IRC log of swxg on 2010-06-09

Timestamps are in UTC.

14:59:58 [RRSAgent]

RRSAgent has joined #swxg

14:59:58 [RRSAgent]

logging to http://www.w3.org/2010/06/09-swxg-irc

15:00:00 [trackbot]

RRSAgent, make logs world

15:00:00 [Zakim]

Zakim has joined #swxg

15:00:02 [trackbot]

Zakim, this will be 7994

15:00:02 [Zakim]

ok, trackbot; I see INC_SWXG()11:00AM scheduled to start now

15:00:03 [trackbot]

Meeting: Social Web Incubator Group Teleconference

15:00:03 [trackbot]

Date: 09 June 2010

15:00:45 [Zakim]

INC_SWXG()11:00AM has now started

15:00:52 [Zakim]

+OpenLink_Software

15:01:06 [MacTed]

Zakim, OpenLink_Software is temporarily me

15:01:06 [Zakim]

+MacTed; got it

15:01:41 [tlr]

zakim, call thomas-781

15:01:41 [Zakim]

ok, tlr; the call is being made

15:01:46 [Zakim]

+Thomas

15:01:46 [MacTed]

Zakim, mute me

15:01:48 [Zakim]

+ +1.781.416.aaaa

15:01:52 [Zakim]

MacTed should now be muted

15:02:39 [Zakim]

+ +1.218.296.aabb

15:02:41 [MacTed]

paul, is that 416 number you?

15:03:14 [Zakim]

- +1.218.296.aabb

15:03:23 [rreck]

rreck has joined #SWXG

15:03:33 [paul]

I'm on a 781 number

15:03:46 [tlr]

781.416...?

15:03:52 [rreck]

are we meeting?

15:04:12 [rreck]

me too

15:04:23 [MacTed]

Zakim, aaaa is paul

15:04:23 [Zakim]

+paul; got it

15:04:45 [Zakim]

+ +1.218.296.aacc

15:04:48 [danbri]

i'm having trouble geting in too

15:04:55 [tlr]

the UK and FR lines seem to have issues, yes

15:04:56 [rreck]

zakim, +1.218.296.aacc is me

15:04:56 [Zakim]

+rreck; got it

15:05:00 [rreck]

zakim, mute me

15:05:00 [Zakim]

rreck should now be muted

15:05:08 [rreck]

afk

15:05:33 [Zakim]

+[IPcaller]

15:05:48 [hhalpin]

Zakim, [IPcaller] is hhalpin

15:05:48 [Zakim]

+hhalpin; got it

15:06:10 [hhalpin]

Chair: hhalpin

15:06:17 [hhalpin]

Zakim, pick a scribe?

15:06:17 [Zakim]

I don't understand your question, hhalpin.

15:06:19 [hhalpin]

Zakim, pick a scribe

15:06:19 [Zakim]

Not knowing who is chairing or who scribed recently, I propose hhalpin

15:06:23 [hhalpin]

Zakim, pick a scribe

15:06:23 [Zakim]

Not knowing who is chairing or who scribed recently, I propose Thomas

15:06:28 [hhalpin]

Zakim, pick a scribe

15:06:28 [Zakim]

Not knowing who is chairing or who scribed recently, I propose paul

15:06:31 [hhalpin]

Zakim, pick a scribe

15:06:31 [Zakim]

Not knowing who is chairing or who scribed recently, I propose Thomas

15:06:32 [Zakim]

+[IPcaller]

15:06:39 [danbri]

zakim, [IPcaller] is danbri

15:06:39 [Zakim]

+danbri; got it

15:06:41 [hhalpin]

Mischa - can you scribe?

15:06:48 [oshani]

oshani has joined #swxg

15:06:56 [danbri]

zakim, who is on the phone?

15:06:56 [Zakim]

On the phone I see MacTed (muted), paul, Thomas, rreck (muted), hhalpin, danbri

15:07:00 [hhalpin]

Zakim, pick a scribe?

15:07:00 [Zakim]

I don't understand your question, hhalpin.

15:07:04 [hhalpin]

scribe: danbri

15:07:13 [hhalpin]

Zakim, who's on the phone

15:07:13 [Zakim]

I don't understand 'who's on the phone', hhalpin

15:07:17 [Zakim]

+MIT531

15:07:20 [hhalpin]

Zakim, who's on the phone?

15:07:21 [Zakim]

On the phone I see MacTed (muted), paul, Thomas, rreck (muted), hhalpin, danbri, MIT531

15:07:34 [danbri]

is the log loggering?

15:07:35 [hhalpin]

PROPOSED: to approve minutes from June 2nd meeting.

15:07:41 [danbri]

rrsagent, pointer?

