IRC log of swxg on 2010-06-09

Timestamps are in UTC.

14:59:58 [RRSAgent]
RRSAgent has joined #swxg
14:59:58 [RRSAgent]
logging to http://www.w3.org/2010/06/09-swxg-irc
15:00:00 [trackbot]
RRSAgent, make logs world
15:00:00 [Zakim]
Zakim has joined #swxg
15:00:02 [trackbot]
Zakim, this will be 7994
15:00:02 [Zakim]
ok, trackbot; I see INC_SWXG()11:00AM scheduled to start now
15:00:03 [trackbot]
Meeting: Social Web Incubator Group Teleconference
15:00:03 [trackbot]
Date: 09 June 2010
15:00:45 [Zakim]
INC_SWXG()11:00AM has now started
15:00:52 [Zakim]
+OpenLink_Software
15:01:06 [MacTed]
Zakim, OpenLink_Software is temporarily me
15:01:06 [Zakim]
+MacTed; got it
15:01:41 [tlr]
zakim, call thomas-781
15:01:41 [Zakim]
ok, tlr; the call is being made
15:01:46 [Zakim]
+Thomas
15:01:46 [MacTed]
Zakim, mute me
15:01:48 [Zakim]
+ +1.781.416.aaaa
15:01:52 [Zakim]
MacTed should now be muted
15:02:39 [Zakim]
+ +1.218.296.aabb
15:02:41 [MacTed]
paul, is that 416 number you?
15:03:14 [Zakim]
- +1.218.296.aabb
15:03:23 [rreck]
rreck has joined #SWXG
15:03:33 [paul]
I'm on a 781 number
15:03:46 [tlr]
781.416...?
15:03:52 [rreck]
are we meeting?
15:04:12 [rreck]
me too
15:04:23 [MacTed]
Zakim, aaaa is paul
15:04:23 [Zakim]
+paul; got it
15:04:45 [Zakim]
+ +1.218.296.aacc
15:04:48 [danbri]
i'm having trouble geting in too
15:04:55 [tlr]
the UK and FR lines seem to have issues, yes
15:04:56 [rreck]
zakim, +1.218.296.aacc is me
15:04:56 [Zakim]
+rreck; got it
15:05:00 [rreck]
zakim, mute me
15:05:00 [Zakim]
rreck should now be muted
15:05:08 [rreck]
afk
15:05:33 [Zakim]
+[IPcaller]
15:05:48 [hhalpin]
Zakim, [IPcaller] is hhalpin
15:05:48 [Zakim]
+hhalpin; got it
15:06:10 [hhalpin]
Chair: hhalpin
15:06:17 [hhalpin]
Zakim, pick a scribe?
15:06:17 [Zakim]
I don't understand your question, hhalpin.
15:06:19 [hhalpin]
Zakim, pick a scribe
15:06:19 [Zakim]
Not knowing who is chairing or who scribed recently, I propose hhalpin
15:06:23 [hhalpin]
Zakim, pick a scribe
15:06:23 [Zakim]
Not knowing who is chairing or who scribed recently, I propose Thomas
15:06:28 [hhalpin]
Zakim, pick a scribe
15:06:28 [Zakim]
Not knowing who is chairing or who scribed recently, I propose paul
15:06:31 [hhalpin]
Zakim, pick a scribe
15:06:31 [Zakim]
Not knowing who is chairing or who scribed recently, I propose Thomas
15:06:32 [Zakim]
+[IPcaller]
15:06:39 [danbri]
zakim, [IPcaller] is danbri
15:06:39 [Zakim]
+danbri; got it
15:06:41 [hhalpin]
Mischa - can you scribe?
15:06:48 [oshani]
oshani has joined #swxg
15:06:56 [danbri]
zakim, who is on the phone?
15:06:56 [Zakim]
On the phone I see MacTed (muted), paul, Thomas, rreck (muted), hhalpin, danbri
15:07:00 [hhalpin]
Zakim, pick a scribe?
15:07:00 [Zakim]
I don't understand your question, hhalpin.
15:07:04 [hhalpin]
scribe: danbri
15:07:13 [hhalpin]
Zakim, who's on the phone
15:07:13 [Zakim]
I don't understand 'who's on the phone', hhalpin
15:07:17 [Zakim]
+MIT531
15:07:20 [hhalpin]
Zakim, who's on the phone?
15:07:21 [Zakim]
On the phone I see MacTed (muted), paul, Thomas, rreck (muted), hhalpin, danbri, MIT531
15:07:34 [danbri]
is the log loggering?
15:07:35 [hhalpin]
PROPOSED: to approve minutes from June 2nd meeting.
15:07:41 [danbri]
rrsagent, pointer?
