IETF
oauth@jabber.ietf.org
Wednesday, November 9, 2022< ^ >
Meetecho has set the subject to: OAuth at IETF113
Room Configuration
Room Occupants

GMT+0
[12:49:32] <zulipbot> (Aaron Parecki) good morning everyone!
[13:01:33] <zulipbot> (Filip Skokan) good afternoon
[13:14:58] <zulipbot> (Robin Wilton) Good point from the mic line.
[13:14:58] <zulipbot> (Aaron Parecki) "relying parties gonna rely" 😂
[13:15:12] <zulipbot> (Aaron Parecki) don't know if you heard the room Robin but there was a very audible chuckle
[13:15:25] <zulipbot> (Robin Wilton) I didn't - good to know ;^D
[13:16:02] <zulipbot> (Robin Wilton) FWIW I don't think we have a good handle on the technicalities of transitive trust, for claims like this; the idea that we will quickly get a handle on the technicalities of combinatiorial trust is... optimistic ;^)
[13:16:17] <zulipbot> (Robin Wilton) Which is not to say we shouldn't explore the issue.
[13:16:30] <zulipbot> (Aaron Parecki) +1, especially in an interoperable way. I'm sure people are already doing some variation of this independently
[13:17:47] <zulipbot> (Robin Wilton) Right - if you can't control what combinations people construct, interoperability is quickly reduced to "do the signatures verify?". Semantic interop is probably a pipe dream...
[13:18:42] <zulipbot> (Robin Wilton) *But* syntactic interop of combined claims is a worthy objective.
[13:48:54] <zulipbot> (George Fletcher) +1 for this being really important work
[13:50:13] <zulipbot> (George Fletcher) UX Design Patterns make sense to me
[13:52:14] <zulipbot> (Robin Wilton) +1; it makes sense *not* to design this so that trustworthiness depends on user actions - but in doing so, you have to have an assurance framework  for the entities it *does* depend on (i.e. third parties and user agents).
[13:52:27] <zulipbot> (Robin Wilton) .
[13:52:40] <zulipbot> (Robin Wilton) Was Justing perhaps thinking of SOUPS?
[13:52:53] <zulipbot> (Robin Wilton) *Justin
[13:55:04] <zulipbot> (Kristina Yasuda) Agrees with John
[14:26:08] <zulipbot> (Robin Wilton) +1 John; a layer of abstraction between the presented client_ID and the corresponding database index is a crucial design point.
[14:34:13] <zulipbot> (Robin Wilton) Thanks everyone  -  good session