15:05:50 <RRSAgent> RRSAgent has joined #webid
15:05:50 <RRSAgent> logging to http://www.w3.org/2011/08/01-webid-irc
15:05:52 <trackbot> RRSAgent, make logs world
15:05:52 <Zakim> Zakim has joined #webid
15:05:54 <trackbot> Zakim, this will be WEBID
15:05:54 <Zakim> ok, trackbot, I see INC_WEBID(WEBID)11:00AM already started
15:05:55 <trackbot> Meeting: WebID Incubator Group Teleconference
15:05:55 <trackbot> Date: 01 August 2011
15:06:04 <bblfish> RRSAgent, draft minute
15:06:04 <RRSAgent> I'm logging. I don't understand 'draft minute', bblfish.  Try /msg RRSAgent help
15:06:15 <bblfish> RRSAgent, make logs public
15:06:37 <Zakim> +OpenLink_Software
15:06:43 <MacTed> Zakim, OpenLink_Software is temporarily me
15:06:44 <Zakim> +MacTed; got it
15:06:49 <jeffsayre> Who's on the phone
15:06:57 <MacTed> RRSAgent, draft minutes
15:06:57 <RRSAgent> I have made the request to generate http://www.w3.org/2011/08/01-webid-minutes.html MacTed
15:07:05 <jeffsayre> Zakim, who's on the phone?
15:07:05 <Zakim> On the phone I see +1.619.255.aaaa, ??P3, +1.650.450.aabb, MacTed
15:07:07 <gaedke> gaedke has joined #webid
15:07:11 <MacTed> RRSAgent, make minutes public
15:07:11 <RRSAgent> I'm logging. I don't understand 'make minutes public', MacTed.  Try /msg RRSAgent help
15:07:15 <Zakim> +??P16
15:07:16 <MacTed> RRSAgent, make logs public
15:07:24 <bergi> Zakim, P16 is me
15:07:24 <Zakim> sorry, bergi, I do not recognize a party named 'P16'
15:07:27 <MacTed> Zakim, mute me
15:07:27 <Zakim> MacTed should now be muted
15:07:34 <bergi> Zakim, +??P16 is me
15:07:34 <Zakim> sorry, bergi, I do not recognize a party named '+??P16'
15:07:43 <jeffsayre> zakim, +1.650.450.aabb is jeffsayre
15:07:43 <Zakim> +jeffsayre; got it
15:07:44 <bblfish> is there a URL web service URL for the irc channel?
15:07:46 <MacTed> Zakim. ??p16 is bergi
15:07:57 <MacTed> Zakim, ??p16 is bergi
15:07:58 <Zakim> +bergi; got it
15:08:48 <MacTed> bblfish - by web service URL, do you mean a public web-served IRC client?
15:08:57 <MacTed> Zakim, who's here?
15:08:57 <Zakim> On the phone I see +1.619.255.aaaa, ??P3, jeffsayre, MacTed (muted), bergi
15:09:01 <bblfish> yes MacTed
15:09:27 <bblfish> if so could you please add a link from the wiki and post me the link to the wiki here
15:09:33 <bblfish> so I can give this to our guest speaker
15:10:33 <MacTed> this may work -- http://lists.w3.org/Archives/Public/public-semweb-lifesci/2008Aug/0038.html
15:10:57 <MacTed> (that page has details specific to a different group, but points out mibbit)
15:11:10 <Francisco> Francisco has joined #WebID
15:11:36 <Zakim> +??P20
15:12:11 <bblfish> zaim, agenda?
15:12:19 <bblfish> zakim, adenda?
15:12:19 <Zakim> I don't understand your question, bblfish.
15:12:20 <gaedke> zakim, ??P20 is me
15:12:20 <Zakim> +gaedke; got it
15:12:30 <gaedke> zakim, mute me
15:12:30 <Zakim> gaedke should now be muted
15:12:40 <Francisco> Web site of NSTIC: http://www.nist.gov/nstic/
15:12:40 <bblfish> zakim, agenda?
15:12:40 <Zakim> I see nothing on the agenda
15:12:44 <MacTed> Zakim, who's here?