15:07:41 [RRSAgent]
See http://www.w3.org/2010/06/09-swxg-irc#T15-07-41
15:07:42 [hhalpin]
http://www.w3.org/2010/06/02-swxg-minutes.html
15:07:51 [hhalpin]
+1
15:07:55 [danbri]
+1
15:07:59 [hhalpin]
RESOLVED: approved minutes from June 2nd meeting
15:08:22 [danbri]
danbri regrets for next week (Notube f2f project meeting)
15:08:31 [hhalpin]
Next Meeting: Distributed access control languages for privacy providers, MIT on AIR and PrimeLife on XACML
15:08:42 [hhalpin]
topic: final report updates
15:08:46 [danbri]
agenda: http://lists.w3.org/Archives/Public/public-xg-socialweb/2010Jun/0010.html
15:08:57 [danbri]
hhalpin: run-thru of final report actions
15:09:02 [danbri]
... we had several regrets
15:09:16 [danbri]
... mischa started an etherpad draft
15:09:19 [hhalpin]
melvster: share etherpad with the rest of the group?
15:09:31 [melvster]
one sec
15:09:35 [melvster]
just dailing in
15:09:37 [melvster]
sure!
15:09:40 [Zakim]
+ +1.510.931.aadd
15:09:49 [melvster]
*work in progress* http://openetherpad.org/Ea4YsoZGeU
15:10:02 [danbri]
hhalpin: i didn't make muh progress on gap analysis
15:10:08 [danbri]
any prog on use cases?
15:10:16 [hhalpin]
http://openetherpad.org/Ea4YsoZGeU
15:10:24 [danbri]
(i dropped some messy notes into etherpad but not done much yet)
15:10:33 [hhalpin]
topic: Paul Trethevick on the State of Digital Identity
15:10:48 [danbri]
(welcome Paul...)
15:11:00 [hhalpin]
http://www.slideshare.net/ptrevithick/swxg-201069
15:11:00 [danbri]
ok i won't scribe things that are in the slides
15:11:06 [Zakim]
+??P24
15:11:07 [hhalpin]
http://www.slideshare.net/ptrevithick/active-clients-and-pd-ses-4452852
15:11:10 [danbri]
who joined?
15:11:13 [melvster]
zakim, ??P24 is me
15:11:13 [Zakim]
+melvster; got it
15:11:14 [hhalpin]
Paul, do you wish to begin?
15:11:14 [danbri]
zakim, who is on the phone?
15:11:14 [Zakim]
On the phone I see MacTed (muted), paul, Thomas, rreck (muted), hhalpin, danbri, oshani, +1.510.931.aadd, melvster
15:11:38 [danbri]
Paul: Harry asked for a few thoughts on state of Identity industry. Hard challenge!
15:11:53 [hhalpin]
So we are on first slide-deck, i.e. http://www.slideshare.net/ptrevithick/swxg-201069
15:12:01 [danbri]
... identity hard problem as perceived differently in different communities
15:12:25 [bblfish]
bblfish has joined #swxg
15:12:28 [danbri]
...language varies by community; it 'obviously' means x to some, something quite different / richer to others
15:12:32 [bblfish]
hi
15:12:40 [danbri]
... some call that more advanced form 'claims based' identity
15:12:51 [danbri]
...you don't necessarily need to identify a person to haev an interaction
15:12:59 [danbri]
... some see authorisation as primal, identification as secondary
15:13:07 [melvster]
bblfish: http://www.slideshare.net/ptrevithick/swxg-201069
15:13:09 [danbri]
... most of us tend to drop the word entirely due to these kinds of confusion
15:13:43 [danbri]
... i was looking yesterday at privacy aware Web definitions, use of 'publisher', ... have to get over these kinds of terminological problems
15:13:52 [danbri]
... - requirements vary by community
15:14:09 [danbri]
... idea that different people are trying to solve slightly different problems
15:14:15 [danbri]
... why do we look at this so differently?
15:14:22 [danbri]
... idea of levels of assurance, eg. NIST's 4 levels
15:14:34 [danbri]
... how much can relying party depend on strength of some assertions
15:14:40 [danbri]
... some need levels of assurance > 1
15:15:20 [danbri]
(hmm this? http://en.wikipedia.org/wiki/Identity_Assurance_Framework#Assurance_Level_Criteria )
15:15:33 [hhalpin]
NIST levels are interesting...
15:15:34 [danbri]
... challenge here , some feel that anything > 1 is irrelevant, uninteresting
15:15:47 [danbri]
... that perspective driven by high volume, low value social web transactions
15:16:00 [danbri]
...those on higher level (payment, govt) sometimes feel like 'long tail' cornercases
15:16:00 [danbri]
.
