Notice: This Wiki is now read only and edits are no longer possible. Please see: https://gitlab.eclipse.org/eclipsefdn/helpdesk/-/wikis/Wiki-shutdown-plan for the plan.
10.5.2006 Online Meeting
Time: 10:30 - 6:30 ET
Rough notes on an agenda; not necessarily in order:
Contents
- 1 10:30-10:40 Introductions & Administrivia
- 2 10:40 HBX & ISS (Jan Camenish) 30 min
- 3 11:10 IdAS (Jim Sermersheim) 40 min
- 4 11:50 LDAP schema (Tom Doman) 20 min
- 5 12:10 Token Issuer/STS (Mike McIntosh) 40 min
- 6 Break (1-1:30pm) 30 min
- 7 1:45pm IdAS Registry API (Greg Byrd) 15 min
- 8 2:00pm Project Overview (Paul Trevithick) 60 min
- 9 3:10pm Higgins & Microsoft/OSP (Mary Ruddy) 20 min
- 10 3:30pm Higgins & OSIS (Dale Olds) 20 min
- 11 Higgins & Identity Schemas (Paul Trevithick) 15 min
- 12 4:30pm HBX Service Discovery Proposal (Andy Dale) 20 min
- 13 5:00pm end
- 14 See Also
10:30-10:40 Introductions & Administrivia
- Get synced up on whatever online conferencing tech we want to use (e.g. to project PPTs, etc).
10:40 HBX & ISS (Jan Camenish) 30 min
- Intro: see ISS_API and Higgins_Browser_Extension
- policy language (discussion & collection of requirements). need language to specify token-request,i.e., to specify what information the user needs to supply to get access to some resource. Language format, homegrown, use RDF so that it maps into data model. Similar language to request tokens from issuer. Elements that need to be expressed:
- type of i-card
- attribute
- issuer
- recipient
- in encrypted form (under what key)
- in committed form
- arbitrary statement over attributes (e.g., age < 18)
- logical formulas over terms (AND, OR)
- backing of statement (self-signed, passport checked, .....)
- data handling policy (privacy policy stating things like purpose, retention time etc)
- HBX for graphical i-card selection (c.f. paper [1],demo [2])
- where do pictures do come from (include in certs?)
- issue with many HBXes..
11:10 IdAS (Jim Sermersheim) 40 min
- SPARQL (Examine and discuss sample queries).
- Does it meet out needs? Is it user-friendly?
- Alternate filter interface
- Consensus was to proceed with the proposed interfaces. Concerns:
- Filter should to be able to query on non-instance (calculated or reasoned) data.
- Consider making an interface for comparators.
- Other IdAS TODOs
- Idas_Architectural_Todo
- Provider/Context configuration and policy.
- Common examples of config/policy.
- Do we want to promote a commol look/feel?
- Need to pass policy to IContext. We're currently passing as metadata -- does this feel right? Also refer to issue
- Consensus was to see if it makes sense to pass Context config info at registration time.
- Remove IHasMetadata from IContext once we solve the Context configuration issue. No one can remember why we added this, nor can produce a use case for it.
- Nested Providers
- What do we need (APIs and/or config) to achieve this?
- Not discussed
- Provider/Context configuration and policy.
- Idas_Implementation_Todo
- Idas_Documentation_Todo
- Idas_Architectural_Todo
- Unit tests (proposed directory and test structure).
- Not discussed
11:50 LDAP schema (Tom Doman) 20 min
- Higgins ontology review.
- Review of Novell's LDAP schema output.
- Outstanding LDAP issues (Summary).
12:10 Token Issuer/STS (Mike McIntosh) 40 min
How Does an STS Extension get Attribute Values to Place into Claims? STS @ Subject Push With RST Token Exchange - STS Framework creates a DigitalSubject/Context? Pull From Subject IdAS Based on DigitalSubject/Context? STS @ IdP Push with RST Token Exchange - STS Framework creates a DigitalSubject/Context? Pull From Subject IdAS Based on DigitalSubject/Context? Pull From IdP IdAS Based on DigitalSubject/Context? STS @ RP Same as STS @ IdP?
Break (1-1:30pm) 30 min
1:45pm IdAS Registry API (Greg Byrd) 15 min
- Initial implementation ready, waiting for clearance to commit
- Instantiates IContextFactory objects that are listed in java.security properties file and plugins that extend org.eclipse.higgins.context extension point
- Maps context reference (URI) to factories that can (potentially) instantiate it (i.e., factory.canCreate(uri) is true)
2:00pm Project Overview (Paul Trevithick) 60 min
- Review of Higgins 1.0 Component Inventory (where we need to be)
- (Regarding automated build) People need .jar and javadoc versioned and packaged. (Jim added this)
- Review Milestone 0.6 (where we'll be at the end of November)
- How can we fill in some of the gaps?
3:10pm Higgins & Microsoft/OSP (Mary Ruddy) 20 min
- Current status, open issues, next steps WRT Microsoft
- http://wiki.eclipse.org/index.php/Draft_Response_to_Open_Specification_Promise Draft response to the OSP
Action items:
- Our approach regarding these issues WRT IBM and Sun and Eclipse
- Circulate additional language about detail on import/export
- Circulate additional language about sniffing
- To receive example plug-fest docs for inclusion
- Create link to OSIS, pending sample link
- Add comment at the top about asking for similar promise from other IP providers.
3:30pm Higgins & OSIS (Dale Olds) 20 min
- http://osis.netmesh.org/wiki/Main_Page
- Identity Commons 2.0: http://wiki.idcommons.net/
Higgins & Identity Schemas (Paul Trevithick) 15 min
- Review http://identityschemas.org
- Mention who's involved
- First telephone meeting Friday 2-3pm ET (email joaquin@acm.org for details)
- 1-620-782-8800 (Kansas)
- 7243627#
4:30pm HBX Service Discovery Proposal (Andy Dale) 20 min
- How HBX discovers the URL of a/the Higgins service to use
- Leveraging XRI and inames
- HBX-service-discovery.ppt