ghopp
/
server_playground
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
Another abandoned server code base... this is kind of an ancestor of taskrambler.
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
131 Commits
1 Branch
0 Tags
51 MiB
 
 
 
 
 
 
Tree: 58eb487ea5
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '58eb487ea5'
${ noResults }
server_playground/doc/www.w3.org/2010/06/09-swxg-minutes.html

999 lines
37 KiB
Raw Blame History

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html lang='en' xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
<head>
<meta name="generator" content=
"HTML Tidy for Linux (vers 6 November 2007), see www.w3.org" />
<title>Social Web Incubator Group Teleconference -- 09 Jun
2010</title>
<link type="text/css" rel="STYLESHEET" href=
"http://www.w3.org/StyleSheets/base.css" />
<link type="text/css" rel="STYLESHEET" href=
"http://www.w3.org/StyleSheets/public.css" />
<link type="text/css" rel="STYLESHEET" href=
"http://www.w3.org/2004/02/minutes-style.css" />
<meta content="Social Web Incubator Group Teleconference" name=
"Title" />
<meta content="text/html; charset=utf-8" http-equiv=
"Content-Type" />
</head>
<body>
<p><a href="http://www.w3.org/"><img src=
"http://www.w3.org/Icons/w3c_home" alt="W3C" border="0" height=
"48" width="72" /></a></p>
<h1>- DRAFT -</h1>
<h1>Social Web Incubator Group Teleconference</h1>
<h2>09 Jun 2010</h2>
<p><a href=
'http://lists.w3.org/Archives/Public/public-xg-socialweb/2010Jun/0010.html'>
Agenda</a></p>
<p>See also: <a href="http://www.w3.org/2010/06/09-swxg-irc">IRC
log</a></p>
<h2><a name="attendees" id="attendees">Attendees</a></h2>
<div class="intro">
<dl>
<dt>Present</dt>
<dd>MacTed, Thomas, +1.781.416.aaaa, +1.218.296.aabb, paul,
rreck, hhalpin, danbri, oshani, +1.510.931.aadd, melvster,
+1.510.931.aaee</dd>
<dt>Regrets</dt>
<dt>Chair</dt>
<dd>hhalpin</dd>
<dt>Scribe</dt>
<dd>danbri</dd>
</dl>
</div>
<h2>Contents</h2>
<ul>
<li>
<a href="#agenda">Topics</a>
<ol>
<li><a href="#item01">final report updates</a></li>
<li><a href="#item02">Paul Trethevick on the State of
Digital Identity</a></li>
</ol>
</li>
<li><a href="#ActionSummary">Summary of Action Items</a></li>
</ul>
<hr />
<div class="meeting">
<p class='phone'></p>
<p class='phone'></p>
<p class='irc'>&lt;<cite>trackbot</cite>&gt; Date: 09 June
2010</p>
<p class='irc'>&lt;<cite>MacTed</cite>&gt; paul, is that 416
number you?</p>
<p class='irc'>&lt;<cite>paul</cite>&gt; I'm on a 781
number</p>
<p class='irc'>&lt;<cite>tlr</cite>&gt; 781.416...?</p>
<p class='irc'>&lt;<cite>rreck</cite>&gt; are we meeting?</p>
<p class='irc'>&lt;<cite>rreck</cite>&gt; me too</p>
<p class='phone'>i'm having trouble geting in too</p>
<p class='irc'>&lt;<cite>tlr</cite>&gt; the UK and FR lines
seem to have issues, yes</p>
<p class='irc'>&lt;<cite>rreck</cite>&gt; afk</p>
<p class='irc'>&lt;<cite>hhalpin</cite>&gt; Mischa - can you
scribe?</p>
<p class='irc'>&lt;<cite>hhalpin</cite>&gt; scribe: danbri</p>
<p class='phone'>is the log loggering?</p>
<p class='irc'>&lt;<cite>hhalpin</cite>&gt; PROPOSED: to
approve minutes from June 2nd meeting.</p>
<p class='irc'>&lt;<cite>hhalpin</cite>&gt; <a href=
"http://www.w3.org/2010/06/02-swxg-minutes.html">http://www.w3.org/2010/06/02-swxg-minutes.html</a></p>
<p class='irc'>&lt;<cite>hhalpin</cite>&gt; +1</p>
<p class='phone'>+1</p>
<p class='irc'>&lt;<cite>hhalpin</cite>&gt; RESOLVED: approved
minutes from June 2nd meeting</p>
<p class='phone'>danbri regrets for next week (Notube f2f
project meeting)</p>
<p class='irc'>&lt;<cite>hhalpin</cite>&gt; Next Meeting:
Distributed access control languages for privacy providers, MIT
on AIR and PrimeLife on XACML</p>
<h3 id="item01">final report updates</h3>
<p class='phone'><cite>hhalpin:</cite> run-thru of final report
