[02:07:20] stpeter joins the room [02:22:03] stpeter leaves the room: Logged out [05:06:52] stpeter joins the room [14:05:47] stpeter leaves the room: Computer went to sleep [15:01:26] stpeter joins the room [15:48:26] simo.veikkolainen joins the room [15:48:39] simo.veikkolainen leaves the room [15:52:37] resnick joins the room [15:57:55] sm joins the room [15:58:55] xmlscott joins the room [16:01:07] yone joins the room [16:01:47] shinta joins the room [16:04:59] Rickard Bellgrim joins the room [16:05:31] rgonzalez joins the room [16:06:22] tlyu joins the room [16:07:48] cyrus joins the room [16:07:52] fujiwara joins the room [16:07:54] buckeyeskeeve joins the room [16:08:13] leifj joins the room [16:08:14] Andrew Sullivan joins the room [16:08:20] fenton joins the room [16:08:22] Julian joins the room [16:08:33] Barry Leiba joins the room [16:08:36] audio stream is working nicely, thank you [16:08:44] cnewman joins the room [16:08:54] Ted joins the room [16:09:36] linuxwolf joins the room [16:10:24] eliot.lear joins the room [16:10:31] hi everyone [16:10:39] now scribing here [16:10:46] WG split being discussed [16:11:00] peter gets alto, calsify, core,iri, httpstate, oauth, vcarddav, vwrap [16:11:07] alexey gets the others [16:11:36] per@nordu.net joins the room [16:11:45] ietf outcomes discussion [16:11:59] this is on successes and failures of our efforts [16:12:01] tonyhansen joins the room [16:12:08] Spoilsport [16:12:11] alexey: [16:12:23] i think this is important... [16:12:33] we should have area-wide discussions about whether something is successful [16:12:57] eburger joins the room [16:13:15] mccreary joins the room [16:13:17] lellel joins the room [16:13:21] "adopted"? [16:13:48] Some, e.g EPP were never meant for wide adoption, but have reached Standard [16:13:51] eliot: go for more descriptive approach rather than success or failure [16:13:58] next subject [16:14:03] app-area bofs [16:14:11] hildjj joins the room [16:14:12] sal joins the room [16:14:17] IRDE, NewPrep, Web Discovery Stack [16:14:40] Ed Lewis: [16:14:45] Co-chair for IRDE [16:15:00] topic is to define a way to create escrow what's in a registry [16:15:04] what kind of registry? [16:15:13] written from the point of view of domain name registry [16:15:23] healthyao2000 joins the room [16:15:26] could include routing registries or the rirs [16:15:33] mapping things to entities [16:15:44] escrow is there for total failure of an organization [16:16:01] registrars have gone under and lost contact information, billing information, etc. [16:16:25] goal is to help users survive disasters [16:17:02] want to be able to pull out of a registry's archives the necessary information to re-establish contact [16:17:38] netwerkeddude joins the room [16:17:39] simo.veikkolainen joins the room [16:17:43] lirs rirs, registrars, registries might be interested [16:17:57] pete resnick asks: where's the protocol [16:18:00] netwerkeddude leaves the room [16:18:01] mccreary leaves the room [16:18:01] Ed answers: it's a format not a protocol [16:18:02] mccreary joins the room [16:18:11] eliot: schema of some sort [16:18:12] netwerkeddude joins the room [16:18:51] pete: we do schemas when we are going to be transporting them over the net [16:19:21] alexey: come to the bof with that discussion [16:19:23] ꈲ joins the room [16:19:30] NewPrep [16:19:42] Peter St. Andre [16:19:55] aka "StPeter" [16:20:30] new stringprep approach [16:20:34] Eran Hammer-Lahav joins the room [16:21:03] if IDNAs are not using StringPrep, maybe we should think about a new approach [16:21:17] StringPrep is tied to Unicode 3.2, and now Unicode is at 5.2 [16:21:25] bernie joins the room [16:21:59] and now for presentations [16:22:05] Web Discovery Stack [16:22:13] Eran Hammer-Lahav [16:22:57] purpose of these protocols is to allow different web applications to discover web data or policy information that is necessary to improve behavior [16:22:58] healthyao2000 leaves the room [16:23:25] this started with openid, and now they start sucking up your