15:07:41 [RRSAgent]

See http://www.w3.org/2010/06/09-swxg-irc#T15-07-41

15:07:42 [hhalpin]

http://www.w3.org/2010/06/02-swxg-minutes.html

15:07:51 [hhalpin]

+1

15:07:55 [danbri]

+1

15:07:59 [hhalpin]

RESOLVED: approved minutes from June 2nd meeting

15:08:22 [danbri]

danbri regrets for next week (Notube f2f project meeting)

15:08:31 [hhalpin]

Next Meeting: Distributed access control languages for privacy providers, MIT on AIR and PrimeLife on XACML

15:08:42 [hhalpin]

topic: final report updates

15:08:46 [danbri]

agenda: http://lists.w3.org/Archives/Public/public-xg-socialweb/2010Jun/0010.html

15:08:57 [danbri]

hhalpin: run-thru of final report actions

15:09:02 [danbri]

... we had several regrets

15:09:16 [danbri]

... mischa started an etherpad draft

15:09:19 [hhalpin]

melvster: share etherpad with the rest of the group?

15:09:31 [melvster]

one sec

15:09:35 [melvster]

just dailing in

15:09:37 [melvster]

sure!

15:09:40 [Zakim]

+ +1.510.931.aadd

15:09:49 [melvster]

*work in progress* http://openetherpad.org/Ea4YsoZGeU

15:10:02 [danbri]

hhalpin: i didn't make muh progress on gap analysis

15:10:08 [danbri]

any prog on use cases?

15:10:16 [hhalpin]

http://openetherpad.org/Ea4YsoZGeU

15:10:24 [danbri]

(i dropped some messy notes into etherpad but not done much yet)

15:10:33 [hhalpin]

topic: Paul Trethevick on the State of Digital Identity

15:10:48 [danbri]

(welcome Paul...)

15:11:00 [hhalpin]

http://www.slideshare.net/ptrevithick/swxg-201069

15:11:00 [danbri]

ok i won't scribe things that are in the slides

15:11:06 [Zakim]

+??P24

15:11:07 [hhalpin]

http://www.slideshare.net/ptrevithick/active-clients-and-pd-ses-4452852

15:11:10 [danbri]

who joined?

15:11:13 [melvster]

zakim, ??P24 is me

15:11:13 [Zakim]

+melvster; got it

15:11:14 [hhalpin]

Paul, do you wish to begin?

15:11:14 [danbri]

zakim, who is on the phone?

15:11:14 [Zakim]

On the phone I see MacTed (muted), paul, Thomas, rreck (muted), hhalpin, danbri, oshani, +1.510.931.aadd, melvster

15:11:38 [danbri]

Paul: Harry asked for a few thoughts on state of Identity industry. Hard challenge!

15:11:53 [hhalpin]

So we are on first slide-deck, i.e. http://www.slideshare.net/ptrevithick/swxg-201069

15:12:01 [danbri]

... identity hard problem as perceived differently in different communities

15:12:25 [bblfish]

bblfish has joined #swxg

15:12:28 [danbri]

...language varies by community; it 'obviously' means x to some, something quite different / richer to others

15:12:32 [bblfish]

hi

15:12:40 [danbri]

... some call that more advanced form 'claims based' identity

15:12:51 [danbri]

...you don't necessarily need to identify a person to haev an interaction

15:12:59 [danbri]

... some see authorisation as primal, identification as secondary

15:13:07 [melvster]

bblfish: http://www.slideshare.net/ptrevithick/swxg-201069

15:13:09 [danbri]

... most of us tend to drop the word entirely due to these kinds of confusion

15:13:43 [danbri]

... i was looking yesterday at privacy aware Web definitions, use of 'publisher', ... have to get over these kinds of terminological problems

15:13:52 [danbri]

... - requirements vary by community

15:14:09 [danbri]

... idea that different people are trying to solve slightly different problems

15:14:15 [danbri]

... why do we look at this so differently?

15:14:22 [danbri]

... idea of levels of assurance, eg. NIST's 4 levels

15:14:34 [danbri]

... how much can relying party depend on strength of some assertions

15:14:40 [danbri]

... some need levels of assurance > 1

15:15:20 [danbri]

(hmm this? http://en.wikipedia.org/wiki/Identity_Assurance_Framework#Assurance_Level_Criteria )

15:15:33 [hhalpin]

NIST levels are interesting...

15:15:34 [danbri]

... challenge here , some feel that anything > 1 is irrelevant, uninteresting

15:15:47 [danbri]

... that perspective driven by high volume, low value social web transactions

15:16:00 [danbri]

...those on higher level (payment, govt) sometimes feel like 'long tail' cornercases

15:16:00 [danbri]

.

