Minutes: XDI TC Telecon Thursday 2011-11-03

[Drummond Reed <drummond.reed@xdi.org>]

Following are the minutes of the unofficial telecon of the XDI TC at:

Date:  Thursday, 03 November 2011 USA

Time:  1:00PM - 2:00PM Pacific Time (20:00-21:30 UTC)

ATTENDING

Mike Schwartz

Joseph Boyle

Drummond Reed

Markus Sabadello
Giovanni Bartolomeo

THE IDEARPAD LINK FOR TODAY IS:

     http://xdi.idearpad.org/44

1) UK MIDATA INITIATIVE

Drummond just sent two emails to the list this morning about the announcement by the UK government this morning, available at:

   http://nds.coi.gov.uk/content/Detail.aspx?ReleaseID=421869&NewsAreaID=2

This certainly indicates growing market demand for XDI as as solution, particularly link contracts so UK citizens can have portable control over their data.

2) OPENXDI UPDATE

Mike said that the OX project is working on OXPlus -- the "Hello World" application for OpenXDI.

3) IDTRUST BUDGET

Kaliya sent a message to the list reminding us that the IDTrust Member Section is  asking member TCs for budget requests, so we need to consider if there's  anything we'd like to request budget for.

Mike suggested requesting funding for implementing an enhancement to OXGraph to improve the usability of the XDI messaging component.

Mike's second suggestion was to pay for hosting of a Rackspace server to host an XDI server that would be available to OASIS users and Identity Commons users for XDI testing.

Joseph suggested that we look at asking for marketing & PR funds for once the first set of XDI 1.0 specs are ready. Since these budget requests are for 2012, this should be feasible.

# MIKE AND DRUMMOND AND JOSEPH to contact Kaliya and Dee RE these requests.

# ALL - Send in any other suggestions to the email list.

4) MESSAGE AUTHORIZATION

Mike sent a message proposing a flow and $words for message authorization using OAuth.

   http://ox.gluu.org/doku.php?id=oauth:oxintegration

We discussed the statements needed in an XDI request message. Drummond proposed that one XDI statement is needed in an XDI message that uses OAuth authentication. In the template format we used on http://wiki.oasis-open.org/xdi/XdiMessagePatterns, this statement would be:

  {from}$msg{$id}/{token-type}$token!/(data:,{token})

Example:

  =!1111$msg!1234/$public$oauth$v!2.5$jwt$v!2$token!/(data:,)

  =!1111$msg!1234/$public$opendconnect$v!1$token!/(data:,)

  =!1111$msg!1234/$public@yubikey$v!3$token!/(data:,)

In each case, the {token-type} variable would be specified by an XDI authenticaton spec (or spec profile) that specified how to verify the supplied token. This includes how to discover any additional metadata needed from the sender. (For example, performing PKI authentication can require the receiver to do trusted discovery of the sender's public key certificate).

Mike preferred having a pointer to the associated token metadata as a separate statement in the message.

Examples of both follow.

Drummond's Proposal REQUEST 

=!1111$msg!1234/$is()/(=!2222)

=!1111$msg!1234/$d!/(data:,2011-11-11T12:12:00Z)

=!1111$msg!1234/$do/=!2222*myLinkContract$do

=!1111$msg!1234$do/$get/=!2222$uri!

=!1111$msg!1234/$public$authn$openidconnect$v!1$token!/(data:,<some token>)

Mike's Proposal REQUEST 

=!1111$msg!1234/$is()/(=!2222)

=!1111$msg!1234/$d!/(data:,2011-11-11T12:12:00Z)

=!1111$msg!1234/$do/=!2222*myLinkContract$do

=!1111$msg!1234$do/$get/=!2222$uri!

=!1111$msg!1234$do/$authn/$public$authn$openidconnect

=!1111$msg!1234/$token!/(data:,<some token>)

Joseph agrees that we should remove the extra line. 

In his earlier implementation, Markus used $o and $p predicates to specify OAuth or PKI, but he used another XDI statement to provide more data.

# MIKE to discuss further next week with OpenXDI developers to get more feedback.

5) XDI DISCOVERY FOR URI CROSS-REFERENCES

Drummond posted additional text covering how to resolve URI cross-references in the XDI Discovery wiki page:

   http://wiki.oasis-open.org/xdi/XdiDiscovery

We ran out of time to discuss this today - we'll move it to next week's agenda.

5) NEXT CALL

Drummond will not be able to attend next week's telecon due to Defrag in Boulder, CO. However we will still plan to hold the call if enough others can attend.