Notes from the Higgins Developers
call on Thursday, May 29
Attendees
=========
* Charles
Andres
Paula Austel -
IBM
* Jeff Broberg
CA
* Duane Buss -
Novell
Anthony Bussani -
IBM Zurich
* Greg Byrd -
NCSU/IBM
* Brian Carrol -
Serena
* Tom Doman -
Novell
* Andy Hodgkinson -
Novell
Valery
Kokhan - Parity
Ukraine
* David Kuehr-Mclaren -
IBM
* Mike McIntosh -
IBM
* Tony Nadalin -
IBM
Dale Olds -
Novell
Ernst Plassmann -
IBM
Uppili Srinivasan -
Oracle
* Drummond
Reed - Cordance
*Bruce Rich -
IBM
* Mary
Ruddy
- Meristic/SocialPhysics
* Markus Sabedello -
Parity
Jim Sermersheim -
Novell
*George Stanchev -
Serena
* Daniel
Sanders
* Paul
Trevithick -
Parity/SocialPhysics
* Brian
Walker
- Parity
Jeesmon
Jacob -
Parity
Carl Binding -
IBM
Tom Caroll -
Parity
Ernst Plassmann -
IBM
*Mohamad -
Oracle
* Attendees
Meeting
Notes
=====================
1) [Mary, Paul]
Recent events - IIW and mini-Higgins F2F in Seattle
[Mary] - We are going to start with an update
about two recent events. The first
is IIW. A blogger http://drstarcat.com/ said
that the IIW session with a Relationship card demo was one of the best
sessions. Drummond also did a
“demonstration” of the relationship card concept with string and scissors on the
first day, which made a strong impression.
In the Higgins overview I led with the user-interface (information cards)
and then followed- up with details about Higgins’ back end capabilities. The feedback on this approach was
positive.
[Tony] – I have a concern
as to Drummond’s… some concern over standards.
[Drummond] You mean
negative votes on W3C ?
[Drummond] Has passed at
OASIS. It is a concern. But this isn't news.
[Mary] Concern for
consistency?
[Tony] Yes, we tow the line
with W3C.
[Drummond] This is
obviously a complex subject. Do you want to have a dedicated
conversation?
[Tony]Yes. I only brought
it up as it is becoming more of an issue with relationship cards. We need to go figure out what to do
here.
[Drummond] At IIW, people
came up to me and said “Ahh, I finally get why you are driving the XRI
thing.”
[Drummond] I completely
understand the concern.
[Mary] The other event was the mini Higgins
F2F. Mike can you talk to
that?
[Mike] We should wait until
Jim is back so that he can speak.
[Tom] Do you want feedback
on the other meeting?
[Mary] No. We won’t talk
about the non-Higgins meeting on the Higgins call.
[Mary] The next topic is
Brian on 1.2M2...
2) [Brian] 1.1M2 (13-June
target)
--------------------------------
* See: http://wiki.eclipse.org/Higgins_1.1M2
* To support the release
target date we ask that any open issues
planned for M2 be closed by
11-June.
* As a reminder for 1.1M2
bug owners as listed in the below link to please
go through your bugs and
categorize them as:
1. Move them to fixed state
if completed
2. Leave them on this list
if you can commit to have
them completed by
11-June
3. Move them to a future
milestone (M3 or "Backlog").
https://bugs.eclipse.org/bugs/buglist.cgi?query_format=advanced&short_desc_t
ype=allwordssubstr&short_desc=&classification=Technology&product=Higgins&tar
get_milestone=1.1M2&long_desc_type=allwordssubstr&long_desc=&bug_file_loc_ty
pe=allwordssubstr&bug_file_loc=&status_whiteboard_type=allwordssubstr&status
_whiteboard=&keywords_type=allwords&keywords=&emailtype1=substring&email1=&e
mailtype2=substring&email2=&bugidtype=include&bug_id=&votes=&chfieldfrom=&ch
fieldto=Now&chfieldvalue=&cmdtype=doit&order=Reuse+same+sort+as+last+time&fi
eld0-0-0=noop&type0-0-0=noop&value0-0-0=
[Brian] We have a
total of 51 items on the list. Ten
of these are tagged as fixed. Therefore there are 41 items that need to be
gone through and updated or moved. I will continue to follow-up with
people. Leave it (the item) there if you know it will be fixed... or
move it to M3 or the parking lot if not.