actions<br />
... we had several regrets<br />
... mischa started an etherpad draft</p>
<p class='irc'>&lt;<cite>hhalpin</cite>&gt; melvster: share
etherpad with the rest of the group?</p>
<p class='irc'>&lt;<cite>melvster</cite>&gt; one sec</p>
<p class='irc'>&lt;<cite>melvster</cite>&gt; just dailing
in</p>
<p class='irc'>&lt;<cite>melvster</cite>&gt; sure!</p>
<p class='irc'>&lt;<cite>melvster</cite>&gt; *work in progress*
<a href=
"http://openetherpad.org/Ea4YsoZGeU">http://openetherpad.org/Ea4YsoZGeU</a></p>
<p class='phone'><cite>hhalpin:</cite> i didn't make muh
progress on gap analysis</p>
<p class='phone'>any prog on use cases?</p>
<p class='irc'>&lt;<cite>hhalpin</cite>&gt; <a href=
"http://openetherpad.org/Ea4YsoZGeU">http://openetherpad.org/Ea4YsoZGeU</a></p>
<p class='phone'>(i dropped some messy notes into etherpad but
not done much yet)</p>
<h3 id="item02">Paul Trethevick on the State of Digital
Identity</h3>
<p class='phone'>(welcome Paul...)</p>
<p class='irc'>&lt;<cite>hhalpin</cite>&gt; <a href=
"http://www.slideshare.net/ptrevithick/swxg-201069">http://www.slideshare.net/ptrevithick/swxg-201069</a></p>
<p class='phone'>ok i won't scribe things that are in the
slides</p>
<p class='irc'>&lt;<cite>hhalpin</cite>&gt; <a href=
"http://www.slideshare.net/ptrevithick/active-clients-and-pd-ses-4452852">
http://www.slideshare.net/ptrevithick/active-clients-and-pd-ses-4452852</a></p>
<p class='phone'>who joined?</p>
<p class='irc'>&lt;<cite>hhalpin</cite>&gt; Paul, do you wish
to begin?</p>
<p class='phone'><cite>Paul:</cite> Harry asked for a few
thoughts on state of Identity industry. Hard challenge!</p>
<p class='irc'>&lt;<cite>hhalpin</cite>&gt; So we are on first
slide-deck, i.e. <a href=
"http://www.slideshare.net/ptrevithick/swxg-201069">http://www.slideshare.net/ptrevithick/swxg-201069</a></p>
<p class='phone'><cite>Paul:</cite> identity hard problem as
perceived differently in different communities<br />
... language varies by community; it 'obviously' means x to
some, something quite different / richer to others</p>
<p class='irc'>&lt;<cite>bblfish</cite>&gt; hi</p>
<p class='phone'><cite>Paul:</cite> some call that more
advanced form 'claims based' identity<br />
... you don't necessarily need to identify a person to haev an
interaction<br />
... some see authorisation as primal, identification as
secondary</p>
<p class='irc'>&lt;<cite>melvster</cite>&gt; bblfish: <a href=
"http://www.slideshare.net/ptrevithick/swxg-201069">http://www.slideshare.net/ptrevithick/swxg-201069</a></p>
<p class='phone'><cite>Paul:</cite> most of us tend to drop the
word entirely due to these kinds of confusion<br />
... i was looking yesterday at privacy aware Web definitions,
use of 'publisher', ... have to get over these kinds of
terminological problems<br />
... - requirements vary by community<br />
... idea that different people are trying to solve slightly
different problems<br />
... why do we look at this so differently?<br />
... idea of levels of assurance, eg. NIST's 4 levels<br />
... how much can relying party depend on strength of some
assertions<br />
... some need levels of assurance &gt; 1</p>
<p class='phone'>(hmm this? <a href=
"http://en.wikipedia.org/wiki/Identity_Assurance_Framework#Assurance_Level_Criteria">
http://en.wikipedia.org/wiki/Identity_Assurance_Framework#Assurance_Level_Criteria</a>
)</p>
<p class='irc'>&lt;<cite>hhalpin</cite>&gt; NIST levels are
interesting...</p>
<p class='phone'><cite>scribe:</cite> challenge here , some
feel that anything &gt; 1 is irrelevant, uninteresting<br />
... that perspective driven by high volume, low value social
web transactions<br />
... those on higher level (payment, govt) sometimes feel like
'long tail' cornercases</p><br />
.
