Skip to Content.
Sympa Menu

oidc-survey - RE: Quick notes from today's OIDC Survey meeting

Subject: OIDC Survey Working Group

List archive

RE: Quick notes from today's OIDC Survey meeting


Chronological Thread 
  • From: Eric Goodman <>
  • To: "" <>
  • Subject: RE: Quick notes from today's OIDC Survey meeting
  • Date: Fri, 30 Sep 2016 17:12:33 +0000
  • Accept-language: en-US
  • Authentication-results: spf=none (sender IP is ) ;
  • Ironport-phdr: 9a23:myEw6BEoTSFGsB8AKyHxEZ1GYnF86YWxBRYc798ds5kLTJ76rsqwAkXT6L1XgUPTWs2DsrQf1LqQ7vurADFIyK3CmU5BWaQEbwUCh8QSkl5oK+++Imq/EsTXaTcnFt9JTl5v8iLzG0FUHMHjew+a+SXqvnZBUin4YEByJ+j+X5XPldq6xsiz/ZbUZgBPgny6e7w4ZEGxrAna89ILm5VvO44wzBDOp35PfaJR32w+dnyJmBOpy92x99ZM9CNcvvsnv5ptS6TxOYs/SrBdBTIOLmsy/IvmuQSVHljH3WcVTmhDykkAOAPC9hyvBpo=
  • Spamdiagnosticmetadata: NSPM
  • Spamdiagnosticoutput: 1:99

(only sending to the actual list)

 

Sorry, I had a work meeting and missed the meeting. A couple of random comments in response to the meeting notes:

 

1)      The Highlights don’t mention support for federation (in the sense of trust roots and that sort of thing). Probably worth including something along those lines.

·         See Roland’s info on metadata and trust models, etc. for potential approaches. But for the survey I think the question is whether this is something to be addressed

2)      Perhaps questions about the importance of supporting just OIDC vs. supporting OIDC and other protocols.

·         I think this is relevant because the notes say:

                                                               i.      Developers want: [plugins for] NodeJS and other runtime environments, not Apache or other web servers.

                                                             ii.      Scott C. made this point in many sessions on OIDC, but having a library implies single protocol and single model approaches. While developers may prefer to have libraries installed, doing this at the library level (rather than at the REMOTE_USER kind of level) means that all logic for authentication, signaling, federation, etc. has to be handled within an application.

 

I increasingly believe that the increasing use of proxies is indicative of the difficulty of putting the necessary trust and messaging framework into applications. shibd and most (I think it’s fair to say “most”) other commercial SAML implementations basically act as proxies for this reason. Maybe beyond the scope of this survey, but I’m wondering if the AAF approach presented is a good model: standardize the communication between the proxy and the application and put support for that layer of communication in the various application libraries, but still leave the protocol handling outside of the application.

 

I’ll stop there because I think I’m opining beyond the scope of what a survey should be looking at. For direct relevance to the survey I think the raw questions (#1 and #2) are what I’ve thought of that I didn’t see directly referenced.

 

--- Eric

 

From: [mailto:] On Behalf Of David Walker
Sent: Monday, September 26, 2016 2:31 PM
To: ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ;
Subject: Quick notes from today's OIDC Survey meeting

 

Everyone,

I've posted some quick notes from today's lunch meeting on our wiki space (https://spaces.internet2.edu/x/5wYZBg).  Please fix my mistakes and omissions.

I've also added instructions for subscribing to our mailing list on the wiki. ("To subscribe this list, email with the subject line subscribe oidc-survey.") Please do so soon, as I make no promises to continue to send to all of you individually in the future...

David


Archive powered by MHonArc 2.6.19.

Top of Page