Skip to main content

Notice: This Wiki is now read only and edits are no longer possible. Please see: for the plan.

Jump to: navigation, search

Oct 2-4 Austin F2F Agenda

Higgins Face-to-Face meeting October 2-4, 2007


  • The main theme will be release 1.0 planning. We'll go through the components and build a master list of what work remains for 1.0. Then we'll reproject the 1.0 date.
  • Preparations for the interop event in Barcelona will be an additional theme.
  • Higgins 1.1 and beyond


  • Start: The event will start Tuesday, October 2 at 9:00AM
  • End: Thursday at noon.
  • Where: IBM Austin, 11501 Burnet Road, Austin, Texas, 78758. Report to building 904 to get your badge. The meeting will be held in building 901 3G14.
  • Hotel List for IBM Austin

See visitor information for google map, etc.

Expected Attendees

  1. Tony Nadalin (IBM)
  2. Mary Ruddy (Parity, SocialPhysics)
  3. Paul Trevithick (Parity, SocialPhysics)
  4. Greg Byrd (IBM, NC State Univ.)
  5. Bruce Rich (IBM)
  6. Jim Sermersheim (Novell)
  7. Michael McIntosh (IBM Research)
  8. Jeesmon Jacob (Parity)


9:10 Barcelona Interop Event

  • Preparations for Barcelona Interop Event
    • There are rumors of Microsoft showing up with a "v1.5" of CardSpace (packaged within in .NET Framework 3.5 Beta 2 ships within Vista SP1 and IE7). Unfortunately we have little information on what changes Microsoft has made and thus the interop implications.
  • Rumors are the Microsoft is considering using WS-Trust 1.3, and SOAP 1.1, WS-Addressing W3C/2005/08
  • Conclusions
    • Markus Sabadello (Parity) will attend to demonstrate the Higgins H1 Identity Agent
    • Andy (Novell) will demonstrate the Higgins H2 IA
    • In both cases we will likely demonstrate nothing different from what was recently demonstrated at DIDW and June Catalyst
    • Higgins project needs to request formally that the above rumored changes are (a) documented in, e.g. Information Card interoperability profile 1.5??" and (b) that this document be covered under the OSP
    • Higgins project will not begin work on interoperability with these new 1.5 changes
    • In any event this work will not be part of Higgins 1.0

10AM Higgins 1.0

2:50pm IPR update [Mary]

Clear up the following:

  • Axiom 1.2 is approved (we have some folks using 1.2.2 who need to move back to 1.2)
  • Apache Commons Logging 1.04 (is approved) vs. 1.01 confusion
  • mail1.4 is part of the axis 1.4 (is approved) distribution (otherwise the STS doesn't use it)

Still unresolved:

  • OpenXDAS (auditing framework) used by the JNDI Context Provider
  • OpenXRI --Drummond is working to get signatures, etc. to resolve this


  • The OpenID foundation put out three documents: "OpenID IPR Policy" Process", "OpenID IPR Policy Rationale" for 30 day review. It looks promising.


  • We're just about caught up with the Components dependencies

3:15pm Change 3rd party lib location

Starting week of Oct 8th:

  • Create one Higgins project containing all approved .jar files
  • Create one project containing all of un-approved .jar file (and the lib folder is empty)
  • Create one Maven script to pull down all third-party .jars
  • Create one Maven script to pull down all unapproved third-party .jars

3:25 Higgins and JAAS

  • H4 deployment will include a JAAS LoginModule for RCP
    • H4 will be OSGI-based
    • There is an RCP-based client that can also be used to login to clients

3:30pm Improving H2 Deployment

  • Paul to create a proposal for what we'd like to see in the way of improved H2 documentation
  • Initial thoughts are
    • to make this only developer-friendly, not end-user friendly
    • Maven configure and build script

Other Topics

  • Ability to configure IdAS Registry using Configuration API


9:25AM New RP Enablement

  • MikeM: presentation of new contribution

10:05 Higgins and CardSpace RP Compatibility

  • RP summit: makes sense when we have some new features (e.g. new params to the <object> tag) that add value
  • There are some issues. Tracking the OSIS work in this area. There may be IP issues here. E.g. Pam may not have the rights to the IP behind the recommendations she's making.