I will continue to update folks a couple of times a week. There is
no change on the 1.0.2 release.
[Tony] What are the
benchmarks for releasing a milestone. What tests get performed to say this
is ready to release… Some people test... Is there a test that runs at
night?
[Brian] Excellent
question.
[Brian] We are currently
working on test automation and reporting.
Currently we are focusing on unit testing. We are investigating how we
can include test automation in the nightly builds. So those are ways to
add formality at a component level, then at a solution level. The plan is
to report this on the wiki page, then include this as part of the release
process.
[Mike] Do we have any hope
to get automated testing into the build process any time soon?
[Brian] There was a
dialogue Paul had started with the Eclipse folks. Never got any response
from them. Will try to probe Bjorn again.
[Mary] Bjorn is traveling
this week.
[Paul] I will follow up
again. In general, Parity is trying to generate the resource for this, but
it isn’t the highest priority. It
won’t happen for another milestone.
[Mike] The issue is that
without automated testing in place, our quality control is just whether or not
it builds, which is not a high bar.
[Paul] Fair
criticism.
[Paul] If anyone wants to
volunteer resources… It is only Parity trying to find the
resources.
[Mike] I'm willing to put
resources in, but want advice from other Eclipse projects that have done this
before. So we aren’t maintaining testing infrastructure we have built for
ourselves. We can’t do that.
[Paul] Mary can help by re-forwarding the email
to Bjorn.
[Mike] Tony can you help
get someone.
[Paul] There is agreement
about intent. We couldn't get it done for 1.0. We do want to do it. The Eclipse IDE runs
~20K test automatically. We need to
figure out how to get a hand on this expertise.
3) [Mary] Website
-----------------
* Status update
[Mary] We are continuing to work on the
redesign of the Higgins home page. We received a lot of feedback that
we needed to change the home page so that people coming to the Higgins project
don't get lost in the Eclipse website. And the the heavy purple
"Phoenix" look and feel was inhibiting adoption. The purple will be
replaced with something lighter and more open. We have been coordinating
with Eclipse and some other projects on a revised design. For example the
revised header just has the Eclipse logo and the Higgins logo and lots of
white space.
[Tony] What about fonts and
colors?
[Mary] The current proposed colors are a
medium blue, which complements the Eclipse logo and is more like the Eclipse
style before the "Phoenix" style was adopted.
[Mary] The
next topics are about the software
4) Multi-protocol RP
Support
---------------------------
* Do we agree on the goal
of simplifying the RP user experience (i.e.
not "click here to login
with OpenID", "click here to sign in with
information card", "click
here to login with SAML")
* Do we want the RP
metadata to declare the various RP protocols it
Supports (e.g.
ISIP 1.0 & OpenID
2.0)?
* Is our assumption that a
card selector will always appear
5) Multi-protocol
Information Cards
-----------------------------------
* Cards that support
WS-Trust AND SAML AND OpenID
simultaneously?
[Paul] The next topics are
intertwined. People have multiple protocols. What should the user experience
be? Do we as a project agreed on the goal of unified user interface?
This is opening this up as a topic of conversation, rather than having a fixed
answer.
[Mike] We should talk about
what the options are. We already have 3-4 user experiences as it is.
Do we think that one or more of our use experiences is more
suitable?
[Paul] I was trying to
focus more narrowly In an ideal world should there be multiple log-in
options? Is there anything wrong with having multiple sign ins? Is it within our scope to work on the RP
code? Or can we not decouple this?
[Mike] The problem we have
to deal with is that RP’s don’t want to spend a lot of time adopting identity
technology. Especially identity
technology that may not take off. We want to enable with a framework to
isolate them from the details.
[Drummond] I agree with Mike on this. There were
several conversations on this. George Fletcher blogged about this. Have. RP’s just use a link to an XRDS
document so there is one way to the RP.