15:16:07 [hhalpin]
but the high-volume transactions can eventually get need higher NIST level, i.e. binding payment to your social networking account ala Payswarm
15:16:12 [danbri]
.. also eg yesterday talked w/ natioanl cancer institute re sharing medical records
15:16:26 [Zakim]
- +1.510.931.aadd
15:16:26 [danbri]
...also Verified vs self-asserted attributes
15:16:32 [danbri]
.. much socialweb stuff is just asserted by end users
15:16:55 [danbri]
... other scenarios (reputation systems, payment systems), ... some people / communities will look at these requirements and say 'no thanks'
15:17:22 [danbri]
... eg. equifax can issue 'bearer of assertion is > 21 years old' (but we'll reveal nothing else about them)
15:17:41 [danbri]
... a lot of probs around protecting children are around lack of verified 3rd party assertions of attributes
15:17:53 [danbri]
...also req: need to aggregate from multiple different providers
15:18:02 [danbri]
... for high volume / simple sites, this isn't a problem
15:18:16 [danbri]
... other use cases, you distinguish even from an ID provider and an attribute provider
15:18:24 [hhalpin]
attribute provider/identity provider an interesting distinction.
15:18:27 [danbri]
... you can not have to keep authenticating but can aggregate attribs [missed]
15:18:37 [danbri]
[slide 5 now on slideshare]
15:18:40 [danbri]
... linkability
15:19:04 [danbri]
... this makes perfect sense to some, but too much for others [see kim camerons laws of id ... re deployable systems]
15:19:19 [danbri]
... you can agree / disagree, but this is the landscape of [lack of ] consensus
15:19:37 [danbri]
"Some uses cases require high assurance and unlinkability (and sometimes even offline presentation of security tokens)."
15:20:17 [danbri]
submarine example; disconnected from 'net but need to auth things internally
15:20:24 [danbri]
... a lot of discussion lately re levels of protection
15:20:28 [danbri]
... converse of levels of assurance
15:20:38 [danbri]
... coudl we could to a world where use is a party to digitally signed contract
15:20:49 [danbri]
... it's released to relying party, but the rp is bound not to resell
15:21:08 [danbri]
... for that to be non-repudiable, need ... [missed detail, sorry]
15:21:12 [Zakim]
+ +1.510.931.aaee
15:21:18 [danbri]
... concern that lately too much emphasis on crypto
15:21:29 [danbri]
.. some control, but also more on accountability, in everyday life
15:21:35 [bblfish]
zakim aaee is bblfish
15:21:42 [bblfish]
zakim, aaee is bblfish
15:21:42 [Zakim]
+bblfish; got it
15:21:46 [danbri]
... so there are only prototypes of tech currently that can handle this
15:21:58 [danbri]
... again these are just examples of why this [consensus] is hard
15:22:06 [danbri]
...hard to build something universal, addressing all requirements
15:22:24 [danbri]
... ie. this talk might be considered something of an apology for lack of progress given the energy/effort
15:22:28 [hhalpin]
no apologies needed paul, there is clearly progress being made and the problem is hard!
15:22:31 [danbri]
... several community
15:22:37 [danbri]
Identity Commons (2005) http://idcommons.net
15:22:52 [AnitaD]
AnitaD has joined #swxg
15:23:02 [danbri]
... distinguishing open / user centric id folk from enterprise / proprietary world (of which i know little)
15:23:09 [danbri]
IIW is the (intense, 3 day) hub of this world
15:23:17 [danbri]
... OpenID Foundation (2007) http://openid.net
15:23:25 [Zakim]
+ +049172247aaff
15:23:33 [danbri]
[ is http://community.livejournal.com/lj_dev/683939.html the 1st openid spec btw?]
15:23:43 [danbri]
... internal competition within openid now
15:23:52 [danbri]
... different groups, perceive problem sets differently
15:24:13 [danbri]
...Qs: what is the openid foundation? a broad church or an advocacy org for one particiular protocol?
15:24:24 [danbri]
dataportability? DataPortability.org (2007)
15:24:29 [danbri]
... struck a nerve re user control
15:24:34 [danbri]
Information Card Foundation (2008) http://informationcard.net
15:24:46 [danbri]
... began around ms cardspace and oasis IMI, ...
15:24:57 [danbri]
..."Next generation: Integrated with the browser. Consistent UX across protocols including: un/pw, OpenID (to reduce phishing), IMI (legacy), and OpenID V.Next, client side certs (perhaps)?"
15:25:02 [danbri]
...that foundation also at a crossroads
15:25:08 [danbri]
... is more emphasising active clients
15:25:31 [danbri]
... found some issues w/ active clients
15:25:41 [danbri]
esp requiring a download, and insisting on a single unifying protocol
15:25:51 [danbri]
... soul-searching and next gen work
15:25:56 [danbri]
... moving beyond single protocol
15:25:59 [danbri]
makign it 'better with'
15:26:15 [danbri]
"Kantara (2009) - http://kantarainitiative.org
15:26:19 [danbri]
... kinda interesting
15:26:31 [danbri]
... analysis coupleyears ago, interviewed rigorously many from ID scene
15:26:33 [danbri]
... under NDA
15:26:42 [danbri]
... to make a new org
15:26:53 [danbri]
... they [we] concluded that we have moved into a cross-protocol era
15:27:02 [danbri]
... needed a pulling together of a number of these disperate communities
15:27:10 [danbri]
... was then the old liberty alliance, saml work
15:27:19 [danbri]
... which was a response to hailstorm/passport
15:27:26 [danbri]
... also openid appeared
15:27:31 [danbri]
... 3 tech groups appeared
15:27:37 [danbri]
... to some extent it's an unrealised objective
15:27:41 [danbri]
... strategically it's right
15:27:57 [danbri]
q+ to ask how messy patent situation is (what is feasible royalty-free?)