<p class='irc'>&lt;<cite>hhalpin</cite>&gt; but the high-volume
transactions can eventually get need higher NIST level, i.e.
binding payment to your social networking account ala
Payswarm</p>
<p class='phone'><cite>scribe:</cite> also eg yesterday talked
w/ natioanl cancer institute re sharing medical records<br />
... also Verified vs self-asserted attributes<br />
... much socialweb stuff is just asserted by end users<br />
... other scenarios (reputation systems, payment systems), ...
some people / communities will look at these requirements and
say 'no thanks'<br />
... eg. equifax can issue 'bearer of assertion is &gt; 21 years
old' (but we'll reveal nothing else about them)<br />
... a lot of probs around protecting children are around lack
of verified 3rd party assertions of attributes<br />
... also req: need to aggregate from multiple different
providers<br />
... for high volume / simple sites, this isn't a problem<br />
... other use cases, you distinguish even from an ID provider
and an attribute provider</p>
<p class='irc'>&lt;<cite>hhalpin</cite>&gt; attribute
provider/identity provider an interesting distinction.</p>
<p class='phone'><cite>scribe:</cite> you can not have to keep
authenticating but can aggregate attribs [missed]</p>
<p class='phone'>[slide 5 now on slideshare]</p>
<p class='phone'><cite>scribe:</cite> linkability<br />
... this makes perfect sense to some, but too much for others
[see kim camerons laws of id ... re deployable systems]<br />
... you can agree / disagree, but this is the landscape of
[lack of ] consensus</p>
<p class='phone'>"Some uses cases require high assurance and
unlinkability (and sometimes even offline presentation of
security tokens)."</p>
<p class='phone'>submarine example; disconnected from 'net but
need to auth things internally</p>
<p class='phone'><cite>scribe:</cite> a lot of discussion
lately re levels of protection<br />
... converse of levels of assurance<br />
... coudl we could to a world where use is a party to digitally
signed contract<br />
... it's released to relying party, but the rp is bound not to
resell<br />
... for that to be non-repudiable, need ... [missed detail,
sorry]<br />
... concern that lately too much emphasis on crypto<br />
... some control, but also more on accountability, in everyday
life</p>
<p class='irc'>&lt;<cite>bblfish</cite>&gt; zakim aaee is
bblfish</p>
<p class='phone'><cite>scribe:</cite> so there are only
prototypes of tech currently that can handle this<br />
... again these are just examples of why this [consensus] is
hard<br />
... hard to build something universal, addressing all
requirements<br />
... ie. this talk might be considered something of an apology
for lack of progress given the energy/effort</p>
<p class='irc'>&lt;<cite>hhalpin</cite>&gt; no apologies needed
paul, there is clearly progress being made and the problem is
hard!</p>
<p class='phone'><cite>scribe:</cite> several community</p>
<p class='phone'>Identity Commons (2005) <a href=
"http://idcommons.net">http://idcommons.net</a></p>
<p class='phone'><cite>scribe:</cite> distinguishing open /
user centric id folk from enterprise / proprietary world (of
which i know little)</p>
<p class='phone'>IIW is the (intense, 3 day) hub of this
world</p>
<p class='phone'><cite>scribe:</cite> OpenID Foundation (2007)
<a href="http://openid.net">http://openid.net</a></p>
<p class='phone'>[ is <a href=
"http://community.livejournal.com/lj_dev/683939.html">http://community.livejournal.com/lj_dev/683939.html</a>
the 1st openid spec btw?]</p>
<p class='phone'><cite>scribe:</cite> internal competition
within openid now<br />
... different groups, perceive problem sets differently<br />
...Qs: what is the openid foundation? a broad church or an
advocacy org for one particiular protocol?</p>
<p class='phone'>dataportability? DataPortability.org
(2007)</p>
<p class='phone'><cite>scribe:</cite> struck a nerve re user
control</p>
<p class='phone'>Information Card Foundation (2008) <a href=
"http://informationcard.net">http://informationcard.net</a></p>
<p class='phone'><cite>scribe:</cite> began around ms cardspace
and oasis IMI, ...<br />
... "Next generation: Integrated with the browser. Consistent
UX across protocols including: un/pw, OpenID (to reduce
phishing), IMI (legacy), and OpenID V.Next, client side certs
(perhaps)?"<br />
... that foundation also at a crossroads<br />
