IETF
GNAP
gnap@jabber.ietf.org
Tuesday, March 9, 2021< ^ >
Room Configuration
Room Occupants

GMT+0
[15:39:46] Meetecho joins the room
[15:50:03] Natalie Ennis_web_777 joins the room
[15:50:03] Tobia Castaldi_web_144 joins the room
[15:50:03] Adrián Sánchez_web_742 joins the room
[15:52:46] Leif Johansson_web_772 joins the room
[15:53:21] Justin Richer_web_578 joins the room
[15:53:26] Yaron Sheffer_web_739 joins the room
[15:54:09] Stefan Santesson_web_406 joins the room
[15:54:24] Leif Johansson_web_772 leaves the room
[15:54:28] Leif Johansson_web_201 joins the room
[15:54:52] Denis PINKAS_web_263 joins the room
[15:55:17] Mark McFadden_web_411 joins the room
[15:55:20] Roman Danyliw_web_969 joins the room
[15:55:59] Roman Danyliw joins the room
[15:56:16] Leif Johansson_web_201 leaves the room
[15:56:40] <Justin Richer_web_578> wow, that's a fancy title slide! :)
[15:56:53] Leif Johansson_web_821 joins the room
[15:57:12] Jonathan Hammell_web_570 joins the room
[15:57:17] <Yaron Sheffer_web_739> Thank you! (Bows)
[15:57:20] Michael StJohns_web_439 joins the room
[15:57:39] Aaron Parecki_web_370 joins the room
[15:58:21] Kristina Yasuda_web_543 joins the room
[15:58:40] Andrew S_web_736 joins the room
[15:58:42] Ken Takayama_web_478 joins the room
[15:59:16] Steve Olshansky_web_538 joins the room
[15:59:28] Kohei Isobe_web_957 joins the room
[15:59:33] Rebecca Guthrie_web_144 joins the room
[15:59:55] Dave Robin_web_456 joins the room
[15:59:59] fabien imbault_web_926 joins the room
[16:00:08] Stefan Santesson_web_406 leaves the room
[16:00:11] Stefan Santesson_web_922 joins the room
[16:01:24] Clint McKay_web_329 joins the room
[16:02:09] Diego Lopez_web_689 joins the room
[16:02:44] Steve Olshansky_web_538 leaves the room
[16:03:03] fabien imbault_web_926 leaves the room
[16:03:06] fabien imbault_web_103 joins the room
[16:03:22] Olle Johansson_web_123 joins the room
[16:03:39] Steve Olshansky_web_716 joins the room
[16:04:46] <Olle Johansson_web_123> sorry, don't know how long I can stay
[16:04:53] <Jonathan Hammell_web_570> I'll take notes
[16:05:03] <Steve Olshansky_web_716> same for me, will likely have to drop, sorry
[16:05:03] Lixia Zhang_web_520 joins the room
[16:05:08] Lixia Zhang_web_520 leaves the room
[16:05:40] <Roman Danyliw> Thank you Kristina and Jonathan
[16:05:50] Clint McKay_web_329 leaves the room
[16:06:04] <Justin Richer_web_578> Remember, multiple people can edit the notes at the same time
[16:06:45] <Justin Richer_web_578> (and yes, thank you to the note takers!)
[16:07:43] Greg Schumacher_web_221 joins the room
[16:07:59] Bron Gondwana_web_181 joins the room
[16:09:38] Steve Olshansky_web_716 leaves the room
[16:10:33] Valery Smyslov_web_365 joins the room
[16:10:41] Steve Olshansky_web_878 joins the room
[16:10:44] Karen Staley_web_205 joins the room
[16:11:34] Michael StJohns_web_439 leaves the room
[16:17:37] Hannes Tschofenig_web_760 joins the room
[16:26:47] Robin Wilton_web_924 joins the room
[16:28:54] <Justin Richer_web_578> (chairs, please time box these big discussions to ~~30-35min each)
[16:29:09] fabien imbault_web_103 leaves the room
[16:29:12] fabien imbault_web_538 joins the room
[16:33:56] Hannes Tschofenig_web_760 leaves the room
[16:38:14] Andrii Deinega_web_113 joins the room
[16:40:17] Stefan Santesson_web_922 leaves the room
[16:40:50] Stefan Santesson_web_724 joins the room
[16:42:46] <Leif Johansson_web_821> SAML will be around after the zombie apocalypse locust invastion nuclear disaster
[16:43:58] <Justin Richer_web_578> You're not wrong :woman-shrugging:
[16:44:07] <Kristina Yasuda_web_543> DIDs identify keys of the user - not closer to sub_types than assertions..?