address book, etc. [16:23:43] how do you announce and how do you find information across the web [16:23:45] ? [16:23:52] this might be useful for other things [16:24:11] draft-nottingham-http-link-header [16:24:15] mccreary leaves the room [16:24:27] -> full blown registry for relation types [16:24:39] HTML, ATOM, HTTP, etc [16:24:44] mccreary joins the room [16:24:53] reltypes across multiple doc types [16:25:08] eliot.lear leaves the room [16:25:21] eliot.lear joins the room [16:25:51] well known uris [16:26:08] path prefix for uris /.well-known/ [16:26:18] the link rel registry seems like a really good idea. we ought to have a registry for HTTP verbs as well. [16:26:38] they pick a uri, regardless of the intent [16:27:08] need a very simple lw registry [16:27:35] host-wide scope [16:27:46] Suzanne joins the room [16:28:03] XRD [16:28:15] it's a schema that is being developed in OASIS [16:28:36] very simple XML-based for describing resources [16:28:48] those that can be identified with a URI, using web linking [16:28:54] Rickard Bellgrim leaves the room [16:29:04] Rickard Bellgrim joins the room [16:29:10] example on the screen [16:30:01] you have a subject, other uris this subject can be known as [16:30:15] property is any uri name space attribute you want to give to this resource [16:30:19] and then there are links [16:30:27] links between the subject and target uri [16:30:42] ylafon joins the room [16:30:54] and then another link... [16:31:05] ted hardie: [16:31:16] does XRD support non-HTTP protocols [16:31:31] ? [16:31:34] yes [16:31:47] host-meta [16:32:01] draft-hammer-hostmeta [16:32:10] host-wide metadata [16:32:35] well-known document [16:32:39] obtained via http/https [16:32:43] uses XRD [16:32:59] Andrew Sullivan leaves the room [16:33:06] may not always be necessary to mix protocols and resources [16:33:06] Andrew Sullivan joins the room [16:33:36] example on screen [16:33:57] there is no uri to identify a host [16:34:06] dns uri scheme seems applicable? [16:34:16] decided to just to extend schema to add a Host field [16:34:51] for this entire host this is the license [16:34:55] the template says [16:35:08] Rickard Bellgrim leaves the room [16:35:17] Rickard Bellgrim joins the room [16:35:32] for any resource, you can use this template, and get some action based on that type of resource, like author [16:35:35] LRDD [16:36:43] defines a pre-described order of how you might look at a set of links from four sources [16:36:54] including LRDD [16:37:11] protocol specific that tells you that there are some more links in this doc [16:37:40] acct: URI scheme [16:38:00] acct:local@host [16:38:21] attempt to address the fact that most people think of their identity as their email address [16:38:50] mailto: already has a well defined behavior [16:38:59] look at finger [16:39:17] it looks like an email address, but it wasn't all about email [16:39:24] Andrew Sullivan leaves the room [16:39:31] Andrew Sullivan joins the room [16:39:33] protocol-agnostic identifier [16:39:47] keep it limited and useful for not being abused for all sorts of user [16:39:59] jhildebr joins the room [16:40:11] hildjj leaves the room [16:40:13] ha! [16:40:17] dave crocker: [16:41:01] for local, it's just a string? [16:41:04] All identifiers are ultimately overloaded with something [16:41:30] uh-oh. i feel myself being drawn in to a bikeshed discussion. [16:41:32] Eron: if you're using the email address to log into a site, this is what you can use [16:41:55] healthyao2000 joins the room [16:44:05] eliot: what is the impetus? [16:44:27] dave: email addresses are being used where they may or may not be email addresses? [16:45:59] if he just put the host name on the front, he wouldn't have gotten all of these questions. [16:46:01] ted, is this the right division of local@host or is the syntax too restrictive? [16:46:04] won't putting host at the end be a problem with IRIs? [16:46:34] if you want something said at the microphone, please prefix with "MIC:" [16:46:37] ray_atarashi joins the room [16:46:45] sean leanord [16:47:18] julian: it should just be acct:context:localpart [16:47:39] given left to right processing, why not keep the @ for its previous common use [16:47:46] I think we need to bring uucp addresses back: leifj!nordu.net!facebook [16:47:51] eron: but that happens in the authority section [16:48:01] oo! i didn't think of !. that's old-school. [16:48:11] like i said earlier, bikeshed. [16:48:22] I think leif has good percept, esp for such proprietary services e.g. FB, twitter, etc [16:48:37] joe: yeah, bikesh** [16:48:49] is this a tripple? no- [16:48:58] he should say "context" instead of "host" to stop confusing people. [16:49:11] jhildebr: that would help [16:49:25] WebFinger [16:49:35] acct:facebook.com:foo@example.com [16:49:56] taking everything talked about and combining it, rebuilding finger to use http [16:50:09] per@nordu.net leaves the room [16:50:17] let's not create completely different discovery flows [16:50:23] finger smacks of presence. [16:50:23] unified discovery process [16:50:58] resolves into an LRDD document based on XRD [16:51:20] mccreary leaves the room [16:51:46] mccreary joins the room [16:52:14] Murray Kucherawy [16:52:28] RFC5451bis [16:52:36] update to auth-results header field [16:53:12] history [16:53:47] spec describes when you should add it, remove, ignore it, how you should interpretit [16:54:04] lots of operational experience [16:54:20] there are a few limitations [16:54:28] eburger leaves the room [16:54:41] a message that has more than one dkim sig - doesn't indicate which sig has passed [16:54:55] a few ISPs want to establish a trust chain among themselves [16:55:23] ... in the face of mailing list processing [16:55:45] this work will go to DKIM first [16:55:54] otherwise, probably doesn't need a WG of its own [16:56:04] mail-vet-discuss@mipassoc.org [16:56:20] no i-d yet [16:57:14] next [16:57:19] TID URN [16:57:23] Sean Laonard [16:57:59] Transaction Identifiers [16:58:04] draft-seantek-tid-urn-01 [16:58:17] problem: [16:58:37] main point is to get feedback on best way to proceed [16:58:44] thrasher joins the room [16:58:51] problem- there are all of these different identifiers that identify transactions- amazon, paypal, visa, etc [16:58:58] that already happened [16:59:20] no way to specify that transaction for interchange [16:59:30] idea [16:59:31] i.e. "proprietary, context-dependent identifiers" [16:59:46] starting with (really long string) [16:59:49] Randall Gellens joins the room [16:59:56] Rickard Bellgrim leaves the room [16:59:58] then -> paypal:(really long string) [17:00:07] -> urn:tid:.... [17:00:08] Rickard Bellgrim joins the room [17:00:19] thrasher leaves the room [17:00:22] I think this may be a URI, but not a URN [17:00:28] URI , URL, URN [17:00:37] why URNs? [17:00:52] Primarily because the minting authority is distributed; that would require an authority for TID [17:01:01] why would no not simply use urn:x-foo:bla for that? [17:01:37] #include [17:01:51] u geek u [17:02:04] this is the argument for a new scheme that has the same approach as http:, but without implying they are locators. [17:02:08] Andrew Sullivan leaves the room [17:02:16] Andrew Sullivan joins the room [17:03:00] we are now stuck in the UTF-8 hole [17:03:03] say "stringprep". I dare you. [17:03:55] now digging ourselves out... [17:04:23] discussion of lexical v. functional equivalence [17:04:51] because a URN names a resource promises no availability [17:05:12] tag: is pretty close to what he wants. [17:05:18] but a name -> resource binding is durable [17:05:37] ISBN is an example [17:06:15] URN Resolver = URN->URL [17:07:06] ABNF for TID [17:07:43] mccreary leaves the room [17:08:09] typed-tss [17:08:17] mccreary joins the room [17:08:21] Andrew Sullivan leaves the room [17:08:23] the transaction provider guanantees uniqueness [17:08:29] Andrew Sullivan joins the room [17:08:53] Features [17:08:59] Mandatory: unique [17:09:27] secondary goals- human readable, automatable [17:09:57] ok, what does he want that tag: doesn't