... is more emphasising active clients<br />
... found some issues w/ active clients</p>
<p class='phone'>esp requiring a download, and insisting on a
single unifying protocol</p>
<p class='phone'><cite>scribe:</cite> soul-searching and next
gen work<br />
... moving beyond single protocol</p>
<p class='phone'>makign it 'better with'</p>
<p class='phone'>"Kantara (2009) - <a href=
"http://kantarainitiative.org">http://kantarainitiative.org</a></p>
<p class='phone'><cite>scribe:</cite> kinda interesting<br />
... analysis coupleyears ago, interviewed rigorously many from
ID scene<br />
... under NDA<br />
... to make a new org<br />
... they [we] concluded that we have moved into a
cross-protocol era<br />
... needed a pulling together of a number of these disperate
communities<br />
... was then the old liberty alliance, saml work<br />
... which was a response to hailstorm/passport<br />
... also openid appeared<br />
... 3 tech groups appeared<br />
... to some extent it's an unrealised objective<br />
... strategically it's right<br />
... Kantara replaced liberty alliance<br />
... and working on some crosscutting stuff</p>
<p class='phone'>( also new ones this year )</p>
<p class='phone'>a joint board, infocard and openid(?)</p>
<p class='phone'><cite>scribe:</cite> discussion of what's
missing, usability vs specs<br />
... role of biz agreements that allocate liability<br />
... joint sales efforts<br />
... obama team wanted to open govt up and use commercial ids
from industry<br />
... catalytic effect<br />
... govt said we like openid, but want also stronger
assurances, info card stuff, ... but hey we're just a
customer,...<br />
... big enough that got attention of those 2 foundations, who
self-organized and stopped quibbling<br />
... in some way stopped competing a bit<br />
... united front to the federal govt, and said 'whichever, we
see the fed govt won't enter into commercial relationships w/
for example paypal, yahoo, google, whoever... unless there are
certifiable properties, privacy characteristics, audits,
...<br />
... understand liability, ...<br />
... caused spontaneous creation of the Open Identity
Exchange</p>
<p class='phone'>(OIX?)</p>
<p class='phone'><cite>scribe:</cite> so they joined forces to
form that</p>
<p class='irc'>&lt;<cite>Zakim</cite>&gt; danbri, you wanted to
ask how messy patent situation is (what is feasible
royalty-free?)</p>
<p class='phone'>(patent talk later)</p>
<p class='phone'>kantara and others ... corporate sponsors, +
leadership council</p>
<p class='phone'>(i missed some detail)</p>
<p class='irc'>&lt;<cite>hhalpin</cite>&gt; likes the community
members and corporate sponsor model, maybe that could work for
the w3c</p>
<p class='phone'>oidf and icf ,... same governance model,
blender board, 1 member one vote, community members
outweigh</p>
<p class='phone'><cite>scribe:</cite> re participartion, indivs
and companies can join, but $100 for an indiv, in some cases
$25<br />
... in terms of how openly they operate, that could be
debated<br />
... theoretically, all open to all<br />
... but strong interpersonal relationships and personalities
are in many cases the driver of what happens than the formal
structures<br />
... has to be seen to be believed<br />
... this is not something like w3c or oasis<br />
... kantara is most formal/structure, icf more, openid
foundation</p>
<p class='phone'>they all have public archived mailing
lists</p>
<p class='phone'>all 3 have private board lists</p>
<p class='phone'>vast majority of everything is public</p>
<p class='phone'>last one, Xauth, is interesting ---</p>
<p class='phone'>--- it's a way to personalise the login
situation</p>
<p class='phone'><cite>scribe:</cite> if oyu only have an
unmodified browser, you show up with a fresh browser it can't
be customised</p>
<p class='phone'>(forgetting the CSS History hack :)</p>
<p class='phone'><cite>scribe:</cite> school of thought that
says 'browsers don't know who you are ...<br />
... nor who your preferred attribute/identity providers
are<br />
... hence the 'nascar problem', long list of logos<br />
... so a tyranny of the mega-brands<br />
... so relying parties put facebook/google/yahoo at the
top<br />
... which has a somewhat perverse effect<br />
... xauth says with html5 and some tricks, we can hack a way
for the relying party to learn what someone's prefs are<br />
... shorter list<br />
