Skip to content

2024‐11‐12

Jump to bottom
Aaron Parecki edited this page Nov 13, 2024 · 2 revisions

November 12, 2024

Attendees

  • Aaron Parecki (Okta)
  • Jon Bartlett (Zscaler)
  • Sean Miller (RSA)
  • Kenn Chong (RSA)
  • Abhinav Lele (Shopify)
  • Tom Clancy (MITRE)
  • Dean H. Saxe (Beyond Identity)
  • Karl McGuinness (self)
  • Dros Adamson (Cisco)
  • Fletcher Heisler (Authentik Security)
  • George Fletcher (Capital One)
  • Mike Jones (Self-Issued Consulting)
  • Mike Kiser (SailPoint)
  • Wesley Dunnington (Ping Identity)
  • Filip Skokan (Okta)
  • Erik Gomez (JGSW)
  • Travis Tripp (Hewlett-Packard Enterprise)
  • Neeraj Jangid (Workday)
  • Mark Maguire (Aujas Cybersecurity)

Agenda

Minutes

  • Chair selection: working group voted to add Dean H. Saxe as a co-chair. The Working Group Chairs are now Aaron Parecki and Dean H. Saxe

  • Request a Slack invite to OIDF Slack from Mike Leszcz [email protected]

  • Review of IPSIE Charter: https://openid.net/wg/ipsie/ipsie-charter/     * Should SAML be included in scope?         * At least harmonizing authentication contexts between OIDC and SAML? https://github.com/pamelatech/ACRminprofile         * Configuration changes to existing SAML deployments are easier compared to adopting a whole new profile of SAML         * Lack of PQCS for SAML, likely no post-quantum work should be expected since the SAML WG has shut down         * Switching to OIDC for SaaS providers can be a heavy lift         * Possible compromise with adding to SAML and OIDC ~ base functionality level in SAML, Advanced

  • Discussion of IPSIE levels in OIDC and others     * Karl McGuinness volunteered to create a framework of levels

  • FastFed shared goals? (There was a lack of interest in FastFed from Cloud providers)

  • Start with use cases ~ MFA is popular     * Use cases: (1) MFA, (2) AAL2 authentication of an IAL2 user (3) global logout

  • Concrete milestones to keep in mind     * We would like to get to a point where there is an IPSIE certification suite     * Interoperability Events are a useful mechanism

  • Deep dive on use cases, creating separate special topic meetings or sub groups (task force) that report back to the main group

  • iGov review:     * Use iGov OIDC profile as a template for IPSIE (some changes will be needed for IPSIE)     * An opportunity to create cross spec interoperability across profiles / protocols     * A simple Actor diagram defining the context that IPSIE is looking to address could also be helpful     * Maybe a specific OpenID pov: If we can have a common way for a client to understand the mfa specific nuances that are split between different things like amr acr aal (authentication methods reference, authencation class reference, authenticator assurance level)     * And same thing for other issues between standard

  • Karl - focus on the top level frame and taxonomy before diving into the specific profiles

  • Consider separating the technical profile of the protocol from the semantic profile for claim values. Much of the cross-protocol functionality will be captured within the semantic profile. Ex: amrs, sub, scopes, etc

  • Volunteers and interest in special topics? Shared Signals, SCIM, OAuth, FAPI, OIDC

  • Enterprise developer audience, what are the outcomes and capabilities, mapping security controls to levels ~ survey on outcomes from the group

  • Homework: What outcomes are important to you and your organization or customers? Use Slack or github or discuss on next meeting       https://github.com/openid/ipsie

Brainstorming outcomes for IPSIE https://github.com/openid/ipsie/issues/2

Meeting schedule modified for upcoming holidays: no calls on Dec 24 or 31

Action Items

  • Everyone: What outcomes are important to you and your organization or customers? Use Slack or GitHub (https://github.com/openid/ipsie/issues/2) or bring notes to discuss during the next meeting
  • Karl volunteered to start brainstorming a framework for levels
  • Dean volunteered to suggest topics for focused "special topics" WG meetings
Clone this wiki locally