15:12:44 <Zakim> On the phone I see +1.619.255.aaaa, ??P3, jeffsayre, MacTed (muted), bergi, gaedke (muted)
15:13:37 <bblfish> agenda +"accept minutes of previous two meetings http://www.w3.org/2011/07/18-webid-minutes.html http://www.w3.org/2011/07/25-webid-minutes.html"
15:13:42 <bblfish> agendum next
15:13:47 <bblfish> next agendum
15:15:55 <bblfish> +!
15:15:58 <bblfish> +!
15:16:00 <bblfish> +1
15:16:07 <jeffsayre> +1
15:16:08 <bergi> +1
15:16:26 <MacTed> +1
15:16:57 <bblfish> agenda +"alk with  Corella Francisco on his work at NSTIC 
15:16:58 <bblfish>  "National Strategy for Trusted Identities in Cyberspace"
15:16:59 <bblfish>  and "Proposed NSTIC Architecture"
15:16:59 <bblfish>   http://pomcor.com/whitepapers/ProposedNSTICArchitecture.pdf"
15:17:11 <bblfish> RESOLVED: Minutes approved
15:17:17 <bblfish> next agendum
15:18:48 <bblfish> pomcor is small research institution in San Diego (2 people)
15:18:56 <bblfish> Nascar was started in April 15th
15:19:06 <bblfish> RESOLVED: Minutes approved
15:19:15 <bblfish> zakim, pick a scribe
15:19:15 <Zakim> Not knowing who is chairing or who scribed recently, I propose gaedke (muted)
15:19:55 <bblfish> NSTIC started in April 20th is open to many people and was only $20 to participate
15:20:07 <bblfish> is trying to solve the password problem
15:20:34 <bblfish> next meeting is in September probable be September 19 in bay area
15:21:06 <bblfish> 300 people at first meeting, 150 at MIT next meeting
15:22:56 <bblfish> francisco likes the emphasis on privacy at NSTIC
15:23:17 <bblfish> one should not be able to track the user
15:23:35 <bblfish> 3 requirements of NSTIC
15:23:49 <bblfish> - should not be able to track the user form one session to the next
15:24:17 <bblfish> - should not be able to exchange information between Relying Party
15:24:31 <bblfish>    (UProof Microsoft, IBM Idemix)
15:25:20 <bblfish> - different use cases of authentication require different types of trust. Many use cases require multiple credentials and multiple elves of trust
15:25:35 <bblfish> eg: going to buy wine at a wine merchants
15:25:54 <bblfish>   needs 2 credentials: 
15:26:13 <bblfish>   - requires proof of age, without revealing date of brith
15:28:09 <bblfish>  - credit card certificate (not sure what info is in the cert)
15:28:23 <bblfish> Other situation:
15:28:30 <bblfish>  - your bank needs you id
15:28:36 <bblfish>  - your social security number
15:28:58 <bblfish>  (this is the bank scenario from the architecture)
15:30:00 <bblfish> There is also a part of the paper consider for session
15:30:31 <bblfish> and how one could use a public key there
15:30:52 <bblfish> The notion of a login certificate
15:31:59 <bblfish> so the notion of a personal data site 
15:32:28 <bblfish> which would allow you to not have to re-enter the information in every site you log in
15:34:09 <bblfish> How much change to the browser is needed for this to be enabled?
15:34:17 <bblfish> Ie: what are the mechanisms
15:34:55 <Zakim> -??P3
15:35:11 <bblfish> oops lost contact
15:36:11 <Zakim> +??P3
15:36:25 <bblfish> zakim ??P3 is me
15:36:29 <bblfish> zakim, ??P3 is me
15:36:29 <Zakim> +bblfish; got it
15:36:32 <bblfish> I am back
15:39:48 <gaedke> yes
15:39:55 <gaedke> zakim, unmute me
15:39:55 <Zakim> gaedke should no longer be muted
15:40:13 <gaedke> zakim, mute me
15:40:13 <Zakim> gaedke should now be muted
15:41:17 <gaedke> discussion on idea: From the login button to cgi to tls connection
15:42:03 <gaedke> problem when does connection start
15:42:07 <bergi> q+
15:43:35 <gaedke> server has to ask client for tls connection (part of the handshake)
15:44:05 <gaedke> question to address - can we do this at any time or without changing the state of the art
15:44:48 <gaedke> one way could be breaking session on the server side (bblfish is working this)
15:46:57 <gaedke> another approach (as we are currently working on) would to take the power of the semantic web / FOAF - but this comes with privacy issues
15:47:30 <gaedke> interesting scenario: setting up a site for collaboration
15:48:22 <gaedke> requires to set all roles in the early beginning (has also privacy implications)
15:48:35 <gaedke> Topic: Trustmarks
15:50:32 <gaedke> US citizen trust in US banks, French trust in in their banks etc. - for most banks this might be ok on a global scale, but not for all. 
