Attendees
- Brian
Carroll - Serena
- Andy
Hodgkinson - Novell
- Dale
Olds
- Novell
- Drummond
Reed
- Cordance
- Mary
Ruddy
- Meristic/SocialPhysics
- Jim
Sermersheim - Novell
- George
Stanchev - Serena
- Paul
Trevithick
- Parity/SocialPhysics
- Brian
Walker
- Parity
- Hank
Mauldin - Cisco
Time: noon EST
Dial-in:
1-866-362-7064 /
892048#
Agenda
1. [BrianW] We are still working on
1.1M4
- Build is expected
shortly.
- See http://wiki.eclipse.org/Higgins_1.1M4
- [BrianW] Down to the last
piece. As soon as get the JNDI CP
built, will close and will be done.
Valery is to make this a priority.
- [BrianW] Need to start
planning for M5 as well. Will
start working on that as well and keep people posted on that.
2. [Paul, Mary, Dale]
Highlights from recent and events and press releases.
- IIW, Gartner, Equifax,
etc.
- [Mary] We had a good IIW
and there were demonstrations of Higgins functionality, and browser plug-in
discussions which Paul will talk about later in the call. There was also a working session on
the Higgins White Paper where Hank got some good feedback on the outline from
the F2F. During the White Paper
discussion, I also got some feedback on the new home page prototype, which I
will talk about below.
- [Mary] Dale was one of
the speakers in a session on user-centric identity. And it was a Keynote! It was great to
see Gartner have a key note session on identity frameworks.
- [Paul] Equifax announced what they are
calling the first commercial information card. Parity developed it using a service
called CardPress, which is built using Higgins. It is exciting to see all the
reverberations from the announcement.
3. [Paul channeling
Markus] New SAML2 - information card capability
·
As demoed at IIW by Google
·
Markus extended the SAML2
IdP to authenticate users with a card instead of against an IdAS context.
·
Markus will send a message
to the Higgins list later and describe
how people can try the demo themselves.
4. [Paul channeling Markus]
iPhone prototype
·
[Paul] The iPhone prototype
was also demoed.
·
[Paul] Not sure if the code
is checked in, but that is the plan.
Markus created this website to answer questions about it. We came up with the idea at IIW to
create a petition. If you integrate
with mobile safari , it violates the rules, so to implement the iPhone prototype
you need to violate the warranty of
your iPhone. When this is fixed, the prototype becomes
interesting.
·
[Paul] Someone told me a rumor that you had
DigitalMe running on an iPhone.
·
[Andy] We came up with an
iPhone specific UI and cross compiled the code for the iPhone. We encountered some of the same problems
– integrating with mobile safari is next to impossible. One of the directions, since WebKit is
part of the Apple SDK we thought about creating an application that embedded a
simple browser based on WebKit that allowed the selector to be launched from the
WebKit browser so have similar experience to desktop. We didn’t take it that
far.
·
[Paul] Hopefully we can
collaborate on that. The iPhone
creates a lot of excitement.
·
[Dale] Nokia picked up the
DigitalMe code. Did we hear any
thing about it?
·
[Andy] Nokia was to
prototype a selector on one of their platforms. Positive response. Haven’t heard recently. Seem to be
operating in stealth mode. Haven’t reached out.
·
[Dale] it would be nice to
bring these phone initiatives together and have this be the place.
·
[Paul] Axel, at DT, has
also been working on a phone. More later. And the Google Android platform, which
IBM was working on, is another
one that might be less restrictive.
5. [Mary] Website home
page progress update
·
[Mary] During the IIW
session on the Higgins White Paper I discussed the new home page prototype. The feedback on the revised homepage,
with three “doors”: selectors, web services and IdAS was very positive. I also showed the revised illustrations
for the two new doors. Based on
feedback, we are getting new pictures drawn.
6.