15:16:07 [hhalpin]

but the high-volume transactions can eventually get need higher NIST level, i.e. binding payment to your social networking account ala Payswarm

15:16:12 [danbri]

.. also eg yesterday talked w/ natioanl cancer institute re sharing medical records

15:16:26 [Zakim]

- +1.510.931.aadd

15:16:26 [danbri]

...also Verified vs self-asserted attributes

15:16:32 [danbri]

.. much socialweb stuff is just asserted by end users

15:16:55 [danbri]

... other scenarios (reputation systems, payment systems), ... some people / communities will look at these requirements and say 'no thanks'

15:17:22 [danbri]

... eg. equifax can issue 'bearer of assertion is > 21 years old' (but we'll reveal nothing else about them)

15:17:41 [danbri]

... a lot of probs around protecting children are around lack of verified 3rd party assertions of attributes

15:17:53 [danbri]

...also req: need to aggregate from multiple different providers

15:18:02 [danbri]

... for high volume / simple sites, this isn't a problem

15:18:16 [danbri]

... other use cases, you distinguish even from an ID provider and an attribute provider

15:18:24 [hhalpin]

attribute provider/identity provider an interesting distinction.

15:18:27 [danbri]

... you can not have to keep authenticating but can aggregate attribs [missed]

15:18:37 [danbri]

[slide 5 now on slideshare]

15:18:40 [danbri]

... linkability

15:19:04 [danbri]

... this makes perfect sense to some, but too much for others [see kim camerons laws of id ... re deployable systems]

15:19:19 [danbri]

... you can agree / disagree, but this is the landscape of [lack of ] consensus

15:19:37 [danbri]

"Some uses cases require high assurance and unlinkability (and sometimes even offline presentation of security tokens)."

15:20:17 [danbri]

submarine example; disconnected from 'net but need to auth things internally

15:20:24 [danbri]

... a lot of discussion lately re levels of protection

15:20:28 [danbri]

... converse of levels of assurance

15:20:38 [danbri]

... coudl we could to a world where use is a party to digitally signed contract

15:20:49 [danbri]

... it's released to relying party, but the rp is bound not to resell

15:21:08 [danbri]

... for that to be non-repudiable, need ... [missed detail, sorry]

15:21:12 [Zakim]

+ +1.510.931.aaee

15:21:18 [danbri]

... concern that lately too much emphasis on crypto

15:21:29 [danbri]

.. some control, but also more on accountability, in everyday life

15:21:35 [bblfish]

zakim aaee is bblfish

15:21:42 [bblfish]

zakim, aaee is bblfish

15:21:42 [Zakim]

+bblfish; got it

15:21:46 [danbri]

... so there are only prototypes of tech currently that can handle this

15:21:58 [danbri]

... again these are just examples of why this [consensus] is hard

15:22:06 [danbri]

...hard to build something universal, addressing all requirements

15:22:24 [danbri]

... ie. this talk might be considered something of an apology for lack of progress given the energy/effort

15:22:28 [hhalpin]

no apologies needed paul, there is clearly progress being made and the problem is hard!

15:22:31 [danbri]

... several community

15:22:37 [danbri]

Identity Commons (2005) http://idcommons.net

15:22:52 [AnitaD]

AnitaD has joined #swxg

15:23:02 [danbri]

... distinguishing open / user centric id folk from enterprise / proprietary world (of which i know little)

15:23:09 [danbri]

IIW is the (intense, 3 day) hub of this world

15:23:17 [danbri]

... OpenID Foundation (2007) http://openid.net

15:23:25 [Zakim]

+ +049172247aaff

15:23:33 [danbri]

[ is http://community.livejournal.com/lj_dev/683939.html the 1st openid spec btw?]

15:23:43 [danbri]

... internal competition within openid now

15:23:52 [danbri]

... different groups, perceive problem sets differently

15:24:13 [danbri]

...Qs: what is the openid foundation? a broad church or an advocacy org for one particiular protocol?

15:24:24 [danbri]

dataportability? DataPortability.org (2007)

15:24:29 [danbri]

... struck a nerve re user control

15:24:34 [danbri]

Information Card Foundation (2008) http://informationcard.net

15:24:46 [danbri]

... began around ms cardspace and oasis IMI, ...

15:24:57 [danbri]

..."Next generation: Integrated with the browser. Consistent UX across protocols including: un/pw, OpenID (to reduce phishing), IMI (legacy), and OpenID V.Next, client side certs (perhaps)?"

15:25:02 [danbri]

...that foundation also at a crossroads

15:25:08 [danbri]

... is more emphasising active clients

15:25:31 [danbri]

... found some issues w/ active clients

15:25:41 [danbri]

esp requiring a download, and insisting on a single unifying protocol

15:25:51 [danbri]

... soul-searching and next gen work

15:25:56 [danbri]

... moving beyond single protocol

15:25:59 [danbri]

makign it 'better with'

15:26:15 [danbri]

"Kantara (2009) - http://kantarainitiative.org

15:26:19 [danbri]

... kinda interesting

15:26:31 [danbri]

... analysis coupleyears ago, interviewed rigorously many from ID scene

15:26:33 [danbri]

... under NDA

15:26:42 [danbri]

... to make a new org

15:26:53 [danbri]

... they [we] concluded that we have moved into a cross-protocol era

15:27:02 [danbri]

... needed a pulling together of a number of these disperate communities

15:27:10 [danbri]

... was then the old liberty alliance, saml work

15:27:19 [danbri]

... which was a response to hailstorm/passport

15:27:26 [danbri]

... also openid appeared

15:27:31 [danbri]

... 3 tech groups appeared

15:27:37 [danbri]

... to some extent it's an unrealised objective

15:27:41 [danbri]

... strategically it's right

15:27:57 [danbri]

q+ to ask how messy patent situation is (what is feasible royalty-free?)