... these are ways to work around an architectural
problem<br />
... which is that browsers don't know who you are<br />
... slide 7 <a href=
"http://www.slideshare.net/ptrevithick/swxg-201069">http://www.slideshare.net/ptrevithick/swxg-201069</a><br />
... openid 2.0 (legacy openid)</p>
<p class='phone'>50k sites and growing, relying parties</p>
<p class='phone'><cite>scribe:</cite> q is where we go from
here</p>
<p class='phone'>openid has a number of problems</p>
<p class='phone'>3 key</p>
<p class='phone'>1 - OpenID-AB [Attribute Binding] - <a href=
"http://bitbucket.org/openid/ab/wiki/Home">http://bitbucket.org/openid/ab/wiki/Home</a></p>
<p class='phone'>Proposed by Nat Sakamura and others in early
2009</p>
<p class='phone'><cite>scribe:</cite> has not had much
attention yet</p>
<p class='phone'>2 - OpenID V.Next</p>
<p class='phone'>(discussed last fall and this spring at
IIW)</p>
<p class='phone'>v.Next codename for whatever appens</p>
<p class='phone'>in May, OpenID Connect proposal from David
Recordon (and social Web friends)</p>
<p class='phone'>all these 3 are breaking changes</p>
<p class='phone'>not backwards compatible</p>
<p class='phone'><cite>scribe:</cite> I don't yet see how this
is going to get resolved<br />
... openid connect is 'get a spec out there ... let's just do
it!'<br />
... caught some ppl by suprise<br />
... openid community is trying to figure out a way fwd thru all
this<br />
... I hope the earlier slides set some context for this<br />
... and difficulty in agreeing even common requirements</p>
<p class='phone'>Slide 9 -</p>
<p class='phone'>personal opinion -</p>
<p class='phone'><cite>scribe:</cite> we can't stop creation of
new protocols<br />
... open, etc<br />
... what happens a lot is much reinvention<br />
... come up with stuff, don't see what came before<br />
... do something quick/dirty that solves some problems
now<br />
... then start making it more robust<br />
... realise it isn't 80% solution, but 45%, ...<br />
... then someone new jumps in<br />
... natural cycle of reinvention<br />
... yesterday/last-night investigating webid [ie. foaf+ssl]</p>
<p class='irc'>&lt;<cite>bblfish</cite>&gt; I'd say WebId being
based on the semweb, in one protocol that can then bind all of
them together.... One can bind in OpenId for example. (not sure
about the others)</p>
<p class='phone'><cite>scribe:</cite> looks like it would solve
some fraction of use cases, has nice characteristics<br />
... but partial solution<br />
... not clear how much things will converge<br />
... or how much analogy with email, where Internet email
eventually dominated<br />
... i note that whenever we build something new that gets used,
... it is out there and not going away<br />
... and that username + password could easily stay dominant for
10+ more years<br />
... we have learned things<br />
... users don't care<br />
... they want something that makes sense to them<br />
... ux is the key to them<br />
... if you go to an RP and say 'this is great tech, saml no
infocard no openid no ...." the RP will say "well, we have to
support at least username/ password .. and i'll have to link
the accounts ...</p>
<p class='irc'>&lt;<cite>bblfish</cite>&gt; (note on above
there is work integrating WebID with SAML in Machester, with
SOAP in University of Southampton...)</p>
<p class='phone'><cite>scribe:</cite> so the RPs live in a
necessarily multi-protocol world</p>
<p class='phone'>but our communities don't organize in those
terms</p>
<p class='phone'><cite>scribe:</cite> eg create a common apache
module<br />
... this is a structural problem</p>
<p class='phone'>[ very interesting! --danbri ]</p>
<p class='phone'><cite>scribe:</cite> communities eventually
say 'oh we have overlap, need to blend things ... '<br />
... attempts to say 'here is an active client, eg. ms cardspace
'. ... it just didn't work<br />
... to use the solution, you needed 'this thing', the right
version with your OS, download it if needed, need to be on
windows, etc etc<br />
... so the idea that active clients needed for system to work
... a nonstarterr<br />
... always this locked down enterprise computer, library kiosk,
... person can't install plugin, upgrade a pc, etc ...<br />
... so lately active client ppl have a 'better with'
approach<br />
... ie. it works normally but is 'better with' the addon
(whether an ng-browser, or addon)<br />