[Paul] Java 1.4.2 and JavaME (vs. 5.0)
·
[Paul] Mike Milinkovich
told us IBM has products that are
based on Java ME VM to keep the
footprint down. Wanted to throw
that into the mix in case there are others who want to keep the client side size
down with a smaller VM. Not sure is it a compelling enough reason to stick with
1.4.2
7. [Paul or Axel]
I-Cards allowing image to be a link
- [Paul] If we remove the
card background image from the .crd XML and replace with a link, we reduce the
size of the card dramatically.
- [Paul]]Axel pointed out
cards are a fairly large file.
Most of the size is in the image.
In some phone platforms the place you would want to store cards is
really small. He pointed out if you remove the image and replace with a link,
you save a lot .
- [Drummond] That makes a
whole lot of sense to me
- [Paul] That might create security holes.
Wanted to know if anyone else had thought about it.
- [Andy] I like that idea.
Then have to pay the price of going over the network to pull the image down.
Would be nice to cache the image elsewhere in a non secure
area.
- [?] If not in the secure
area, image could be used to phish.
- [Andy] Could have a hash
or signature to verify when pull image across.
- [Paul] Yes, a
hash.
- [Axel] Phones in
Germany have only ~25 K of
highly secured storage.
8. [Paul and/or Axel,
JohnB, Drummond] IIW Session on Unified I-Card+OpenID browser
extensions
- Collaboration with XRI TC
on XRDS elements for RP “Auth Discovery”
- Collaboration with Google
IDIB effort, Vidoop, etc.
- Collaboration on
development of reference browser implementations for FF, IE, Safari, Chrome
—code in Higgins
- Collaboration with Shib
folks (Bob Morgan, Steve Carmody)
- See http://www.incontextblog.com/?p=90
·
[Paul] There was a session
at IIW, what if we could leverage towards only one extension. It was a surprisingly productive
session.
·
[Paul] The finish line is
that the extension ships with the browser.
·
[Paul] Previous step is a
reference implementation. So
question is what should the plug-in be, a plug-in for OpenID with seatbelt and
another for info cards.
·
[Paul] OpenID folks have
been looking at doing OpenID auth support.
Axel has if object tag not embedded in… both those threads in the room. What if we collaborate on development of
XRDS schema for holding this stuff?
There were also Shib SAML
folks, and they also want to collaborate on this. Bob Morgan has joined the TC. So there is a lot of energy for defining
XRDS for cross protocol discovery.
·
[Drummond] What is
happening at the XRI TC is there is intense interest in the next version of the
spec. More people wanted to join the TC, referring to this as XRD. The good news is it is getting simpler.
Using an XRD for discovery.
·
[Paul] Is there where agree
on XML description for auth discovery? TC seems like a good place to do the
work.
·
[Hank] Like the idea that
it could also discover that the RP had user name and password even. Hopefully
the working group would allow that.
·
[Paul] Password should be
one of the things. So OpenID, i-cards, SAML and
passwords
·
[Paul] Offered that
Higgins is a good place to do the
development to keep IP and provenance clean. Didn’t seem to be any
objections.
·
[Paul] Mary, I know we are
just finalizing the home page design.
It may be that there are benefits from there being a fourth door on the
home page. There may be benefit from having a separate area that isn’t the
selector.
·
[Andy] I agree with that.
That it is different enough to be separate.
·
[Paul] It is closely
related to selectors, but collaborating on 4 plug-ins – it would benefit from
being separate forth vertical.
·
[Drummond] I agree
initially, but from outside, people will see as a super selector. Want to raise that over time. People
will want to stick it with a client.
Maybe area should be client with two sub area: one card selector and
another browser integration.
·
[Paul] That is the other
way to go. My concern is adding a level of structure, rather than a flatter
structure
·
[Drummond]
Higgins is where work on OS
identity clients happens. It seems like a powerful positive piece happens. There
was a lot of great buzz about this session that Paul was leading. I think it can attract more people to
the project.