15:28:18 [danbri]

... Kantara replaced liberty alliance

15:28:27 [danbri]

... and working on some crosscutting stuff

15:28:42 [danbri]

( also new ones this year )

15:29:03 [danbri]

a joint board, infocard and openid(?)

15:29:09 [hhalpin]

q+ to ask about browser integration and w3c

15:29:11 [danbri]

... discussion of what's missing, usability vs specs

15:29:30 [danbri]

... role of biz agreements that allocate liability

15:29:34 [danbri]

... joint sales efforts

15:29:53 [danbri]

... obama team wanted to open govt up and use commercial ids from industry

15:29:58 [danbri]

... catalytic effect

15:30:13 [danbri]

...govt said we like openid, but want also stronger assurances, info card stuff, ... but hey we're just a customer,...

15:30:25 [danbri]

... big enough that got attention of those 2 foundations, who self-organized and stopped quibbling

15:30:30 [danbri]

... in some way stopped competing a bit

15:31:04 [danbri]

... united front to the federal govt, and said 'whichever, we see the fed govt won't enter into commercial relationships w/ for example paypal, yahoo, google, whoever... unless there are certifiable properties, privacy characteristics, audits, ...

15:31:08 [danbri]

... understand liability, ...

15:31:18 [danbri]

... caused spontaneous creation of the Open Identity Exchange

15:31:21 [danbri]

(OIX?)

15:31:29 [danbri]

... so they joined forces to form that

15:31:44 [hhalpin]

ack danbri

15:31:44 [Zakim]

danbri, you wanted to ask how messy patent situation is (what is feasible royalty-free?)

15:32:08 [danbri]

q+ to ask how messy patent situation is (what is feasible royalty-free?)

15:32:12 [danbri]

(patent talk later)

15:32:17 [hhalpin]

q+ danbri

15:32:30 [danbri]

kantara and others ... corporate sponsors, + leadership council

15:32:32 [danbri]

(i missed some detail)

15:32:48 [hhalpin]

likes the community members and corporate sponsor model, maybe that could work for the w3c

15:32:50 [danbri]

oidf and icf ,... same governance model, blender board, 1 member one vote, community members outweigh

15:33:06 [danbri]

... re participartion, indivs and companies can join, but $100 for an indiv, in some cases $25

15:33:18 [danbri]

... in terms of how openly they operate, that could be debated

15:33:23 [danbri]

.. theoretically, all open to all

15:33:41 [danbri]

... but strong interpersonal relationships and personalities are in many cases the driver of what happens than the formal structures

15:33:46 [danbri]

... has to be seen to be believed

15:33:55 [danbri]

... this is not something like w3c or oasis

15:34:07 [danbri]

... kantara is most formal/structure, icf more, openid foundation

15:34:28 [danbri]

they all have public archived mailing lists

15:34:34 [danbri]

all 3 have private board lists

15:34:44 [danbri]

vast majority of everything is public

15:35:03 [danbri]

last one, Xauth, is interesting ---

15:35:14 [danbri]

--- it's a way to personalise the login situation

15:35:28 [danbri]

... if oyu only have an unmodified browser, you show up with a fresh browser it can't be customised

15:35:36 [danbri]

(forgetting the CSS History hack :)

15:35:50 [danbri]

... school of thought that says 'browsers don't know who you are ...

15:35:59 [danbri]

... nor who your preferred attribute/identity providers are

15:36:08 [danbri]

... hence the 'nascar problem', long list of logos

15:36:13 [danbri]

... so a tyranny of the mega-brands

15:36:22 [danbri]

... so relying parties put facebook/google/yahoo at the top

15:36:32 [danbri]

... which has a somewhat perverse effect

15:36:50 [danbri]

... xauth says with html5 and some tricks, we can hack a way for the relying party to learn what someone's prefs are

15:36:55 [danbri]

... shorter list

15:37:17 [danbri]

... these are ways to work around an architectural problem

15:37:25 [danbri]

... which is that browsers don't know who you are

15:37:38 [danbri]

..slide 7 http://www.slideshare.net/ptrevithick/swxg-201069

15:37:46 [danbri]

... openid 2.0 (legacy openid)

15:37:51 [danbri]

50k sites and growing, relying parties

15:37:56 [danbri]