[16:44:42] <Leif Johansson_web_821> hmmm yeah possibly
[16:44:44] <Justin Richer_web_578> @Kristina - that's one of the open questions! Is it a reference to a signed/verifiable DID document, or just a DID as an identifier itself?
[16:45:01] <Justin Richer_web_578> Since it's dereferenceable directly it's not as clear-cut as some of the other cases
[16:45:10] <Kristina Yasuda_web_543> depends on what is in DID Doc possibly
[16:46:04] Diego Lopez_web_689 leaves the room
[16:46:06] <Roman Danyliw> Is there a sense of the bound on the claims involved in attestation? I ask to inquire whether we are approaching https://datatracker.ietf.org/doc/draft-ietf-rats-eat/
[16:46:40] <Leif Johansson_web_821> @roman if you squint everything looks like an assertion
[16:47:20] <Justin Richer_web_578> @Roman I think that's more useful for the "client attestation and posture" stuff that's been hand-waved about, EAT could be a good fit there instead of a user assertion
[16:47:41] Kohei Isobe_web_957 leaves the room
[16:47:44] <Justin Richer_web_578> I really don't think we want to invent an assertion format for anything if we can avoid it
[16:47:47] Kohei Isobe_web_475 joins the room
[16:48:19] <Leif Johansson_web_821> +1 on that
[16:52:41] <Leif Johansson_web_821> other attestation formats typically bring their own trust model though and thats one thing we'll have to provide an open interface for
[16:53:06] <Justin Richer_web_578> agreed, extensibility in this dimension needs to be built-in
[16:53:08] <Leif Johansson_web_821> eg how do you deal with embedded xmldsig
[16:53:34] <Robin Wilton_web_924> If only there were some kind of defined... vector of trust...
[16:53:36] <Kristina Yasuda_web_543> we expect support for DIDComm..?
[16:53:49] <Justin Richer_web_578> @Robin someone should write that. @Leif, any ideas?
[16:53:52] <Kristina Yasuda_web_543> that's not HTTPS even
[16:54:17] <Roman Danyliw> EAT largely registered a set of reusable claims to capture particular classes of information.  There are additional RATS document that do more (and make assumptions).
[16:55:01] <Justin Richer_web_578> @Kristina Fabien's slides here are for starting discussion, how to negotiate what's available is part of what we need to figure out in real terms. Good news is that negotiation is fundamental to GNAP
[16:55:05] <Leif Johansson_web_821> so it would be easier to eat EAT as it were
[16:55:25] <Roman Danyliw> @leif: exactly
[16:55:30] <Justin Richer_web_578> I'm not sure I want to EAT RATS, or eat what RATS EAT, but ... yes?
[16:59:23] Olle Johansson_web_123 leaves the room
[17:01:56] Jiri Novotny_web_726 joins the room
[17:02:17] Jiri Novotny_web_726 leaves the room
[17:03:41] Kathleen Moriarty_web_422 joins the room
[17:04:18] <Justin Richer_web_578> @Roman so the EAT piece would probably fit under "client"
[17:05:42] Andrew S_web_736 leaves the room
[17:07:32] Mark McFadden_web_411 leaves the room
[17:07:39] Leif Johansson_web_821 leaves the room
[17:07:44] Leif Johansson_web_124 joins the room
[17:08:50] Leif Johansson_web_124 leaves the room
[17:09:05] Leif Johansson_web_518 joins the room
[17:10:41] <fabien imbault_web_538> "DIDs identify keys of the user - not closer to sub_types than assertions..?" - that was the question raised in slide sub_ids vs assertions.
[17:12:22] <fabien imbault_web_538> "we expect support for DIDComm..?". Discussion item, because remote ROs are not covered today. DIDComm is indeed early stage.
[17:14:10] <fabien imbault_web_538> "EAT/RATS": the question raised in what kind of assertions we support + yes, samlv2 will remain for a while.
[17:16:25] <fabien imbault_web_538> All of that is completely open to discussion and we welcome suggested text !
[17:21:42] Andrii Deinega_web_113 leaves the room
[17:21:46] Andrii Deinega_web_188 joins the room
[17:24:00] <Stefan Santesson_web_724> The AS as generic token factory makes a lot of sense
[17:24:51] Denis PINKAS_web_263 leaves the room
[17:24:54] Denis PINKAS_web_554 joins the room
[17:25:57] Andrii Deinega_web_188 leaves the room
[17:26:00] Andrii Deinega_web_226 joins the room
[17:26:59] <Robin Wilton_web_924> +1 Justin. In this architecture, theASpolicy may well be opaque to consumers of the tokens it mints.