15:28:18 [danbri]
... Kantara replaced liberty alliance
15:28:27 [danbri]
... and working on some crosscutting stuff
15:28:42 [danbri]
( also new ones this year )
15:29:03 [danbri]
a joint board, infocard and openid(?)
15:29:09 [hhalpin]
q+ to ask about browser integration and w3c
15:29:11 [danbri]
... discussion of what's missing, usability vs specs
15:29:30 [danbri]
... role of biz agreements that allocate liability
15:29:34 [danbri]
... joint sales efforts
15:29:53 [danbri]
... obama team wanted to open govt up and use commercial ids from industry
15:29:58 [danbri]
... catalytic effect
15:30:13 [danbri]
...govt said we like openid, but want also stronger assurances, info card stuff, ... but hey we're just a customer,...
15:30:25 [danbri]
... big enough that got attention of those 2 foundations, who self-organized and stopped quibbling
15:30:30 [danbri]
... in some way stopped competing a bit
15:31:04 [danbri]
... united front to the federal govt, and said 'whichever, we see the fed govt won't enter into commercial relationships w/ for example paypal, yahoo, google, whoever... unless there are certifiable properties, privacy characteristics, audits, ...
15:31:08 [danbri]
... understand liability, ...
15:31:18 [danbri]
... caused spontaneous creation of the Open Identity Exchange
15:31:21 [danbri]
(OIX?)
15:31:29 [danbri]
... so they joined forces to form that
15:31:44 [hhalpin]
ack danbri
15:31:44 [Zakim]
danbri, you wanted to ask how messy patent situation is (what is feasible royalty-free?)
15:32:08 [danbri]
q+ to ask how messy patent situation is (what is feasible royalty-free?)
15:32:12 [danbri]
(patent talk later)
15:32:17 [hhalpin]
q+ danbri
15:32:30 [danbri]
kantara and others ... corporate sponsors, + leadership council
15:32:32 [danbri]
(i missed some detail)
15:32:48 [hhalpin]
likes the community members and corporate sponsor model, maybe that could work for the w3c
15:32:50 [danbri]
oidf and icf ,... same governance model, blender board, 1 member one vote, community members outweigh
15:33:06 [danbri]
... re participartion, indivs and companies can join, but $100 for an indiv, in some cases $25
15:33:18 [danbri]
... in terms of how openly they operate, that could be debated
15:33:23 [danbri]
.. theoretically, all open to all
15:33:41 [danbri]
... but strong interpersonal relationships and personalities are in many cases the driver of what happens than the formal structures
15:33:46 [danbri]
... has to be seen to be believed
15:33:55 [danbri]
... this is not something like w3c or oasis
15:34:07 [danbri]
... kantara is most formal/structure, icf more, openid foundation
15:34:28 [danbri]
they all have public archived mailing lists
15:34:34 [danbri]
all 3 have private board lists
15:34:44 [danbri]
vast majority of everything is public
15:35:03 [danbri]
last one, Xauth, is interesting ---
15:35:14 [danbri]
--- it's a way to personalise the login situation
15:35:28 [danbri]
... if oyu only have an unmodified browser, you show up with a fresh browser it can't be customised
15:35:36 [danbri]
(forgetting the CSS History hack :)
15:35:50 [danbri]
... school of thought that says 'browsers don't know who you are ...