... q is where we go from here

15:38:02 [danbri]

openid has a number of problems

15:38:08 [danbri]

3 key

15:38:31 [danbri]

1 - OpenID-AB [Attribute Binding] - http://bitbucket.org/openid/ab/wiki/Home

15:38:35 [danbri]

Proposed by Nat Sakamura and others in early 2009

15:38:40 [danbri]

... has not had much attention yet

15:38:49 [danbri]

2 - OpenID V.Next

15:39:02 [danbri]

(discussed last fall and this spring at IIW)

15:39:08 [danbri]

v.Next codename for whatever appens

15:39:28 [danbri]

in May, OpenID Connect proposal from David Recordon (and social Web friends)

15:39:32 [danbri]

all these 3 are breaking changes

15:39:39 [danbri]

not backwards compatible

15:39:48 [danbri]

... I don't yet see how this is going to get resolved

15:39:59 [danbri]

... openid connect is 'get a spec out there ... let's just do it!'

15:40:04 [danbri]

... caught some ppl by suprise

15:40:12 [danbri]

... openid community is trying to figure out a way fwd thru all this

15:40:22 [danbri]

... I hope the earlier slides set some context for this

15:40:33 [danbri]

... and difficulty in agreeing even common requirements

15:40:36 [danbri]

Slide 9 -

15:40:40 [danbri]

personal opinion -

15:40:45 [danbri]

... we can't stop creation of new protocols

15:40:49 [danbri]

... open, etc

15:40:55 [danbri]

... what happens a lot is much reinvention

15:41:03 [danbri]

... come up with stuff, don't see what came before

15:41:16 [danbri]

... do something quick/dirty that solves some problems now

15:41:20 [danbri]

...then start making it more robust

15:41:30 [danbri]

... realise it isn't 80% solution, but 45%, ...

15:41:33 [danbri]

... then someone new jumps in

15:41:40 [danbri]

... natural cycle of reinvention

15:41:53 [danbri]

... yesterday/last-night investigating webid [ie. foaf+ssl]

15:41:59 [bblfish]

I'd say WebId being based on the semweb, in one protocol that can then bind all of them together.... One can bind in OpenId for example. (not sure about the others)

15:42:02 [danbri]

... looks like it would solve some fraction of use cases, has nice characteristics

15:42:08 [danbri]

.... but partial solution

15:42:23 [danbri]

... not clear how much things will converge

15:42:40 [danbri]

... or how much analogy with email, where Internet email eventually dominated

15:43:16 [danbri]

... i note that whenever we build something new that gets used, ... it is out there and not going away

15:43:27 [danbri]

... and that username + password could easily stay dominant for 10+ more years

15:43:33 [danbri]

... we have learned things

15:43:36 [danbri]

... users don't care

15:43:42 [danbri]

... they want something that makes sense to them

15:43:46 [danbri]

... ux is the key to them

15:44:18 [danbri]

... if you go to an RP and say 'this is great tech, saml no infocard no openid no ...." the RP will say "well, we have to support at least username/ password .. and i'll have to link the accounts ...

15:44:26 [bblfish]

(note on above there is work integrating WebID with SAML in Machester, with SOAP in University of Southampton...)

15:44:26 [danbri]

... so the RPs live in a necessarily multi-protocol world

15:44:34 [danbri]

but our communities don't organize in those terms

15:44:40 [danbri]

... eg create a common apache module

15:44:46 [danbri]

... this is a structural problem

15:44:51 [danbri]

[ very interesting! --danbri ]

15:45:06 [danbri]

... communities eventually say 'oh we have overlap, need to blend things ... '

15:45:21 [tlr]

tlr has joined #swxg

15:45:21 [danbri]

... attempts to say 'here is an active client, eg. ms cardspace '. ... it just didn't work

15:45:36 [danbri]

... to use the solution, you needed 'this thing', the right version with your OS, download it if needed, need to be on windows, etc etc

15:45:46 [danbri]

... so the idea that active clients needed for system to work ... a nonstarterr

15:46:08 [danbri]

... always this locked down enterprise computer, library kiosk, ... person can't install plugin, upgrade a pc, etc ...

15:46:18 [danbri]

... so lately active client ppl have a 'better with' approach

15:46:32 [hhalpin]

q?