[17:27:21] <Leif Johansson_web_518> +1 (as an individual)
[17:28:16] <Robin Wilton_web_924> (we've seen plenty of patterns in the past where the AS' policies were extensively defined... and where that ended up making no difference to the RP)
[17:33:59] <Kristina Yasuda_web_543> yes, thank you.
[17:37:35] <Roman Danyliw> Summarizing the proposed next step out of the ML discussion would make it easier for the WG to concur
[17:38:32] <fabien imbault_web_538> sure
[17:38:38] <Justin Richer_web_578> can do
[17:39:12] Greg Schumacher_web_221 leaves the room
[17:39:47] <Justin Richer_web_578> +1
[17:39:54] <Kristina Yasuda_web_543> I would catch up on the thread to understand why DIDs are thought to be treated as assertions and comment - still think those belong to subject_types as they are identifiers and the purpose of DIDDoc is to provide information for cryptographic identifier verification rather than providing assertions (it could but that is not the main purpose I believe)
[17:40:07] <Roman Danyliw> Cadence of regular interims seems to help.  +1
[17:41:09] <fabien imbault_web_538> Happy to get the discussion on DIDs. Actually, could be either or, depending on what we intend to do.
[17:42:52] Steffen Fries_web_320 joins the room
[17:43:39] <Aaron Parecki_web_370> I have to drop now, thanks everyone!
[17:44:13] Steffen Fries_web_320 leaves the room
[17:44:21] Aaron Parecki_web_370 leaves the room
[17:44:55] <Justin Richer_web_578> "valid access token" is a GNAP access token as validated by GNAP
[17:45:35] <Justin Richer_web_578> GNAP doesn't have anything to say about non-GNAP-protected resources (including unprotected resources)
[17:48:37] <Kristina Yasuda_web_543> shifting to an ad hoc trust model is very challenging (from pre-establishing trust model)
[17:49:00] <Justin Richer_web_578> +1 Kristina, this has been shown to scale even less
[17:49:03] <Justin Richer_web_578> (in practice)
[17:50:38] Leif Johansson_web_518 leaves the room
[17:50:48] Leif Johansson_web_626 joins the room
[17:55:17] Adrián Sánchez_web_742 leaves the room
[17:59:04] Bron Gondwana_web_181 leaves the room
[18:00:33] <Robin Wilton_web_924> Denis' argument against capability-only tokens seems to imply that pseudonymous or anonymous  authorisation is never required. That doesn't sound very privacy-friendly.
[18:00:57] Kathleen Moriarty_web_422 leaves the room
[18:01:01] <Justin Richer_web_578> and it doesn't account for non-user-centric tokens
[18:01:24] <Robin Wilton_web_924> Thanks everyone - very interesting session.
[18:01:29] Rebecca Guthrie_web_144 leaves the room
[18:01:32] Dave Robin_web_456 leaves the room
[18:01:32] Steve Olshansky_web_878 leaves the room
[18:01:34] <Roman Danyliw> And we'll look the to the ML for the interim meeting timing
[18:01:37] Kristina Yasuda_web_543 leaves the room
[18:01:39] Andrii Deinega_web_226 leaves the room
[18:01:40] Denis PINKAS_web_554 leaves the room
[18:01:42] Stefan Santesson_web_724 leaves the room
[18:01:44] Roman Danyliw_web_969 leaves the room
[18:01:44] Justin Richer_web_578 leaves the room
[18:01:45] Ken Takayama_web_478 leaves the room
[18:01:45] Leif Johansson_web_626 leaves the room
[18:01:45] Karen Staley_web_205 leaves the room
[18:01:46] Robin Wilton_web_924 leaves the room
[18:01:46] Yaron Sheffer_web_739 leaves the room
[18:01:57] Natalie Ennis_web_777 leaves the room
[18:02:05] Tobia Castaldi_web_144 leaves the room
[18:02:06] Jonathan Hammell_web_570 leaves the room
[18:02:06] fabien imbault_web_538 leaves the room
[18:02:06] Kohei Isobe_web_475 leaves the room
[18:02:06] Valery Smyslov_web_365 leaves the room
[18:06:03] Meetecho leaves the room
[18:08:06] Roman Danyliw leaves the room
[20:24:33] zulipbot joins the room
[20:25:06] zulipbot leaves the room: Disconnected: closed
[20:38:40] zulipbot joins the room
[20:38:57] zulipbot leaves the room: Disconnected: closed
[20:39:00] zulipbot joins the room
[20:39:23] zulipbot leaves the room: Disconnected: closed
[20:42:32] zulipbot joins the room
[20:43:36] zulipbot leaves the room: Disconnected: closed
[20:52:04] zulipbot joins the room