do? [17:10:17] joe, maybe go to the mic? [17:10:51] Suzanne leaves the room [17:11:01] tags are not limited to the owner of the namespace [17:11:18] joe asks about tag: [17:11:31] tag does not specifically relate to transaction identifiers [17:11:45] it did not have a uniform way to identify a transaction provider [17:11:55] dave crocker: [17:12:29] is this really a urn? [17:12:37] ... and what's the verification? [17:13:07] Rickard Bellgrim leaves the room [17:13:16] Rickard Bellgrim joins the room [17:13:28] should this be a separate uri scheme rather than a urn name space [17:13:30] ? [17:15:08] urns do have semantic properties [17:15:24] igor from alcatel [17:16:25] who is generating tid? [17:17:17] answer via example: amazon creates amazon tids, paypal creates paypal tids [17:17:23] and each can use each others' as required [17:17:28] ted harding: [17:17:55] trying to establish a context- this is a piece of data about something [17:18:15] is there a common way to do the common way between him and the previous? [17:18:24] naming authorities have responsibilities [17:18:32] and this is going to be a problem [17:18:41] what's match.com 's transaction identifier? [17:19:54] uri scheme with enterprise Identifier... [17:19:56] (hardie) [17:20:13] ted: why enterprise number and not DNS name? [17:20:30] Andrew Sullivan leaves the room [17:20:37] Andrew Sullivan joins the room [17:20:43] DNS names can change owners [17:20:49] ah. got it. same answer as this. [17:20:49] That is in the draft [17:21:34] eve maler: [17:22:00] i have specific use cases where i would want this to be verifiable [17:22:04] But tag's aren't limited to the owner of the domain [17:23:27] urns have resolvers where you ask the resolver according to the resolver's rules [17:23:35] nod. apparea is the meta-bikeshed. [17:24:26] proposals on org-nids [17:24:40] reuse IANA PEN registry [17:24:48] private enterprise #s [17:25:36] john klensin: [17:25:44] thrasher joins the room [17:25:52] private enterprise identifier registry doesn't scale [17:26:18] iso tc-46 [17:26:43] shinta leaves the room [17:26:46] lots of experience with identifying #s [17:27:14] i.e. concocting identifiers for all sorts of real-world things [17:27:35] domain name with time stamp [17:27:37] ? [17:27:53] peter st.andre [17:27:56] web server identity [17:28:04] draft-saintadre-tls-server-id-check-03 [17:28:06] what's the mailung list for draft-seantek-tid-urn-01? [17:28:40] not mentioned, julian. [17:28:56] there are slightly different rules for TLS server checks [17:28:57] apps-discuss to start, and then either URI or urn-nid [17:29:05] in my opinion,anyway [17:29:38] let's make a mailing list URN and then develop a URN->mailto: mapping ;-) [17:29:54] what is a server? [17:30:08] imap server @ example.com [17:30:10] eliot.lear : yeah lets use NAPTR for that :-) [17:30:17] Rickard Bellgrim leaves the room [17:30:30] netwerkeddude leaves the room [17:30:30] Rickard Bellgrim joins the room [17:30:34] leifj, clearly u-naptr [17:30:58] dnsname, srv name? [17:31:03] define rules for representation [17:31:06] =JeffH joins the room [17:31:08] user-centric NAPTR in zeroconf :-) [17:31:13] Ted: why not s-naptr? [17:31:15] ;-) [17:31:47] application servers only [17:31:51] issuance rules [17:31:51] bernie: you're already getting a uri out of u-naptr; it's simpler [17:31:55] wildcard [17:32:28] *.example.com so that a number of different components can use the same cert [17:32:41] open discussion [17:32:50] disallowed = foo*.example.com [17:32:57] should we allow * at all? [17:33:01] hildjj joins the room [17:33:19] if app uses SRV then cert should include SRV name [17:33:28] once we have a generic DNA approach, the need for * drops precipitously. [17:33:33] cert may include identity type of URI [17:34:07] ogud joins the room [17:34:16] Ted: so you think you can do without SRV in between... [17:34:50] use of CN discourage [17:35:02] dave crocker [17:35:19] want to create a high degree of determinism. [17:35:31] try this, this, and this, is less