15:46:47 [danbri]

... ie. it works normally but is 'better with' the addon (whether an ng-browser, or addon)

15:47:10 [danbri]

... ppl look at 'open identity community' and they see a swirling churning mess of people putting down each other's stuff, partial penetration, etc

15:47:19 [danbri]

... and they say 'ok, let's wait for this catfight to calm down'

15:47:38 [danbri]

... status quo, is do nothing, use a proprietary thing, if username/password don't do it

15:47:50 [danbri]

... with 1 exception: facebook connect, picking up a lot of use across Web

15:47:57 [danbri]

... they have an id tech plus attributes

15:48:18 [danbri]

... last pt: the identity community, with all these nonprofits, is not structurally in a good place to solve needs of the marketplace

15:48:27 [danbri]

... couple of specific points re socialweb

15:48:33 [danbri]

... identifiers and user experience

15:48:36 [danbri]

... my perception

15:48:43 [danbri]

... in beginning, was 'type in your openid URI'

15:48:53 [danbri]

... rough consensus: not working

15:48:59 [danbri]

... they understand it only as for pages/info

15:49:02 [danbri]

... doesn't work on ppl

15:49:07 [danbri]

... they understand email addresses

15:49:12 [dsearls2]

dsearls2 has joined #SWXG

15:49:13 [danbri]

... so openid said 'click on a button'

15:49:21 [danbri]

.... but measured results were higher conversion rates

15:49:29 [dsearls2]

Hey Dan, all. It's Doc.

15:49:32 [danbri]

... with benefit to those at top of list

15:49:42 [danbri]

rrsagent, pointer?

15:49:42 [RRSAgent]

See http://www.w3.org/2010/06/09-swxg-irc#T15-49-42

15:49:52 [danbri]

see link for logs, doc

15:49:58 [dsearls2]

ok

15:49:59 [danbri]

paul: 'people get that, re use of email

15:50:12 [danbri]

.... end-user re-education is a huge issue

15:50:25 [danbri]

... and now with xauth we can personalise the nascar icon list to something more manageable

15:50:30 [danbri]

... best we can do short of active client

15:50:32 [danbri]

... slide 12:

15:50:42 [oshani]

dsearls2, here's the slides: http://www.slideshare.net/ptrevithick/swxg-201069

15:50:44 [danbri]

attribute schemes

15:50:51 [danbri]

... there are so many of these things, so much overlap, ...

15:50:57 [Zakim]

-bblfish

15:51:12 [danbri]

... if you start taking view from biz point of view, that relying party is key ,... you want that to be easy as possible

15:51:20 [danbri]

too many schemas makes RP's life hard

15:51:38 [hhalpin]

q?

15:51:45 [hhalpin]

ack danbri

15:51:45 [Zakim]

danbri, you wanted to ask how messy patent situation is (what is feasible royalty-free?) and to

15:51:47 [danbri]

[other deck]

15:51:53 [danbri]

can you scribe harry?

15:51:58 [rreck]

thanks for your presentation, it was very informative

15:52:20 [hhalpin]

scribenick: hhalpin

15:52:29 [hhalpin]

danbri: any patents in identity scene?

15:52:32 [Zakim]

+bblfish

15:52:34 [hhalpin]

... any idea how messy situation is?

15:52:48 [hhalpin]

paul: it doesnt get talked about that much

15:52:56 [hhalpin]

... varies by organization depending on struture

15:53:05 [bblfish_]

bblfish_ has joined #swxg

15:53:08 [hhalpin]

... we try in ICF and Kantara to have IPR rules

15:53:19 [danbri]

(w3c history - eg see http://www.w3.org/TR/P3P-analysis )

15:53:19 [hhalpin]

... we can tell that things happen just willy nilly

15:53:47 [hhalpin]

... not developed in a structure and not necessarily ideal

15:53:49 [tlr]

q+ to ask whether Paul sees any chance for the identity work to move into less willy-nilly space, eventually

15:53:51 [hhalpin]

... pretty confusing to me

15:54:10 [hhalpin]

... hard to know whats lurking out there, esp. with OpenID

15:54:18 [hhalpin]

danbri: if we wanted to get something in all the browsers

15:54:25 [hhalpin]

... could we get those vendors to commit to RF-status?

15:54:34 [hhalpin]

paul: I work in this Eclipse Higgins project

15:54:46 [hhalpin]

... so our patent reviews are pretty good

15:54:57 [hhalpin]

... an explicit license is being given to contribution

15:55:21 [hhalpin]

danbri: relevant specification, go back to paper trail to see how the W3C developed its patent policy

15:55:29 [hhalpin]

paul: not sure re specs

15:55:36 [hhalpin]

scribenick: danbri

15:55:53 [bblfish_]

q?

15:55:55 [melvster]

paul: awesome job

15:55:57 [bblfish_]

?q

15:56:02 [tlr]

q+ bblfish_

15:56:07 [bblfish_]

heh

15:56:08 [hhalpin]

ack tlr

15:56:08 [Zakim]

tlr, you wanted to ask whether Paul sees any chance for the identity work to move into less willy-nilly space, eventually

15:56:20 [danbri]

tlr: thx for the talk, paul

15:56:30 [danbri]

... in your answer to danbri's impossible q, you sounded mildly frustrated

15:56:36 [danbri]

... re work happening in a 'willy nilly' way

15:56:45 [danbri]

... see any chance for that to fix itself over time?