... ppl look at 'open identity community' and they see a
swirling churning mess of people putting down each other's
stuff, partial penetration, etc<br />
... and they say 'ok, let's wait for this catfight to calm
down'<br />
... status quo, is do nothing, use a proprietary thing, if
username/password don't do it<br />
... with 1 exception: facebook connect, picking up a lot of use
across Web<br />
... they have an id tech plus attributes<br />
... last pt: the identity community, with all these nonprofits,
is not structurally in a good place to solve needs of the
marketplace<br />
... couple of specific points re socialweb<br />
... identifiers and user experience<br />
... my perception<br />
... in beginning, was 'type in your openid URI'<br />
... rough consensus: not working<br />
... they understand it only as for pages/info<br />
... doesn't work on ppl<br />
... they understand email addresses<br />
... so openid said 'click on a button'<br />
... but measured results were higher conversion rates</p>
<p class='irc'>&lt;<cite>dsearls2</cite>&gt; Hey Dan, all. It's
Doc.</p>
<p class='phone'><cite>scribe:</cite> with benefit to those at
top of list</p>
<p class='phone'>see link for logs, doc</p>
<p class='irc'>&lt;<cite>dsearls2</cite>&gt; ok</p>
<p class='phone'><cite>paul:</cite> 'people get that, re use of
email<br />
... end-user re-education is a huge issue<br />
... and now with xauth we can personalise the nascar icon list
to something more manageable<br />
... best we can do short of active client<br />
... slide 12:</p>
<p class='irc'>&lt;<cite>oshani</cite>&gt; dsearls2, here's the
slides: <a href=
"http://www.slideshare.net/ptrevithick/swxg-201069">http://www.slideshare.net/ptrevithick/swxg-201069</a></p>
<p class='phone'>attribute schemes</p>
<p class='phone'><cite>scribe:</cite> there are so many of
these things, so much overlap, ...<br />
... if you start taking view from biz point of view, that
relying party is key ,... you want that to be easy as
possible</p>
<p class='phone'>too many schemas makes RP's life hard</p>
<p class='irc'>&lt;<cite>Zakim</cite>&gt; danbri, you wanted to
ask how messy patent situation is (what is feasible
royalty-free?) and to</p>
<p class='phone'>[other deck]</p>
<p class='phone'>can you scribe harry?</p>
<p class='irc'>&lt;<cite>rreck</cite>&gt; thanks for your
presentation, it was very informative</p>
<p class='irc'>&lt;<cite>hhalpin</cite>&gt; scribenick:
hhalpin</p>
<p class='phone'><cite>danbri:</cite> any patents in identity
scene?<br />
... any idea how messy situation is?</p>
<p class='phone'><cite>paul:</cite> it doesnt get talked about
that much<br />
... varies by organization depending on struture<br />
... we try in ICF and Kantara to have IPR rules</p>
<p class='irc'>&lt;<cite>danbri</cite>&gt; (w3c history - eg
see <a href=
"http://www.w3.org/TR/P3P-analysis">http://www.w3.org/TR/P3P-analysis</a>
)</p>
<p class='phone'><cite>paul:</cite> we can tell that things
happen just willy nilly<br />
... not developed in a structure and not necessarily
ideal<br />
... pretty confusing to me<br />
... hard to know whats lurking out there, esp. with OpenID</p>
<p class='phone'><cite>danbri:</cite> if we wanted to get
something in all the browsers<br />
... could we get those vendors to commit to RF-status?</p>
<p class='phone'><cite>paul:</cite> I work in this Eclipse
Higgins project<br />
... so our patent reviews are pretty good<br />
... an explicit license is being given to contribution</p>
<p class='phone'><cite>danbri:</cite> relevant specification,
go back to paper trail to see how the W3C developed its patent
policy</p>
<p class='phone'><cite>paul:</cite> not sure re specs</p>
<p class='irc'>&lt;<cite>scribe</cite>&gt; scribenick:
danbri</p>
<p class='irc'>&lt;<cite>melvster</cite>&gt; paul: awesome
job</p>
<p class='irc'>&lt;<cite>bblfish_</cite>&gt; ?q</p>
<p class='irc'>&lt;<cite>bblfish_</cite>&gt; heh</p>
<p class='irc'>&lt;<cite>Zakim</cite>&gt; tlr, you wanted to
ask whether Paul sees any chance for the identity work to move
into less willy-nilly space, eventually</p>
<p class='phone'><cite>tlr:</cite> thx for the talk, paul<br />
... in your answer to danbri's impossible q, you sounded mildly
frustrated<br />
... re work happening in a 'willy nilly' way<br />
... see any chance for that to fix itself over time?</p>
<p class='phone'><cite>paul:</cite> for full disclosure, ...