deterministic [17:36:18] mccreary leaves the room [17:36:18] mccreary joins the room [17:36:46] <=JeffH> eliot lear: the search alg is in the recommendation rather than in other specs [17:37:29] <=JeffH> dave crocker: if you start with the wrong string, u will not succed [17:38:08] peter: [17:38:40] connecting to example.com- that could be put into the CN, it could be put into the dns name, it could be put into the srv name, IN THE CERT [17:39:09] dave: what field should be reviewed in the cert? [17:39:31] dave expressed concerned about the ambiguity? [17:39:40] cert-id@ietf.org [17:39:43] ed lewis [17:39:56] when you try to make something secure you make it brittle [17:40:11] Rickard Bellgrim leaves the room [17:40:20] Rickard Bellgrim joins the room [17:40:21] do you have to have exact match in order to be sure you are dealing with ed lewis when edward is his name? [17:40:26] MIC: but it's already too late to do that because everyone wants what they've been doing to be allowed [17:40:27] can one have some flexibility? [17:41:42] peter: [17:42:08] the purpose here is to move away from CNs, and to facilitate discussions that are already occuring within CA community [17:42:12] Cyrus Daboo [17:42:49] jhildebr leaves the room: Disconnected. [17:43:30] Leif J. [17:43:48] tangential discussion in the pkrg of the brittleness of verification [17:43:59] please show up to discuss [17:44:07] Andrew Sullivan leaves the room [17:44:14] Andrew Sullivan joins the room [17:44:22] dave crocker: [17:44:31] this is competitive with DNSSEC [17:44:36] pkng@irtf.org [17:44:44] not meeting this week [17:45:07] installed base v. moving forward [17:45:14] are you trying to do a BCP or a spec? [17:45:28] peter: [17:45:30] BCP [17:45:56] verification rules [17:45:59] stfnruffini joins the room [17:47:24] Pelase help! DNS "aliases" [17:47:29] Andrew Sullivan [17:48:16] CNAME aliases the name [17:48:25] DNAME aliases names below and not the name [17:48:38] can't have DNAME and CNAME for the same name, and people want to have this mechanism [17:48:52] IDNA variants [17:49:22] two equivalent ==xn--... [17:49:30] color.example and colour.example [17:49:36] mccreary leaves the room [17:49:57] myco.tld1 and myco.tld2 [17:50:09] What are we trying to do? [17:50:19] Trying to define what do we mean by the same? [17:50:43] gathering requirements [17:50:49] don't care about semantics [17:51:03] what does it mean to have two trees be the same [17:51:31] if you let us decide, we're not doing any work [17:51:56] active discussion on namedroppers [17:52:03] one hour in DNSEXT [17:52:21] john klensin: he has no flying pigs [17:52:50] one comment- the variations on the same that he mentioned are not the entire scope of what has been proposed by various people in the form of an assertion on how things would work in their world [17:53:10] we have seen proposals that do absolute synchronization [17:53:14] while i'm bikeshedding: a UUID RR. [17:53:25] look up both, compare the UUIDs. [17:53:31] please tell me what all the names are that point to this node [17:53:46] cyrus leaves the room [17:54:36] what are the compromises that can be made/ [17:54:38] ? [17:54:50] pete resnick [17:55:05] Shouldn't this be solved on the zone editing level and not in DNS? If you e.g. want to sign this zone, then you still have to split it into different zone files, since there are some RDATA with domain names in. [17:55:28] why can't you have a cname at the same level of the dname? [17:55:57] olafer: specified in spec [17:56:03] pete: but why not? [17:56:19] john: because there is an installed base [17:56:27] pete resnick: what fails? [17:56:29] Andrew Sullivan leaves the room [17:56:37] Andrew Sullivan joins the room [17:56:42] mic please [17:56:54] xmlscott: what? [17:57:06] pete: what breaks? [17:57:16] sorry -- people making comments too far from a mic [17:57:28] susanne wolf: clients will break [17:57:42] 1034 is very very clear [17:57:48] caches wouldn't know what to do [17:58:25] dave crocker: [17:58:35] are you doing a bcp or a