15:35:59 [danbri]
... nor who your preferred attribute/identity providers are
15:36:08 [danbri]
... hence the 'nascar problem', long list of logos
15:36:13 [danbri]
... so a tyranny of the mega-brands
15:36:22 [danbri]
... so relying parties put facebook/google/yahoo at the top
15:36:32 [danbri]
... which has a somewhat perverse effect
15:36:50 [danbri]
... xauth says with html5 and some tricks, we can hack a way for the relying party to learn what someone's prefs are
15:36:55 [danbri]
... shorter list
15:37:17 [danbri]
... these are ways to work around an architectural problem
15:37:25 [danbri]
... which is that browsers don't know who you are
15:37:38 [danbri]
..slide 7 http://www.slideshare.net/ptrevithick/swxg-201069
15:37:46 [danbri]
... openid 2.0 (legacy openid)
15:37:51 [danbri]
50k sites and growing, relying parties
15:37:56 [danbri]
... q is where we go from here
15:38:02 [danbri]
openid has a number of problems
15:38:08 [danbri]
3 key
15:38:31 [danbri]
1 - OpenID-AB [Attribute Binding] - http://bitbucket.org/openid/ab/wiki/Home
15:38:35 [danbri]
Proposed by Nat Sakamura and others in early 2009
15:38:40 [danbri]
... has not had much attention yet
15:38:49 [danbri]
2 - OpenID V.Next
15:39:02 [danbri]
(discussed last fall and this spring at IIW)
15:39:08 [danbri]
v.Next codename for whatever appens
15:39:28 [danbri]
in May, OpenID Connect proposal from David Recordon (and social Web friends)
15:39:32 [danbri]
all these 3 are breaking changes
15:39:39 [danbri]
not backwards compatible
15:39:48 [danbri]
... I don't yet see how this is going to get resolved
15:39:59 [danbri]
... openid connect is 'get a spec out there ... let's just do it!'
15:40:04 [danbri]
... caught some ppl by suprise
15:40:12 [danbri]
... openid community is trying to figure out a way fwd thru all this
15:40:22 [danbri]
... I hope the earlier slides set some context for this
15:40:33 [danbri]
... and difficulty in agreeing even common requirements
15:40:36 [danbri]
Slide 9 -
15:40:40 [danbri]
personal opinion -
15:40:45 [danbri]
... we can't stop creation of new protocols
15:40:49 [danbri]
... open, etc
15:40:55 [danbri]
... what happens a lot is much reinvention
15:41:03 [danbri]
... come up with stuff, don't see what came before
15:41:16 [danbri]
... do something quick/dirty that solves some problems now
15:41:20 [danbri]
...then start making it more robust
15:41:30 [danbri]
... realise it isn't 80% solution, but 45%, ...
15:41:33 [danbri]
... then someone new jumps in
15:41:40 [danbri]
... natural cycle of reinvention
15:41:53 [danbri]
... yesterday/last-night investigating webid [ie. foaf+ssl]
15:41:59 [bblfish]
I'd say WebId being based on the semweb, in one protocol that can then bind all of them together.... One can bind in OpenId for example. (not sure about the others)
15:42:02 [danbri]
... looks like it would solve some fraction of use cases, has nice characteristics
15:42:08 [danbri]
.... but partial solution
15:42:23 [danbri]
... not clear how much things will converge
15:42:40 [danbri]
... or how much analogy with email, where Internet email eventually dominated
15:43:16 [danbri]
... i note that whenever we build something new that gets used, ... it is out there and not going away
15:43:27 [danbri]
... and that username + password could easily stay dominant for 10+ more years
15:43:33 [danbri]
... we have learned things
15:43:36 [danbri]
... users don't care
15:43:42 [danbri]
... they want something that makes sense to them
15:43:46 [danbri]
... ux is the key to them
15:44:18 [danbri]
... if you go to an RP and say 'this is great tech, saml no infocard no openid no ...." the RP will say "well, we have to support at least username/ password .. and i'll have to link the accounts ...
15:44:26 [bblfish]
(note on above there is work integrating WebID with SAML in Machester, with SOAP in University of Southampton...)
15:44:26 [danbri]
... so the RPs live in a necessarily multi-protocol world
15:44:34 [danbri]
but our communities don't organize in those terms
15:44:40 [danbri]
... eg create a common apache module
15:44:46 [danbri]
... this is a structural problem
15:44:51 [danbri]
[ very interesting! --danbri ]
15:45:06 [danbri]
... communities eventually say 'oh we have overlap, need to blend things ... '
15:45:21 [tlr]
tlr has joined #swxg
15:45:21 [danbri]
... attempts to say 'here is an active client, eg. ms cardspace '. ... it just didn't work
15:45:36 [danbri]
... to use the solution, you needed 'this thing', the right version with your OS, download it if needed, need to be on windows, etc etc
15:45:46 [danbri]
... so the idea that active clients needed for system to work ... a nonstarterr
15:46:08 [danbri]
... always this locked down enterprise computer, library kiosk, ... person can't install plugin, upgrade a pc, etc ...
15:46:18 [danbri]
... so lately active client ppl have a 'better with' approach
15:46:32 [hhalpin]
q?
