[dix] DRAFT: WAE BOF minutes

To: Digital Identity Exchange <dix at ietf.org>, IETF HTTP Auth <ietf-http-auth at lists.osafoundation.org>
Subject: [dix] DRAFT: WAE BOF minutes
From: Dick Hardt <dick at sxip.com>
Date: Sat, 15 Jul 2006 13:38:04 -0400
Cc:
List-archive: <http://www1.ietf.org/pipermail/dix>
List-help: <mailto:dix-request@ietf.org?subject=help>
List-id: Digital Identity Exchange <dix.ietf.org>
List-post: <mailto:dix@ietf.org>
List-subscribe: <https://www1.ietf.org/mailman/listinfo/dix>, <mailto:dix-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www1.ietf.org/mailman/listinfo/dix>, <mailto:dix-request@ietf.org?subject=unsubscribe>
Reply-to: Digital Identity Exchange <dix at ietf.org>

The meeting started off with the usual agenda review. Agenda was accepted as proposed.

The first item was Terminology.
Reading assignment: read RFC 2828
	Internet Security Glossary
	http://www.ietf.org/rfc/rfc2828.txt
Other Glossaries mentioned:
	Internet Security Glossary, Version 2
	http://www.ietf.org/internet-drafts/draft-shirey-secgloss-v2-04.txt

	SAMLv2: Glossary
	http://docs.oasis-open.org/security/saml/v2.0/saml-glossary-2.0-os.pdf

	"identity gang" lexicon
	http://identitygang.org/Lexicon


The next item was Problems we want to solve (see agenda)
A few things were added:
	- whitelisting
	- claim minimality
	- proof of server identity

Sam Hartman made his presentation, there were a few questions.

There was then discussion on Problems we want to solve.
****** edit here -- right title? same as before

Additional problems
	non-browsing HTTP support
	support for existing infrastructure
	Cross Application Credential (XAC)

Grouping of problems was then started.
Dick Hardt's slide was presented.

Ekr proposed grouping the problem up as:

EKR1: fix http auth
	- anti-phishing
	- passwords and other

EKR2: cross-site identity, Eliot's dad, SSO

EKR3: Claim & Attribute Transferral

More detailed discussion on each problem then ensued:

EKR1: Fix HTTP Auth
AD questions to audience concluded with:
	- Liaise w/ W3C on GUI
	- Liaise w/ APWG
	- Layer / Arch TBD
	- can stand alone, but coordinate w/ EKR2 and EKR3
	EKR1 does not require EKR2

EKR2: cross-site identifier (Eliot's dad problem was broken off to be EKR4) - raw assertions of identity are easier to trust than attributes - name subordination - existing technology, but glue work Question: Is there glue work to be done by the IETF? - no one thinks there is no glue work, 15 think there is, 15 are not sure 12 ok on work if EKR1 not happening,

EKR3:Claim & Attribute Transferral
	- existing claims and syntaxes may be used
	- binds attribute assertions to underlying communication
	- not limited to HTTP
	Question: Is there glue work to be done here by the IETF?
	12 support, a couple object

EKR4:
	- eliot's dad problem
	part of EKR1 & EKR 2

Discussion if EKR1 and EKR2 required different BOFs at next IETF meeting. Clearly different drafts would be required. Best to combine group working on them.

Meeting concluded 15 minutes late.

_______________________________________________
dix mailing list
dix at ietf.org
https://www1.ietf.org/mailman/listinfo/dix

Follow-Ups:
- [dix] WAE BOF minutes (Final cut)
  - From: Pete Resnick
- Re: [dix] DRAFT: WAE BOF minutes
  - From: Eliot Lear

Prev by Date: Re: [dix] More requirements
Next by Date: Re: [dix] DRAFT: WAE BOF minutes
Previous by thread: [dix] Extant Applicable Security Glossaries
Next by thread: Re: [dix] DRAFT: WAE BOF minutes
Index(es):
- Date
- Thread

[dix] DRAFT: WAE BOF minutes

Note: Messages sent to this list are the opinions of the senders and do not imply endorsement by the IETF.