spec? [17:58:42] a spec means code changes [17:59:36] maybe a different port for massive dns changes [17:59:40] response: [18:00:03] 1. two trees that get you to the same place- could be done in provisioning side [18:00:21] that would keep from breaking resolvers [18:00:39] 2. this is not the mechanism that we get to dns-ng [18:00:55] john klensin: [18:01:23] ooo! we could have a DNSng? i assumed we could never proposed that. maybe we'd build security in from the ground up this time. [18:01:43] we discussed this all before [18:02:05] maybe we can continue to defer this discussion of dns-ng [18:02:10] rgonzalez leaves the room [18:02:42] Andrew Sullivan leaves the room [18:02:50] Andrew Sullivan joins the room [18:03:23] klaas wierenga WebSSO-SASL integration [18:04:11] we have a number of organizations that deploy federated identity [18:04:27] many non-web apps [18:04:37] how can we leverage what exists for non-web applications [18:05:11] there is a bar bof thursday evening on same topic, way more complicated but potentially more powerful solution [18:05:23] Rickard Bellgrim leaves the room [18:05:31] <=JeffH> note that there's a non-trivial # of IDP implementations that speak both SAML and OpenID [18:05:31] we're going as simple as possible for leveraging existing solutions for non web applications [18:05:34] Rickard Bellgrim joins the room [18:05:48] two drafts- draft-lear-ietf-sasl-openid-00 [18:05:56] draft-wierenga-ietf-sasl-saml-00 [18:06:17] don't want client developers to go through lots of hassle [18:06:41] can't touch deployed systems (IdPs) [18:06:56] <=JeffH> also note that one can argue that "the Web" encompasses all protocols that have a URI format encoding protocol operations (e.g. LDAP, XMPP, FTP, etc) -- rather than only HTTP/HTML/XML [18:07:00] can't change openid or saml spec [18:07:23] Ted leaves the room [18:07:31] SASL intro [18:07:53] JeffH, you'd have to argue that to the SAML/Oauth crowd. many of their approaches are tightly coupled not only with HTTP(s), but also HTML. [18:08:21] SAML intro [18:08:44] SAML isn't specific to either, and the spec already accomodates other protocol patterns; the issue is whose code you want to impact [18:09:15] protocol flow now for saml [18:09:37] <=JeffH> what Klaas is presenting here is a specific SAML _profile_ -- the Web Browser SSO profile [18:10:02] JeffH: nod. but it's what is widely-deployed at the moment. [18:10:59] <=JeffH> wrt SAML, see also http://identitymeme.org/doc/draft-hodges-learning-saml-00.html [18:11:06] now openid flow [18:11:16] buckeyeskeeve: yes. the problem that these drafts have taken on is to assume that we can't influence the OpenID/SAML deployed base quickly enough, so is there something we can do with that assumption? [18:11:40] I don't agree with the assumption, at least in the SAML case [18:11:58] hardie joins the room [18:12:15] I can't address the "can SASL client mechs be written to do anything but launch a browser" question, however [18:12:16] proposal [18:12:31] two new mechanisms for SASL. basic flow slightly changes [18:12:44] <=JeffH> hildjj: saying simply "saml" when presenting the Web Browser SSO profile is vague -- am providing specific clarification [18:13:12] netwerkeddude: please send email to klaas [18:13:13] buckeyeskeeve: "launch a browser" is pretty easy to deploy both sides today, which is nice. [18:13:42] =JeffH: yes. valuable. and Klass probably needs to ensure that the language in the draft is crisp on that point. [18:13:50] now going through saml-sasl flow [18:14:22] hildjj: it works less well on some platforms, and usability is sometimes open to question [18:15:07] buckeyeskeeve: example? [18:15:19] (not disagreeing, just looking for concrete) [18:15:46] OpenID-SASL flow [18:16:10] hildjj: been told that mobile platforms don't handle it as well, and I've definitely heard disagreement from some usability people about the understandability of context switching users to a new app [18:16:13] there's another approach where the redirect goes to the SP, not the client, for