15:46:47 [danbri]
... ie. it works normally but is 'better with' the addon (whether an ng-browser, or addon)
15:47:10 [danbri]
... ppl look at 'open identity community' and they see a swirling churning mess of people putting down each other's stuff, partial penetration, etc
15:47:19 [danbri]
... and they say 'ok, let's wait for this catfight to calm down'
15:47:38 [danbri]
... status quo, is do nothing, use a proprietary thing, if username/password don't do it
15:47:50 [danbri]
... with 1 exception: facebook connect, picking up a lot of use across Web
15:47:57 [danbri]
... they have an id tech plus attributes
15:48:18 [danbri]
... last pt: the identity community, with all these nonprofits, is not structurally in a good place to solve needs of the marketplace
15:48:27 [danbri]
... couple of specific points re socialweb
15:48:33 [danbri]
... identifiers and user experience
15:48:36 [danbri]
... my perception
15:48:43 [danbri]
... in beginning, was 'type in your openid URI'
15:48:53 [danbri]
... rough consensus: not working
15:48:59 [danbri]
... they understand it only as for pages/info
15:49:02 [danbri]
... doesn't work on ppl
15:49:07 [danbri]
... they understand email addresses
15:49:12 [dsearls2]
dsearls2 has joined #SWXG
15:49:13 [danbri]
... so openid said 'click on a button'
15:49:21 [danbri]
.... but measured results were higher conversion rates
15:49:29 [dsearls2]
Hey Dan, all. It's Doc.
15:49:32 [danbri]
... with benefit to those at top of list
15:49:42 [danbri]
rrsagent, pointer?
15:49:42 [RRSAgent]
See http://www.w3.org/2010/06/09-swxg-irc#T15-49-42
15:49:52 [danbri]
see link for logs, doc
15:49:58 [dsearls2]
ok
15:49:59 [danbri]
paul: 'people get that, re use of email
15:50:12 [danbri]
.... end-user re-education is a huge issue
15:50:25 [danbri]
... and now with xauth we can personalise the nascar icon list to something more manageable
15:50:30 [danbri]
... best we can do short of active client
15:50:32 [danbri]
... slide 12:
15:50:42 [oshani]
dsearls2, here's the slides: http://www.slideshare.net/ptrevithick/swxg-201069
15:50:44 [danbri]
attribute schemes
15:50:51 [danbri]
... there are so many of these things, so much overlap, ...
15:50:57 [Zakim]
-bblfish
15:51:12 [danbri]
... if you start taking view from biz point of view, that relying party is key ,... you want that to be easy as possible
15:51:20 [danbri]
too many schemas makes RP's life hard
15:51:38 [hhalpin]
q?
15:51:45 [hhalpin]
ack danbri
15:51:45 [Zakim]
danbri, you wanted to ask how messy patent situation is (what is feasible royalty-free?) and to
15:51:47 [danbri]
[other deck]
15:51:53 [danbri]
can you scribe harry?
15:51:58 [rreck]
thanks for your presentation, it was very informative
15:52:20 [hhalpin]
scribenick: hhalpin
15:52:29 [hhalpin]
danbri: any patents in identity scene?
15:52:32 [Zakim]
+bblfish
15:52:34 [hhalpin]
... any idea how messy situation is?
15:52:48 [hhalpin]
paul: it doesnt get talked about that much
15:52:56 [hhalpin]
... varies by organization depending on struture
15:53:05 [bblfish_]
bblfish_ has joined #swxg
15:53:08 [hhalpin]
... we try in ICF and Kantara to have IPR rules
15:53:19 [danbri]
(w3c history - eg see http://www.w3.org/TR/P3P-analysis )
15:53:19 [hhalpin]
... we can tell that things happen just willy nilly
15:53:47 [hhalpin]
... not developed in a structure and not necessarily ideal
15:53:49 [tlr]
q+ to ask whether Paul sees any chance for the identity work to move into less willy-nilly space, eventually
15:53:51 [hhalpin]
... pretty confusing to me
15:54:10 [hhalpin]
... hard to know whats lurking out there, esp. with OpenID
15:54:18 [hhalpin]
danbri: if we wanted to get something in all the browsers
15:54:25 [hhalpin]
... could we get those vendors to commit to RF-status?
15:54:34 [hhalpin]
paul: I work in this Eclipse Higgins project
15:54:46 [hhalpin]
... so our patent reviews are pretty good
15:54:57 [hhalpin]
... an explicit license is being given to contribution
15:55:21 [hhalpin]
danbri: relevant specification, go back to paper trail to see how the W3C developed its patent policy
15:55:29 [hhalpin]
paul: not sure re specs
15:55:36 [hhalpin]
scribenick: danbri
15:55:53 [bblfish_]
q?
15:55:55 [melvster]
paul: awesome job
15:55:57 [bblfish_]
?q
15:56:02 [tlr]
q+ bblfish_
15:56:07 [bblfish_]
heh
15:56:08 [hhalpin]
ack tlr
15:56:08 [Zakim]
tlr, you wanted to ask whether Paul sees any chance for the identity work to move into less willy-nilly space, eventually
15:56:20 [danbri]
tlr: thx for the talk, paul
15:56:30 [danbri]
... in your answer to danbri's impossible q, you sounded mildly frustrated
15:56:36 [danbri]
... re work happening in a 'willy nilly' way
15:56:45 [danbri]
... see any chance for that to fix itself over time?
