- [Paul] Focus is on
Higgins 1.1. This is an
opportunity to get reactions to it.
[Paul] Does everyone have access to it? [the
[Paul] So the first slides are just on Higgins
[Paul] Slide 4, you can experience it though
information cards. It is a place to start.
[Paul] Slide 5, have an introduction slide.
Tried not to be too high level or too low level, it is an organizing point.
[Paul] Slide 7 is breezy, on Data
[Paul] Slide 8 is breezy. It has been redone.
[Paul] Slide 9, is the same.
[Paul] Slide 10 is the same, but cleaned up. No
[Paul] Please if anyone has an objections or
[Paul] Slide 12 no new content, 1.0 supports two kinds of cards. Managed and
[Paul] Slide 13, three
[Paul] Slide 14, new
[Paul] Slide 15 – some selectors use an i-card
[Paul] Slide 16 seems redundant with 15, will
17 talks about the Higgins Selector Selector, which we have
[Paul] Slide 18, the IdP, there are two of
[Paul] Slide 19 shows where they fit in the
Slide 20, there are 2 of these.
[Paul] Slide 21, is about Relying Parties
[Paul] Slide 22 is where the RP’s live in the
[Paul] Slide 23, is
IBM’s Multi-protocol website enablement.
Understand that it doesn’t support OpenID, there were just some licensing
[Paul] Slide 24, Lego blocks and glue. Gave it a generic name: Identity
[Mike] Question about slide 23. We have a website. Where is the
multi-protocol website? Can we
put it on the slide?
[Paul] I should have said enablement
library. I’m open for some IBMer
to give it a better name.
[??] If we had places to show case, we should
add URL’s to actual IdP’s and RP’s
[?] Sounds like a good idea.
[Paul] Slide 24, there is all this
[Paul] Slide 25, glue used by apps and
selector. It is pluggable. And
this is one place where we can plug things in. ..
[Paul] Slide 26, we all know that it isn’t
really layered like this.
[?] On slide 25 what are the different
[Paul] White is being considered.
Orange is done. This is to give
hint of the future without committing.
[Paul] Slide 27 shows that IdAS is
pluggable. The same key is
[Hank] I noticed the way the plug-in
differs. In an earlier diagram
had them mapping to OpenID, etc. Now you have eliminated that one level. Is
What I did is make slides 25 and 27. Used to be one side, which was too
complex. So I introduced an
[Hank] Before 25 and 27 where both pointed to
[Paul] I do not think that I really changed
where they plugged in. I split
one slide into two.
[Hank] I remember IdAS in the middle:
API above and below.
[Paul] I may have eliminated OpenID as a CP type
as Novell did that work and it was a bit experimental, and there doesn’t seem
to be a lot of pull for that
[Hank] You showed OpenID in 25. I don’t remember
both layers having plug-ins
[Paul] Slide 27 is accurate. I took liberties in slide 25. These
plug-ins plug into multiple components. Some into the
STS, some in a different place. So I just used dashed white lines.
This one doesn’t show much detail of the architecture.
[Hank] Fine. Just trying to relate to what you had
[Paul] Slide 28 is an intro to IdAS. As is slide
29 and talking about potential of globally linked data.
[Paul] Slide 31. Took a little liberty. All these aps are involved in
interoperability somewhere. So when we participate in an
OSIS Interop some things we bring are
selector, RP and IdP code. Was a way to capture that notion and provide intro
or 32 and 33.
[Paul] The next part may be more
controversial. Higgins 1.1. I took the liberty to change the
date. At next F2F should take
some time for planning.
[Paul] Slide 36, Jim, I’m sure…
[Jim] June 2009, is that the date of this
presentation or of 1.1?
[Paul] I felt Spring coming quickly so changed
to June for 1.1. Haven’t
discussed this much. It is to be
[Paul] All things being equal, there is a bias
to June release dates as that is when they have the Eclipse release train.
[Paul] Slide 36, Jim, you could send me some
additional points to make here and on any other slide you
[Paul] Slide 37. OpenSocial has been discussed. Maybe
Oracle would do that too. There have been discussions of ID-WSF wrappers. There are maybes on things that are
not yet resourced.
[Paul] Slide 38. Parity folks and Markus have been
working on that. Relationship
cards are the next section. Just
tidied-up the slide. It is not
[Paul] Slide 43 is interesting. We in Parity have been working on
something that Mike and I have discussed in the past: A password card. Would be great to discuss at the
F2F. You use it to log into
regular passwords sites. Also,
not in the slide deck, form filling anti- fishing support for OpenID RP’s,
auto fill in your favorite OpenID, check the redirect…similar to what VeriSign
did with the seatbelt plug-in. I’ve recently been told that OpenID has been
working on OpenID support. Then would have ability to login into OpenID,
Information card and regular sites.
Then the only thing missing is SAML. Then it would be really neat, we
could log in anywhere.
[Paul] We talked about doing a SAML card, being
able to fetch a token using a SAML protocol over the wire.
[Paul] I know there is an idmix token type. It
might be worthy of being a card also.
[Paul] Slide 44. This is something that Parity folks
have been working on very hard for 1.1. A set of i-card handing under your
OpenID. It is your internet wide user name and password. You can also use it
as a way to authenticate to your selector. In particular, a hosted selector
that can be registered as a service endpoint, assuming the OpenID is an OpenID
2.0. Not sure how much of the code had been checked in yet. Drummond had designed a protocol. People didn’t really own their own
OpenID. You can’t add new service types to it unless you run your own
service. Have worked on a
proposal to have a service end point provisioner. Did I say…
[Paul] Markus tell us about your free
[Markus] I run this free provider for i-names.
You can register your i-name there. Has forwarding service and in addition can
do what Paul just described. It
can act as a user name for your selector. The protocol is to download
selector, run it and in the process of installing the selector you choose an
i-name, an OpenID and it is provisioned with the appropriate end point. Then
can use it just like any OpenID and is also a user name for a
[Paul] The next slide is another maybe. Actually Dale, Mary, Charles and I
were just on a call with this French consortium. It is just one of the groups
interested in having Higgins support ID-WSF.
[Dale] It is interesting that they even want to
move to info cards, it really evolutionary..
[Paul] Moreover, it is interesting work.
[Dale] Yah. I agree.
[Paul] I hope resources fall out of the sky so
we can move on with this.
[Paul] Slide 46 is something that Markus has
been work on.
[Markus] The IdAS client?
[Markus] That is way of using IdAS without
needing a lot of context providers that you would normally need. If you want
to open a context, it doesn’t open it directly. Instead it sends the request
to an IdAS server that opens the client provider, so the client doesn’t need
to have the CP. The server has the CP. So it can read and write without
knowing what is behind it and needing a [local] CP.
[Paul] It was written in java. Have experimented with cross compiling
it into c code.
[Markus] It worked. I was able to write a simple
c program to remotely open a context and read data.
[Jim] It does sound similar to the
IdAS.cp.res.xml provider that we have been quietly working on. It is checked in and on the components
[Paul] Can you make a slide for that or send me
[David] Likewise, we have been working on
restful API’s as well.
[Paul] Is that checked in?
[David] It is not checked in.
[Paul] Beyond Higgins 1.1, a pet project a lot
of people talk to me about is hand held devices. IBM
showed a prototype in January of an Android Selector. It is not checked in, but there might
be other efforts that would get underway.
[Paul] Slide 49, I took the liberty of moving the goals
of the project to the end, as they are sort of boring. They are just a lot of
[Paul] Thank you for the feedback. Do send in your new
[Paul] What is next on the