[Drummond] If Higgins is
going to be multi-protocol, and we can provide RP's what they need to deal with
it, a whole bunch of RP’s would love us for that.
[Paul] Are we all in
agreement for that - to develop a RP framework, an overall framework, to
maximize adoption of I-cards particularly? Is that a proposition we agree
with?
[Daniel] Drummond
brings up an interesting point. If we come to one icon to click on in the
RP page, it may be different protocols, will it always bring up an information
card? If that is what it means, then I would have some concern about
that.
[Paul] What is the
concern?
[Daniel] We have received
feedback. That they can be too “in your face”, and not in the main line of
what the application look and feel is. The user finds themselves in a
wilderness...I'm in favor of Drummond’s proposal
about multi-protocol.
[Paul] Are you proposing
that people type in their OpenID manually rather than using a
card?
[Daniel] I don't think you
want to get locked into using an identity selector.
[Charles] What
icon?
[Daniel] Click on some icon
and get experience for that web app. Could bring up i-card, or password or
OpenID.
[Charles] That is what we
have now, a couple of options.
[Daniel] Have one thing
presented and when click on it get what that [website’s] administrator wants to
offer. I don’t think we can say that it should always bring up an identity
selector.
[Drummond] Site and user
each have their preferences. The result may depend on an interaction of
those two preference sets. Have the user side agent decide to do the right
thing based on what the RP side does.
[Daniel] Not sure that the
one paradigm will always be best. Some app developers want to provide
a more seamless experience for users.
But I want to use the Higgins technology to do this. Is not one
size shoe fits all. Is a suite of offerings.
[Charles] The industry will
have this problem in general. Any site that exists right now needs to offer the
existing user-name password experience.
It could get to the point that the industry could help RP’s in ….
[Drummond] It strikes me
that Higgins, if we are truly multi protocol, we have an extraordinary
opportunity to help RP's. Not knowing which one will win. If Higgins can
say we are supporting the varying options, but we simplify it for you the RP and
a suggested user experience. A lot of RP’s would like
that.
[Paul] Are we all in
agreement? If so, then that is a high bar. It is a big project. Any descent?
[Tony] My view is that
there are more concerns out there than the RP. We need to make it easier for the
consumer, then the RP. On that note it is not necessarily CardSpace that will
win on the client.
[Paul] Agree
completely.
[Daniel] There is another
wrinkle. Some places use custom authentication. (I.e. Fingerprints, etc.) Have we thought about how to support
those as well, and make that experience easier?
[Drummond] We should use
the 80-20 rule. Handle the standard options, then make it
customizable.
[Daniel] We can define a
framework, that is extensible, without covering the other 20 percent, but
anticipate it.
[Paul] We need to be very
precise about what we work on. Agree totally. It is the user experience that will
drive this. There is a mid position.
We can do some skinning. I was talking with Pam Dingle about
RP's - generic descriptions vs..
specific RP’s on field. Before we jump to solutions, we need to get some
careful usability feedback.
[Daniel] Agree. Focus is on the end user.
[Mary] Yes, focus on a
smoother user experience so that RP’s thinking about adopting this paradigm
don’t worry about loosing users due to a bad user experience. Focusing on the
user experience will help with RP adoption of the technology. Higgins handles the messy stuff so that
the RP’s life is simpler.
[Charles] At IIW I ran a
session on two buttons (VRM, and information cards.)
[Charles] Clicking on the
purple icon isn’t the answer as that is just one protocol.
[Paul] It should be very
plastic and adaptive. A negotiation to some extent. I'm concerned about
doing anything in the RP side that breaks the fundamental metaphor for the user
experience.
[Paul] Mary, you’ve been
taking notes? I didn’t expect to
conclude this topic in this call.
Just want it bring it to the group’s attention.
[Mary] Yes, I’m taking the
notes. Time
check....
[Paul] Another topic. Should every card be multi-protocol? I’m
throwing this out for thought.