15:57:07 [danbri]
paul: for full disclosure, ... there is a project 'bingo' towards consolidating a number of these efforts, back into a more structured but broad church
15:57:19 [danbri]
...where the church is about consistent messaging/marketing/ipr, not tech
15:57:39 [danbri]
... my personal bias is that we would do better to come up with a broad base consolidating a number of these
15:57:45 [dsearls2]
Think big tent instead of church.
15:58:02 [danbri]
... but saying that i can hear friends of mine like dave recordon, chris messina, saying 'we can just hack it...'
15:58:11 [danbri]
... but when the recession came, they took jobs at big companies
15:58:25 [danbri]
... so now when they say it you have to consider the source, they work for google, yahoo, facebook etc
15:58:38 [bblfish_]
Hey, I am unemployed now!
15:58:40 [dsearls2]
Dave works for a different big co every year.
15:58:43 [bblfish_]
so you can trust me :-)
15:58:50 [danbri]
... you always have to figure out what's personal view, and what [ not wanting to say something unfair here ] ... looking at openid connect, ...
15:59:22 [danbri]
... could be perceived as a retrospective stdisation of fb connect
15:59:25 [hhalpin]
theres also Google FriendConnect
15:59:28 [hhalpin]
i.e. FriendSense :)
16:00:07 [danbri]
... some aren't so concerned for the crypto
16:00:13 [danbri]
... and oauth hardcodes rather a lot
16:00:21 [danbri]
... so i'm somewhat at a loss to predict what'll happen
16:00:36 [danbri]
q?
16:00:41 [hhalpin]
ack hhalpin
16:00:42 [Zakim]
hhalpin, you wanted to ask about browser integration and w3c
16:00:48 [danbri]
q+ to ask about communications with the 'browser makers'
16:01:00 [danbri]
harry: a lot of discussion talking more now about browser-based integration
16:01:16 [danbri]
... w3c has some work there w/ html5, ... and w/ big browser makers
16:01:40 [danbri]
... discussion before re w3c involvement has focussed on its membership model which can be seen as exclusive
16:01:56 [danbri]
... do you think w3c could have a role w/ one or more foundations, to see if some mature tech here could go into new browsers?
16:02:14 [danbri]
... possibility of stdisation (at format level? more w3c's thing than protocols which go better at ietf)
16:02:29 [danbri]
... if so, what to do about the number of these foundations?
16:02:41 [rreck]
got to go, thanks again
16:02:50 [danbri]
... trying to appreciate thigns on a tech level, and figure out what kind of a role might make sense for us
16:02:56 [danbri]
... eg. browser aspect, html5 etc happening
16:03:00 [danbri]
paul: I think now is a great time
16:03:02 [Zakim]
-rreck
16:03:07 [danbri]
... things are at a crossroads in most of the foundations
16:03:20 [danbri]
... kantara, oidf, ... [missed last acronym]
16:03:39 [danbri]
... dan based on your comments last week, i've mentioned to others there might be a new actor [=w3c] to consider
16:03:51 [dsearls2]
ICF... Information Card Foundation
16:04:09 [danbri]
... there is sort of this feeling that, from the californian web kids' perspective, ... that w3c isn't relevant but browser folk are, ... if you get mozilla to build this stuff in, that's the way to go
16:04:18 [danbri]
... and html5 is a part of the equation
16:04:30 [danbri]
... more discussion about getting this into browsers [ie, firefox, chrome] than html5
16:04:38 [danbri]
... but that's not to say there's nothing discussed there
16:04:48 [hhalpin]
also notes two years ago I was talking about OpenID with Hixie at TPAC :)
16:04:51 [danbri]
... 2 years ago, w/ david recordon, relying party metadata stuff should be in html5
16:05:00 [danbri]
(thx dsearls2)
16:05:03 [hhalpin]
q+ to ask about ostatus
16:05:20 [danbri]
... my personal belief, that w3c thru html5 angle, a great place to advance this idea of active clients, ID in the browser, ...
16:05:30 [danbri]
... has in past been a lot of outreach from w3c on these things
16:05:44 [danbri]
... in past, ID folks also tended to talk amongst themselves, but not have strong links to browser world
16:06:01 [danbri]
... speaking for info card foundation, definitely interested
16:06:05 [tlr]
paul, I'd be happy to help with that sort of discussion from the W3C side
16:06:10 [danbri]
... and kantara, new chair...
16:06:18 [danbri]
(tlr, can you put that in audio, don't know if paul reading irc)
16:06:27 [tlr]
happy to
16:06:30 [danbri]
paul: some will be wary of even more institutionalisation
16:06:44 [danbri]
... there are threads, eg. 'if the openid foundation doesn't do it, we'll just do it'
16:06:57 [danbri]
q+ to note re oauth
16:07:09 [hhalpin]
q?
16:08:00 [danbri]
tlr, these days we are shying away from joint work with the ietf ...