there is a project 'bingo' towards consolidating a number of
these efforts, back into a more structured but broad
church<br />
... where the church is about consistent
messaging/marketing/ipr, not tech<br />
... my personal bias is that we would do better to come up with
a broad base consolidating a number of these</p>
<p class='irc'>&lt;<cite>dsearls2</cite>&gt; Think big tent
instead of church.</p>
<p class='phone'><cite>paul:</cite> but saying that i can hear
friends of mine like dave recordon, chris messina, saying 'we
can just hack it...'<br />
... but when the recession came, they took jobs at big
companies<br />
... so now when they say it you have to consider the source,
they work for google, yahoo, facebook etc</p>
<p class='irc'>&lt;<cite>bblfish_</cite>&gt; Hey, I am
unemployed now!</p>
<p class='irc'>&lt;<cite>dsearls2</cite>&gt; Dave works for a
different big co every year.</p>
<p class='irc'>&lt;<cite>bblfish_</cite>&gt; so you can trust
me :-)</p>
<p class='phone'><cite>paul:</cite> you always have to figure
out what's personal view, and what [ not wanting to say
something unfair here ] ... looking at openid connect,
...<br />
... could be perceived as a retrospective stdisation of fb
connect</p>
<p class='irc'>&lt;<cite>hhalpin</cite>&gt; theres also Google
FriendConnect</p>
<p class='irc'>&lt;<cite>hhalpin</cite>&gt; i.e. FriendSense
:)</p>
<p class='phone'><cite>paul:</cite> some aren't so concerned
for the crypto<br />
... and oauth hardcodes rather a lot<br />
... so i'm somewhat at a loss to predict what'll happen</p>
<p class='irc'>&lt;<cite>Zakim</cite>&gt; hhalpin, you wanted
to ask about browser integration and w3c</p>
<p class='phone'><cite>harry:</cite> a lot of discussion
talking more now about browser-based integration<br />
... w3c has some work there w/ html5, ... and w/ big browser
makers<br />
... discussion before re w3c involvement has focussed on its
membership model which can be seen as exclusive<br />
... do you think w3c could have a role w/ one or more
foundations, to see if some mature tech here could go into new
browsers?<br />
... possibility of stdisation (at format level? more w3c's
thing than protocols which go better at ietf)<br />
... if so, what to do about the number of these
foundations?</p>
<p class='irc'>&lt;<cite>rreck</cite>&gt; got to go, thanks
again</p>
<p class='phone'><cite>harry:</cite> trying to appreciate
thigns on a tech level, and figure out what kind of a role
might make sense for us<br />
... eg. browser aspect, html5 etc happening</p>
<p class='phone'><cite>paul:</cite> I think now is a great
time<br />
... things are at a crossroads in most of the foundations<br />
... kantara, oidf, ... [missed last acronym]<br />
... dan based on your comments last week, i've mentioned to
others there might be a new actor [=w3c] to consider</p>
<p class='irc'>&lt;<cite>dsearls2</cite>&gt; ICF... Information
Card Foundation</p>
<p class='phone'><cite>paul:</cite> there is sort of this
feeling that, from the californian web kids' perspective, ...
that w3c isn't relevant but browser folk are, ... if you get
mozilla to build this stuff in, that's the way to go<br />
... and html5 is a part of the equation<br />
... more discussion about getting this into browsers [ie,
firefox, chrome] than html5<br />
... but that's not to say there's nothing discussed there</p>
<p class='irc'>&lt;<cite>hhalpin</cite>&gt; also notes two
years ago I was talking about OpenID with Hixie at TPAC :)</p>
<p class='phone'><cite>paul:</cite> 2 years ago, w/ david
recordon, relying party metadata stuff should be in html5</p>
<p class='phone'>(thx dsearls2)</p>
<p class='phone'><cite>scribe:</cite> my personal belief, that
w3c thru html5 angle, a great place to advance this idea of
active clients, ID in the browser, ...<br />
... has in past been a lot of outreach from w3c on these
things<br />
... in past, ID folks also tended to talk amongst themselves,
but not have strong links to browser world<br />
... speaking for info card foundation, definitely
interested</p>
<p class='irc'>&lt;<cite>tlr</cite>&gt; paul, I'd be happy to
help with that sort of discussion from the W3C side</p>
<p class='phone'><cite>scribe:</cite> and kantara, new
chair...</p>
<p class='phone'>(tlr, can you put that in audio, don't know if
paul reading irc)</p>
<p class='irc'>&lt;<cite>tlr</cite>&gt; happy to</p>
<p class='phone'><cite>paul:</cite> some will be wary of even
more institutionalisation<br />
... there are threads, eg. 'if the openid foundation doesn't do
it, we'll just do it'</p>
<p class='phone'>tlr, these days we are shying away from joint
work with the ietf ...</p>
<p class='phone'><cite>scribe:</cite> in sense of a group being
simultatnously belong to both<br />
... however we are doing much more heavily coordinated work
with them, and it is going pretty well</p>
<p class='irc'>&lt;<cite>hhalpin</cite>&gt; The IETF does make
sense for OpenID connect, unless OpenID Connect feels like its
need browser integration or the W3C RF Patent Policy</p>
<p class='phone'><cite>scribe:</cite> re paul / infocard, ...