15:50:55 <gaedke> Scenario: Different groups trust different authorities
15:51:49 <gaedke> Question: Relying party takes social graph into account
15:53:44 <gaedke> So, authorities could define groups whom to trust (or whom they rate as trustworthy), just by setting up groups of URIs to these trusted parties
15:54:12 <bblfish> qiuestions?
15:56:19 <gaedke> Privacy is a main concern at the US approach. BUT Paper says if you have three attributes of someone - you can identify that person. Reference required (can someone add this please)
15:56:39 <bblfish> some paper says that yes
15:56:43 <bblfish> M$
15:56:50 <bblfish> I have lost connection
15:56:55 <gaedke> So, is privacy an issue that is possible to address at all?
15:56:56 <bblfish> someone ask a question
15:57:10 <Zakim> -bblfish
15:57:33 <gaedke> zakim, unmute me
15:57:33 <Zakim> gaedke should no longer be muted
15:57:49 <Zakim> +??P3
15:58:25 <MacTed> Zakim, who's here?
15:58:25 <Zakim> On the phone I see +1.619.255.aaaa, jeffsayre, MacTed (muted), bergi, gaedke, ??P3
15:59:29 <gaedke> zakim, mute me
15:59:29 <Zakim> gaedke should now be muted
16:00:18 <gaedke> Question: how much privacy is possible - or is it just a topic to put on paper, but is not possible from the technological way
16:00:49 <gaedke> Approaches must be flexible for the different scenarios, including also different privacy aspects
16:02:10 <gaedke> scenario very close to privacy: Login. The login service does not need to know **where** you login 
16:05:06 <bblfish> have you seen http://www.azarask.in/blog/post/identity-in-the-browser-firefox/
16:05:13 <bergi> q+
16:06:16 <bblfish> bergi?
16:08:14 <gaedke> different approaches for cookie / certificate / session handling. need to have a user-friendly approach that makes clear what identity the user is using
16:08:47 <jeffsayre> I must run to another meeting
16:09:25 <Zakim> -jeffsayre
16:10:11 <gaedke> tracking is difficult problem - need to discuss this in more detail
16:12:39 <gaedke> another approach: A Web Server integrated in every browser. Than you could address the certificate/attributes with a global namespace/URI http://myserver.in.the.browser.example.org
16:14:42 <bblfish> 2 privacy enhanced protocol problems
16:14:56 <bblfish> UProof is trackable 
16:15:34 <bblfish> (says Francisco)
16:15:58 <gaedke> same token used in multiple parties 
16:15:59 <bblfish> Francisco: idemix has a different problem - it is not revocable by traditional means
16:16:40 <bblfish> more recent credentials … (lost connection)
16:16:48 <Zakim> -??P3
16:17:40 <bblfish> oops can't get back in
16:17:59 <MacTed> we're over time -- may have to end
16:18:14 <bblfish> please say thanks from me
16:18:19 <MacTed> Zakim, unmute me
16:18:19 <Zakim> MacTed should no longer be muted
16:18:21 <bblfish> looks like one can't join the conf call after time
16:18:53 <gaedke> zakim unmute me
16:18:59 <MacTed> RRSAgent, draft minutes
16:18:59 <RRSAgent> I have made the request to generate http://www.w3.org/2011/08/01-webid-minutes.html MacTed
16:19:04 <MacTed> trackbot, end meeting
16:19:04 <trackbot> Zakim, list attendees
16:19:04 <Zakim> As of this point the attendees have been +1.619.255.aaaa, MacTed, jeffsayre, bergi, gaedke, bblfish
16:19:05 <trackbot> RRSAgent, please draft minutes
16:19:05 <RRSAgent> I have made the request to generate http://www.w3.org/2011/08/01-webid-minutes.html trackbot
16:19:06 <trackbot> RRSAgent, bye
16:19:06 <RRSAgent> I see no action items