16:08:08 [danbri]
... in sense of a group being simultatnously belong to both
16:08:21 [danbri]
... however we are doing much more heavily coordinated work with them, and it is going pretty well
16:08:27 [hhalpin]
The IETF does make sense for OpenID connect, unless OpenID Connect feels like its need browser integration or the W3C RF Patent Policy
16:08:32 [danbri]
... re paul / infocard, ... i'd behappy to help from w3c side
16:08:39 [danbri]
... can take it to email and see where it goes
16:08:40 [hhalpin]
q?
16:08:47 [hhalpin]
ack bblfish_
16:08:50 [danbri]
q-
16:09:03 [danbri]
bblfish: thx for mentioning webid ...
16:09:20 [danbri]
... there has been work on linking that with SAML (from manchester), with [missed, SOAP??] from S/hampton
16:09:43 [Zakim]
-oshani
16:09:44 [danbri]
... because semweb is an abstraction of all syntaxes that it is a perfect foundation for integrating all these different pieces; you can map anything into the sw
16:09:50 [danbri]
[any format at least? -- dan]
16:10:05 [tlr]
q+ to ask bblfish whether the "linking" is really about the semweb part, or is similar to the flow diagrams that we've seen at RSA 2008
16:10:07 [danbri]
... so you can see semweb as a glue for all these pieces.
16:10:21 [danbri]
tlr, url for diagrams?
16:10:38 [danbri]
paul: I understand, and happen to think semweb and linked data have a bigger role to play in future in identity ...
16:11:00 [hhalpin]
q?
16:11:12 [hhalpin]
ack hhalpin
16:11:12 [Zakim]
hhalpin, you wanted to ask about ostatus
16:11:29 [tlr]
q0
16:11:30 [tlr]
q-
16:12:14 [danbri]
hhalpin [asks about ostatus]
16:13:03 [danbri]
paul: it absolutely is related
16:13:05 [hhalpin]
ostatus framework hooking up to OpenID/WebID/etc.?
16:13:10 [danbri]
...these 2 worlds have to come together in a coherent way
16:13:16 [danbri]
... ostatus stuff has to come together in a coherent way
16:13:23 [danbri]
.....with the identity world
16:13:39 [danbri]
... some admirable things happening via 'small pieces loosly joined'
16:13:45 [danbri]
... ostatus is a great example of that
16:14:04 [danbri]
... but if we step back and say 'lets look at it from ux perspective' [as we're doing in new kantara group]
16:14:21 [danbri]
... moving beyond simple login, ... it is about sharing, things like ostatus, ... how do you make this understandable, coherent, simple?
16:14:42 [danbri]
.. what i've found, the need to knit things together becomes self-evident, and the gaps in the available technologies become clearer
16:14:42 [hhalpin]
q?
16:14:50 [danbri]
lately am trying to be ux first, tech 2nd
16:15:05 [hhalpin]
linked data has a fairly hostile user experience :)
16:15:07 [danbri]
... so there i think we need to think about ostatus, and about updates to linked data too
16:15:52 [danbri]
paul: good to be here forming some bridges
16:16:35 [danbri]
paul: diplomacy and tact may be undervalued in some community, but it's the only way we'll make progress in the bigger picture
16:16:42 [Zakim]
- +049172247aaff
16:16:49 [tlr]
Thanks, again, Paul for joining!
16:17:05 [danbri]
+1, thanks Paul :)
16:17:13 [paul]
My pleasure
16:17:19 [danbri]
rrsagent, please finish the minutes for me
16:17:19 [RRSAgent]
I'm logging. I don't understand 'please finish the minutes for me', danbri. Try /msg RRSAgent help
16:17:31 [melvster]
thanks paul, awesome call
16:17:34 [Zakim]
-Thomas
16:17:34 [hhalpin]
rrsagent, draft minutes
16:17:34 [RRSAgent]
I have made the request to generate http://www.w3.org/2010/06/09-swxg-minutes.html hhalpin
16:17:36 [bblfish_]
thanks, very much
16:17:42 [bblfish_]
great talk
16:17:44 [hhalpin]
trackbot, end meeting
16:17:44 [trackbot]
Zakim, list attendees
16:17:44 [Zakim]
As of this point the attendees have been MacTed, Thomas, +1.781.416.aaaa, +1.218.296.aabb, paul, rreck, hhalpin, danbri, oshani, +1.510.931.aadd, melvster, +1.510.931.aaee,
16:17:45 [paul]
Thank you all. I look forward to continuing
16:17:45 [trackbot]
RRSAgent, please draft minutes
16:17:45 [RRSAgent]
I have made the request to generate http://www.w3.org/2010/06/09-swxg-minutes.html trackbot
16:17:46 [trackbot]
RRSAgent, bye
16:17:46 [RRSAgent]
I see no action items
16:17:47 [Zakim]
... bblfish, +049172247aaff