15:57:07 [danbri]

paul: for full disclosure, ... there is a project 'bingo' towards consolidating a number of these efforts, back into a more structured but broad church

15:57:19 [danbri]

...where the church is about consistent messaging/marketing/ipr, not tech

15:57:39 [danbri]

... my personal bias is that we would do better to come up with a broad base consolidating a number of these

15:57:45 [dsearls2]

Think big tent instead of church.

15:58:02 [danbri]

... but saying that i can hear friends of mine like dave recordon, chris messina, saying 'we can just hack it...'

15:58:11 [danbri]

... but when the recession came, they took jobs at big companies

15:58:25 [danbri]

... so now when they say it you have to consider the source, they work for google, yahoo, facebook etc

15:58:38 [bblfish_]

Hey, I am unemployed now!

15:58:40 [dsearls2]

Dave works for a different big co every year.

15:58:43 [bblfish_]

so you can trust me :-)

15:58:50 [danbri]

... you always have to figure out what's personal view, and what [ not wanting to say something unfair here ] ... looking at openid connect, ...

15:59:22 [danbri]

... could be perceived as a retrospective stdisation of fb connect

15:59:25 [hhalpin]

theres also Google FriendConnect

15:59:28 [hhalpin]

i.e. FriendSense :)

16:00:07 [danbri]

... some aren't so concerned for the crypto

16:00:13 [danbri]

... and oauth hardcodes rather a lot

16:00:21 [danbri]

... so i'm somewhat at a loss to predict what'll happen

16:00:36 [danbri]

q?

16:00:41 [hhalpin]

ack hhalpin

16:00:42 [Zakim]

hhalpin, you wanted to ask about browser integration and w3c

16:00:48 [danbri]

q+ to ask about communications with the 'browser makers'

16:01:00 [danbri]

harry: a lot of discussion talking more now about browser-based integration

16:01:16 [danbri]

... w3c has some work there w/ html5, ... and w/ big browser makers

16:01:40 [danbri]

... discussion before re w3c involvement has focussed on its membership model which can be seen as exclusive

16:01:56 [danbri]

... do you think w3c could have a role w/ one or more foundations, to see if some mature tech here could go into new browsers?

16:02:14 [danbri]

... possibility of stdisation (at format level? more w3c's thing than protocols which go better at ietf)

16:02:29 [danbri]

... if so, what to do about the number of these foundations?

16:02:41 [rreck]

got to go, thanks again

16:02:50 [danbri]

... trying to appreciate thigns on a tech level, and figure out what kind of a role might make sense for us

16:02:56 [danbri]

... eg. browser aspect, html5 etc happening

16:03:00 [danbri]

paul: I think now is a great time

16:03:02 [Zakim]

-rreck

16:03:07 [danbri]

... things are at a crossroads in most of the foundations

16:03:20 [danbri]

... kantara, oidf, ... [missed last acronym]

16:03:39 [danbri]

... dan based on your comments last week, i've mentioned to others there might be a new actor [=w3c] to consider

16:03:51 [dsearls2]

ICF... Information Card Foundation

16:04:09 [danbri]

... there is sort of this feeling that, from the californian web kids' perspective, ... that w3c isn't relevant but browser folk are, ... if you get mozilla to build this stuff in, that's the way to go

16:04:18 [danbri]

... and html5 is a part of the equation

16:04:30 [danbri]

... more discussion about getting this into browsers [ie, firefox, chrome] than html5

16:04:38 [danbri]

... but that's not to say there's nothing discussed there

16:04:48 [hhalpin]

also notes two years ago I was talking about OpenID with Hixie at TPAC :)

16:04:51 [danbri]

... 2 years ago, w/ david recordon, relying party metadata stuff should be in html5

16:05:00 [danbri]

(thx dsearls2)

16:05:03 [hhalpin]

q+ to ask about ostatus

16:05:20 [danbri]

... my personal belief, that w3c thru html5 angle, a great place to advance this idea of active clients, ID in the browser, ...

16:05:30 [danbri]

... has in past been a lot of outreach from w3c on these things

16:05:44 [danbri]

... in past, ID folks also tended to talk amongst themselves, but not have strong links to browser world

16:06:01 [danbri]

... speaking for info card foundation, definitely interested

16:06:05 [tlr]

paul, I'd be happy to help with that sort of discussion from the W3C side

16:06:10 [danbri]

... and kantara, new chair...

16:06:18 [danbri]

(tlr, can you put that in audio, don't know if paul reading irc)

16:06:27 [tlr]

happy to

16:06:30 [danbri]

paul: some will be wary of even more institutionalisation

16:06:44 [danbri]

... there are threads, eg. 'if the openid foundation doesn't do it, we'll just do it'

16:06:57 [danbri]

q+ to note re oauth

16:07:09 [hhalpin]

q?

16:08:00 [danbri]

tlr, these days we are shying away from joint work with the ietf ...