clients that can't open accept ports. [18:16:38] whether the users go to a new app depends on platform [18:16:42] context-switch is an implementation detail. there are some clients that embed a browser instance. [18:17:12] stfnruffini leaves the room [18:17:15] <=JeffH> also wrt SAML and OpenID -- what's the diff, see http://identitymeme.org/doc/draft-hodges-saml-openid-compare.html [18:17:16] stfnruffini joins the room [18:17:32] observations [18:17:39] no changes on IdP [18:17:45] little change to clients [18:17:52] thrasher leaves the room [18:18:05] stfnruffini leaves the room [18:18:15] there may be no context switch if SSO already done [18:18:40] Klaas: not that pretty to fire off a browser [18:18:44] thrasher joins the room [18:19:22] thrasher leaves the room [18:19:38] need review from both security and application folks [18:19:55] questions: [18:20:00] channel bindings? [18:20:11] version naming skew for mechanisms and versions [18:20:22] Andrew Sullivan leaves the room [18:20:32] Andrew Sullivan joins the room [18:20:49] Rickard Bellgrim leaves the room [18:20:51] alexey melenkov (ad hat off): [18:20:57] ray_atarashi leaves the room [18:21:03] Rickard Bellgrim joins the room [18:22:12] where this should go? there are thoughts about rechartering SASL wg, they prefer this work to be in security area [18:22:30] <=JeffH> sec folk prefer this work to be in security area :) [18:23:33] chris newman- looks pretty good, few nits, let's avoid sub-negatiation [18:24:07] client needs to send to the server an authorization identifier field. it may be empty and default to a server-provided field [18:24:42] Openid draft had an issue with success data [18:24:50] it's due to the IMAP profile [18:25:09] send attributes as success data [18:26:03] ADAV [18:26:06] Randall Gellens leaves the room [18:26:36] fenton leaves the room [18:27:11] fenton joins the room [18:27:37] appreciation of lisa [18:27:37] fenton leaves the room [18:27:39] tlyu leaves the room [18:27:40] Julian leaves the room: Computer went to sleep [18:27:42] Rickard Bellgrim leaves the room [18:27:44] a very fast speaking of words [18:27:45] Andrew Sullivan leaves the room [18:27:46] bernie leaves the room [18:27:46] Barry Leiba leaves the room [18:27:50] simo.veikkolainen leaves the room [18:27:50] =JeffH leaves the room [18:27:52] hildjj leaves the room: Disconnected. [18:27:52] resnick leaves the room [18:27:57] Eran Hammer-Lahav leaves the room [18:28:06] ꈲ leaves the room [18:28:09] hardie leaves the room [18:28:15] sm leaves the room [18:28:18] stpeter leaves the room: Computer went to sleep [18:28:30] lellel leaves the room [18:28:38] we're adjourned [18:28:38] linuxwolf leaves the room: Disconnected. [18:28:49] eliot.lear leaves the room [18:28:52] leifj leaves the room [18:29:00] yone leaves the room [18:29:25] sal leaves the room [18:29:51] cnewman leaves the room [18:30:44] ylafon leaves the room [18:30:47] buckeyeskeeve leaves the room [18:32:30] ogud leaves the room [18:34:58] ylafon joins the room [18:35:02] ylafon leaves the room [18:39:06] healthyao2000 leaves the room [18:40:51] rgonzalez joins the room [18:42:38] stfnruffini joins the room [18:42:43] stfnruffini leaves the room [18:42:55] tonyhansen leaves the room [18:48:24] stfnruffini joins the room [18:48:27] stfnruffini leaves the room [18:49:55] rgonzalez leaves the room [18:53:25] xmlscott leaves the room [19:22:31] ꈲ joins the room [19:49:36] ꈲ leaves the room [20:01:39] ꈲ joins the room [20:25:14] ylafon joins the room [20:25:53] ylafon leaves the room [20:31:11] ꈲ leaves the room [20:32:43] healthyao2000 joins the room [20:51:10] ylafon joins the room [20:51:23] ylafon leaves the room [20:51:36] ylafon joins the room [20:51:40] ylafon leaves the room [22:38:17] linuxwolf joins the room [22:38:17] fujiwara leaves the room [22:38:53] ꈲ joins the room [22:43:59] linuxwolf leaves the room [22:44:43] healthyao2000 leaves the room [22:44:44] healthyao2000 joins the room [23:05:13] healthyao2000 leaves the room [23:41:14] ꈲ leaves the room