i'd behappy to help from w3c side<br />
... can take it to email and see where it goes</p>
<p class='phone'><cite>bblfish:</cite> thx for mentioning webid
...<br />
... there has been work on linking that with SAML (from
manchester), with [missed, SOAP??] from S/hampton<br />
... because semweb is an abstraction of all syntaxes that it is
a perfect foundation for integrating all these different
pieces; you can map anything into the sw</p>
<p class='phone'>[any format at least? -- dan]</p>
<p class='phone'><cite>scribe:</cite> so you can see semweb as
a glue for all these pieces.</p>
<p class='phone'>tlr, url for diagrams?</p>
<p class='phone'><cite>paul:</cite> I understand, and happen to
think semweb and linked data have a bigger role to play in
future in identity ...</p>
<p class='irc'>&lt;<cite>Zakim</cite>&gt; hhalpin, you wanted
to ask about ostatus</p>
<p class='irc'>&lt;<cite>tlr</cite>&gt; q0</p>
<p class='phone'>hhalpin [asks about ostatus]</p>
<p class='phone'><cite>paul:</cite> it absolutely is
related</p>
<p class='irc'>&lt;<cite>hhalpin</cite>&gt; ostatus framework
hooking up to OpenID/WebID/etc.?</p>
<p class='phone'><cite>paul:</cite> these 2 worlds have to come
together in a coherent way<br />
... ostatus stuff has to come together in a coherent way<br />
... with the identity world<br />
... some admirable things happening via 'small pieces loosly
joined'<br />
... ostatus is a great example of that<br />
... but if we step back and say 'lets look at it from ux
perspective' [as we're doing in new kantara group]<br />
... moving beyond simple login, ... it is about sharing, things
like ostatus, ... how do you make this understandable,
coherent, simple?<br />
... what i've found, the need to knit things together becomes
self-evident, and the gaps in the available technologies become
clearer</p>
<p class='phone'>lately am trying to be ux first, tech 2nd</p>
<p class='irc'>&lt;<cite>hhalpin</cite>&gt; linked data has a
fairly hostile user experience :)</p>
<p class='phone'><cite>scribe:</cite> so there i think we need
to think about ostatus, and about updates to linked data
too</p>
<p class='phone'><cite>paul:</cite> good to be here forming
some bridges<br />
... diplomacy and tact may be undervalued in some community,
but it's the only way we'll make progress in the bigger
picture</p>
<p class='irc'>&lt;<cite>tlr</cite>&gt; Thanks, again, Paul for
joining!</p>
<p class='phone'>+1, thanks Paul :)</p>
<p class='irc'>&lt;<cite>paul</cite>&gt; My pleasure</p>
<p class='irc'>&lt;<cite>melvster</cite>&gt; thanks paul,
awesome call</p>
<p class='irc'>&lt;<cite>bblfish_</cite>&gt; thanks, very
much</p>
<p class='irc'>&lt;<cite>bblfish_</cite>&gt; great talk</p>
<p class='irc'>&lt;<cite>hhalpin</cite>&gt; trackbot, end
meeting</p>
<p class='irc'>&lt;<cite>paul</cite>&gt; Thank you all. I look
forward to continuing</p>
</div>
<h2><a name="ActionSummary" id="ActionSummary">Summary of Action
Items</a></h2><!-- Action Items -->
[End of minutes]<br />
<hr />
<address>
Minutes formatted by David Booth's <a href=
"http://dev.w3.org/cvsweb/~checkout~/2002/scribe/scribedoc.htm">
scribe.perl</a> version 1.135 (<a href=
"http://dev.w3.org/cvsweb/2002/scribe/">CVS log</a>)<br />
$Date: 2010/06/09 16:17:51 $
</address>
<div class="diagnostics">
<hr />
<h2>Scribe.perl diagnostic output</h2>[Delete this section
before finalizing the minutes.]<br />
<pre>
This is scribe.perl Revision: 1.135 of Date: 2009/03/02 03:52:20
Check for newer version at <a href=
"http://dev.w3.org/cvsweb/~checkout~/2002/scribe/">http://dev.w3.org/cvsweb/~checkout~/2002/scribe/</a>
Guessing input format: RRSAgent_Text_Format (score 1.00)
Found Scribe: danbri
Inferring ScribeNick: danbri
Found ScribeNick: hhalpin
Found ScribeNick: danbri
ScribeNicks: danbri, hhalpin
Default Present: MacTed, Thomas, +1.781.416.aaaa, +1.218.296.aabb, paul, rreck, hhalpin, danbri, oshani, +1.510.931.aadd, melvster, +1.510.931.aaee
Present: MacTed Thomas +1.781.416.aaaa +1.218.296.aabb paul rreck hhalpin danbri oshani +1.510.931.aadd melvster +1.510.931.aaee
Agenda: <a href=
"http://lists.w3.org/Archives/Public/public-xg-socialweb/2010Jun/0010.html">http://lists.w3.org/Archives/Public/public-xg-socialweb/2010Jun/0010.html</a>
Found Date: 09 Jun 2010
Guessing minutes URL: <a href=
"http://www.w3.org/2010/06/09-swxg-minutes.html">http://www.w3.org/2010/06/09-swxg-minutes.html</a>
People with action items:
</pre>[End of <a href=
"http://dev.w3.org/cvsweb/~checkout~/2002/scribe/scribedoc.htm">
scribe.perl</a> diagnostic output]
</div>
</body>
</html>