·
[Paul] So you propose that
the left mouse is identity client, under that three branches: browser extension, selector selector and
specific selectors and that would really help us position and get the word
out.
·
[Paul] Anyone disagree with
what Andy and Drummond propose?
·
[Hank] I like not creating
a fourth column. Need to be realistic about how flat you can make something.
This proposal seems reasonable.
·
[Drummond] Thinking from
the stand point of the white paper and position. It beefs up our
story.
·
[Paul] Hank do you want to
talk about that?
·
[Hank] There was some good
input. I went over the outline and
we got strong feedback on some of the order and a little less of the
history. So we will have to weight
that. So I got good feedback and
Mary got good feedback on the web.
Hopefully next week will have time to get to work on this.
9. [Mary] Review Action
Items from Higgins F2F
- [Mary] The action items
are on the wiki page [above].
There are a couple that we haven’t talked about in this call.
- [BrianC] We are in the
process of closing down the ALF process. Had the review
last week. Have been working with George to get things in shape for archive,
and have also been working on packing how to contribute this to
Higgins. There has been a good
deal of work done to vet the IP of ALF code. There are 80+
CQs. Recommendation is that we
package it and contribute it as a bugzilla submission to establish the
provenance of the code. All of the code was developed with the Eclipse
CVS under project
ALF, which was in incubation
where rules are a little looser. So we are getting ready to make that
submission so need to work on who will commit the code.
- [Paul] I’ve been assuming
that we should start the process on having you and George proceed to becoming
a committer.
- [Mary] Even if we start
this process now, BrianC and George won’t be Higgins committers until after
they make the code available.
- [BrianC] Looking for
volunteer to review the code and put their name behind
it
- Silence.
- [Mary] There is one more
item on the action list we haven’t discussed.
- [Paul] [As part of
improving the download and installation experience] We talked about
volunteering Novell’s virtual tech and VM capabilities to make it easy for
people to download images.
- Silence
10. [Paul]
Higgins Selector
Roadmap
- Experimental work on
merged DigitalMe/AIR code base
- Change DigitalMe card
store to be a cache synchronized with Higgins Identity Server (new
name for I-Card Service (aka RPPS))
- [Paul] At the F2F, talked
about merging the AIR and DigitalMe code bases
and taking the best of both. One baby step we could take is to have DigitalMe
card store be used as a local cache to Higgins card store in the cloud. Don’t now if that makes sense to you
Andy. This would give roaming benefits to DigitalMe
code.
- [Andy] That does make
sense. Sounds like Adobe may make
commitment to port the AIR processor for iPhone. Is
that another avenue to get a selector on the iPhone?
- [Paul] Yah. If it all
pans out, there is an opportunity to reduce code steams in
Higgins. Maybe could look at
AIR to use its presentation
layer for DigitalMe. We could end up with a single architecture and use
different presentation layers and reduce duplication of underlying layers.
A lot of the Parity guys would
collaborate with Novell guys.
- [BrianW] Yes, on the
Parity side, we would be very interested.
- [Paul] If
IBM were on the call, would
ask them what their future plans are for the RCP selector. This hedges our bets on the
AIR platform. It is not
without its downsides as well.
- [Paul] The fact that Andy
could compile all its DigitalMe code and run it on the iPhone was a real head
turner.
- [Paul] There are weaker
phone platforms that maybe couldn’t run all of DigitalMe, but in the short term will
be focusing on the smarter phones.
- [Paul] In an ideal world,
Higgins 1.1 might have just one selector with various options for different
presentation/platform combinations.
- [Andy] Do we have doc on
RPPS?
- [Paul] It is all
SOAP based, which we might
want to re-evaluate. But there isn’t a place to see the SSDL file. Let me work
with Brian to try and answer that.
- [BrianW] There is some
info on the wiki page to look at the SSDL files. We will send that
out.
- [Andy] That is the first
thing I need to look at to see what needs to be
done.