16:08:08 [danbri]

... in sense of a group being simultatnously belong to both

16:08:21 [danbri]

... however we are doing much more heavily coordinated work with them, and it is going pretty well

16:08:27 [hhalpin]

The IETF does make sense for OpenID connect, unless OpenID Connect feels like its need browser integration or the W3C RF Patent Policy

16:08:32 [danbri]

... re paul / infocard, ... i'd behappy to help from w3c side

16:08:39 [danbri]

... can take it to email and see where it goes

16:08:40 [hhalpin]

q?

16:08:47 [hhalpin]

ack bblfish_

16:08:50 [danbri]

q-

16:09:03 [danbri]

bblfish: thx for mentioning webid ...

16:09:20 [danbri]

... there has been work on linking that with SAML (from manchester), with [missed, SOAP??] from S/hampton

16:09:43 [Zakim]

-oshani

16:09:44 [danbri]

... because semweb is an abstraction of all syntaxes that it is a perfect foundation for integrating all these different pieces; you can map anything into the sw

16:09:50 [danbri]

[any format at least? -- dan]

16:10:05 [tlr]

q+ to ask bblfish whether the "linking" is really about the semweb part, or is similar to the flow diagrams that we've seen at RSA 2008

16:10:07 [danbri]

... so you can see semweb as a glue for all these pieces.

16:10:21 [danbri]

tlr, url for diagrams?

16:10:38 [danbri]

paul: I understand, and happen to think semweb and linked data have a bigger role to play in future in identity ...

16:11:00 [hhalpin]

q?

16:11:12 [hhalpin]

ack hhalpin

16:11:12 [Zakim]

hhalpin, you wanted to ask about ostatus

16:11:29 [tlr]

q0

16:11:30 [tlr]

q-

16:12:14 [danbri]

hhalpin [asks about ostatus]

16:13:03 [danbri]

paul: it absolutely is related

16:13:05 [hhalpin]

ostatus framework hooking up to OpenID/WebID/etc.?

16:13:10 [danbri]

...these 2 worlds have to come together in a coherent way

16:13:16 [danbri]

... ostatus stuff has to come together in a coherent way

16:13:23 [danbri]

.....with the identity world

16:13:39 [danbri]

... some admirable things happening via 'small pieces loosly joined'

16:13:45 [danbri]

... ostatus is a great example of that

16:14:04 [danbri]

... but if we step back and say 'lets look at it from ux perspective' [as we're doing in new kantara group]

16:14:21 [danbri]

... moving beyond simple login, ... it is about sharing, things like ostatus, ... how do you make this understandable, coherent, simple?

16:14:42 [danbri]

.. what i've found, the need to knit things together becomes self-evident, and the gaps in the available technologies become clearer

16:14:42 [hhalpin]

q?

16:14:50 [danbri]

lately am trying to be ux first, tech 2nd

16:15:05 [hhalpin]

linked data has a fairly hostile user experience :)

16:15:07 [danbri]

... so there i think we need to think about ostatus, and about updates to linked data too

16:15:52 [danbri]

paul: good to be here forming some bridges

16:16:35 [danbri]

paul: diplomacy and tact may be undervalued in some community, but it's the only way we'll make progress in the bigger picture

16:16:42 [Zakim]

- +049172247aaff

16:16:49 [tlr]

Thanks, again, Paul for joining!

16:17:05 [danbri]

+1, thanks Paul :)

16:17:13 [paul]

My pleasure

16:17:19 [danbri]

rrsagent, please finish the minutes for me

16:17:19 [RRSAgent]

I'm logging. I don't understand 'please finish the minutes for me', danbri. Try /msg RRSAgent help

16:17:31 [melvster]

thanks paul, awesome call

16:17:34 [Zakim]

-Thomas

16:17:34 [hhalpin]

rrsagent, draft minutes

16:17:34 [RRSAgent]

I have made the request to generate http://www.w3.org/2010/06/09-swxg-minutes.html hhalpin

16:17:36 [bblfish_]

thanks, very much

16:17:42 [bblfish_]

great talk

16:17:44 [hhalpin]

trackbot, end meeting

16:17:44 [trackbot]

Zakim, list attendees

16:17:44 [Zakim]

As of this point the attendees have been MacTed, Thomas, +1.781.416.aaaa, +1.218.296.aabb, paul, rreck, hhalpin, danbri, oshani, +1.510.931.aadd, melvster, +1.510.931.aaee,

16:17:45 [paul]

Thank you all. I look forward to continuing

16:17:45 [trackbot]

RRSAgent, please draft minutes

16:17:45 [RRSAgent]

I have made the request to generate http://www.w3.org/2010/06/09-swxg-minutes.html trackbot

16:17:46 [trackbot]

RRSAgent, bye

16:17:46 [RRSAgent]

I see no action items

16:17:47 [Zakim]

... bblfish, +049172247aaff