6) RP User
Experience
---------------------
* Today Selector pops up in
a separate window/desktop context
* Should we have a work
area to gather feedback on the user experience?
[Paul] We’ve talked about
this.
7) Axel's two
proposals
-----------------------------------
* <object> tag alt.
Thread starts here:
http://dev.eclipse.org/mhonarc/lists/higgins-dev/msg04502.html
* Instant managed cards.
Thread starts here:
http://dev.eclipse.org/mhonarc/lists/higgins-dev/msg04518.html
[Paul] The next topic is Axel’s two
proposals. Don’t know if people have had a change to study these things. I
put the links in. Do any of you who are on the call have
thought?
[Andy] I can express some
of Axel’s concerns on the object tag. They expect the embedded object to
be something that can… We use it to represent the required token given the
Mozilla model. Therefore we have to go through strange hacks to get around the
plug-in missing message. It is very complicated and fragile. Every time Mozilla
comes up with an update… To address these concerns, rather than use the object
tag, use a linked tag...It is used to embed the relative order of a tag. Axel is
proposing that we use that to specify the RP policy. Rather than rendering
a page, put a button in task bar or someplace that the use can then click on to
cause the selector to be launched...While I think that is interesting, I don't
know if that we be that appealing to end users. He is trying to push the
link tag as a possible solution.
[Daniel] In the head
section of the page, what if there were multiple forms?
[Andy] Don’t know how we
would do that with a linked tag.
[Paul] Thanks Andy. That is
very helpful. It comes back to the RP experience. We need to have
something rendered in the pages. As
there are only a few minute left, rather than start on Axel's other proposal,
lets table that for now and have a minute to go through Higgins related news at
the end here.
1) [Paul] Parity's "Higgins
Mobile" Proposal
--------------------------------------------
Parity is out soliciting
project funding to develop a native code selector for Symbian, RIM, WinCE,
iPhone and Android. [IBM has disclosed its internal project
working on experimental Android selector]. Parity would be the project manager.
All code will be contributed to Higgins.
[Paul] There are two more
news related items:
[Paul] One of them is that
Parity is out soliciting resources for developing native selectors on portable
devices. Wouldn't it be great if
Higgins selectors ran on all the top phone platforms?
IBM has publicly talked about their
work that they have done themselves.
[Paul] In the past this is
not how we get Higgins code funded, mostly people providing their own
developers. Want to put this out
there… Any response?
[Daniel] Top 5
platforms?
[Paul] Top five mobile
platforms. I do get feedback.
Until it runs everywhere, it is hard to push it. If there were a common
platform for all these platforms….
[Tony] When we worked on
Android, we surveyed. We know of at least 4 other efforts. Some of
the issues are still usability. It is not nice to type anything on your
phone at all. So there is still some big usability on the
phone.
2) [Paul] Information Card
Foundation
-------------------------------------
There will be a June press
release related to public launch of the Information Card Foundation. The
foundation includes both community members (including Higgins contributors
Mary
Ruddy,
Paul
Trevithick, Andy Hodgkinson, and
Drummond
Reed)
well as corporate sponsors (e.g. Equifax, Novell, PayPal, Parity, Wave Systems,
Fun Communications, Ideology, and ooTao).
[Paul] Next topic.
There will be a June press release. It already exists. I mentioned
those that are associated with Higgins in some way and I listed some of the
companies who have signed up as official members. There have been rumors, it is
true. It is relevant to this group as Higgins is one of the main
implementers of information card technology.
[Paul] We will continue
next week.
[Mary] Anything else in the
last few minutes?
[Paul] In the next week, I
will brush up on some of the other OpenID – i-card proposals that are in
circulation. So next Thursday we
can talk about that.
[Mike] Does anyone know
about where that OpenID SXIP proposal is out there? Is that owned by some one
else?
[Drummond] I don't think
so. It was a spec generated by SXIP, it wasn't submitted to openID2. It was an
early effort. To my knowledge it hasn’t gone anywhere. They were just offering
it up as a potential approach.
[Mike] I understand. It is
just that SXIP is flying in many directions. I don’t know clearly who owns
it now and where it is going.
-end