded 15 minutes late. -- Pete Resnick <http://www.qualcomm.com/~presnick/> QUALCOMM Incorporated - Direct phone: (858)651-4478, Fax: (858)651-1102 _______________________________________________ dix mailing list dix@ietf.org https://www1.ietf.org/mailman/listinfo/dix
- [dix] DRAFT: WAE BOF minutes Dick Hardt
- Re: [dix] DRAFT: WAE BOF minutes Eliot Lear
- Re: [dix] DRAFT: WAE BOF minutes Ben Laurie
- Re: [dix] DRAFT: WAE BOF minutes Nicolas Williams
- RE: [dix] DRAFT: WAE BOF minutes Hallam-Baker, Phillip
- [dix] the point of a standards process Joaquin Miller
- Re: [dix] DRAFT: WAE BOF minutes Nicolas Williams
- Re: [dix] DRAFT: WAE BOF minutes Eric Rescorla
- Re: [dix] DRAFT: WAE BOF minutes Nicolas Williams
- Re: [dix] DRAFT: WAE BOF minutes Jeffrey Altman
- Re: [dix] DRAFT: WAE BOF minutes Eric Rescorla
- Re: [dix] DRAFT: WAE BOF minutes Jeffrey Altman
- Re: [dix] DRAFT: WAE BOF minutes Dick Hardt
- Re: [dix] DRAFT: WAE BOF minutes Joe Orton
- Re: [dix] DRAFT: WAE BOF minutes Ben Laurie
- Re: [dix] DRAFT: WAE BOF minutes Ben Laurie
- Re: [dix] DRAFT: WAE BOF minutes Jeffrey Altman
- Re: [dix] DRAFT: WAE BOF minutes Ben Laurie
- Re: [dix] DRAFT: WAE BOF minutes Gavin Baumanis
- Re: [dix] DRAFT: WAE BOF minutes Richard Megginson
- [dix] WAE BOF minutes (Final cut) Pete Resnick
- Re: [dix] WAE BOF minutes (Final cut) Pete Resnick