10:30AM Configuration Issues

  • Issue: how to allow you to discover how to configure any one of the configurable Higgins component
  • This is not for 1.0
  • ISettingDescriptor
  • Jim: Should we have an XML description of the ISettingDescriptor that could be put at the top of an XML file that contains configuration datasets?
  • Daniel posted an example of something like that to the dev list

10:50AM CDS Demo

11:00AM Preparing a response to Microsoft's OSP Update (July 9th 2007)

  • Mary to get from Tony some IP issues related to <object> tag, etc.
  • New parameters to the <object> tag
    • e.g. multiple issuers AND/OR
  • Issues around the upcoming (.Net 3.5 version) of CardSpace
  • Need to verify that an agent can post N>1 token in the POST

11:30AM RESTful interface to IdAS

  • e.g. have a look at
  • At present we have no REST-full interface to IdAS
  • Is this in scope for Higgins?
  • Are others in the Higgins community interested in contributing to this effort?
  • Consensus seems to be yes and yes

1:15pm Demo of the RP Code

1:30pm-2:20 Barcelona Round 2

3pm Meeting with Equinox Folks


9:30AM [Jim] An IdAS look at IGF

Jim: I went through the IGF documents, especially the IGF MRD collecting the requirements

Examples of requirements:

  • allow for intended usage statement in requests
    • intended attributes as well as intent to propagate, store, cache, or need to update
    • can be passed in advance or as part of exchange
  • allowable usage can be associated with data returned
  • discovery based on requirements
    • e.g. this kind of schema, this kind of functionality
  • fine-grained error reporting
    • ie. allow a partial subject to be returned with specific errors indicating why certain attributes were withheld. a way to report an exception "you didn't get attribute #5 because there's a policy restriction in place"
  • auditability of actions
    • when you read the MRD it implies that humans are reading documents
    • things that happen that create audit logs and be able to compare with policy, etc.
  • access control model
    • ability to manage (update permissions)
    • ability to query (e.g. can Joe perform a read on Alice's telephoneNumber attribute?)
    • enforcement
  • schema advertisement
  • function/feature advertisement (at the least access-control-ish things like "can I update attribute"
  • mapping/obfuscation/filtering/minimization
    • name transformation, masking, value transformation
  • attributes differ from properties
    • attributes are traditional identifier/value form
    • properties are always true or false
      • example: isOverEighteen, Last4SSNDigits is "1234", PoliticalAffiliation is neither "republican" nor "democrat"
      • VS IdAS: we have compare operations or search filters (could be thought of as "canned comparisons")
  • one API to allow an app to consume from different sources
    • example is similar to an RP which consumes some identity data from an RSTR and other identity data from a local DB
  • What IdAS can do towards this today?
    • allows part of intended usage statement
      • IdAS allows a caller to state which attributes will be read when fetching a subject
      • nothing else is conveyed (intent to propagate, cache, etc.)
      • can't convey in a stateful way
  • one API to allow an app to consume from different sources
    • example is similar to an RP which consumes some identity data
    • ...Jim to copy in here the rest of his PPT points
    • IdAS elements allow metadata
      • ...Jim to copy in here
    • schema is discoverable, but probably not in any format IGF expects
  • What IdAS can't yet do
    • no ACM or enforcement
    • no discovery based on capabilities, schema, access control,
    • no way to assert intended usage
    • no partial attribute support
    • no mapping (only via special CP's)
    • no auditing or recommended audit callouts

Build Errors

  • java
  • Axiom 1.2.2 vs. 1.2

Prep for 2pm CDT OSIS Barcelona Call

11:50AM Next Steps


  • M1.0M9 build of the STS is needed by 10/5
  • Complete the merge of AnthonyB's branch --Valery

Build Process Liason(!)

  • Jeesmon will take over responsibility for coordinating:
    • Maven script for approved third party libraries
    • Maven script for non-approved...
    • Maven configure script for IdAS
    • Master tutorial wiki page on:
      • How to create nightly build scripts
      • How to create Maven configure script
      • How to create Maven build script
  • Every Higgins call we'll review P1 1.0 items

Next F2F

  • Jan 8-10 Provo

Tabled for beyond Higgins 1.0

  • Architectural changes including:
    • Support for ability for user to edit some attributes managed by an external STS/IdP. Attribute maintenance. Metadata about attributes. User can request changes to an attributes. Different levels of attributes. Etc. (e.g. R-Cards, etc.)
  • Moving towards Agent Broker-based architecture
  • Mike's "Basic Auth" i-card idea
    • Jim suggests we look at recent IETF efforts in this area
  • Need a working session: Higgins UI and its relationship to CardSpace's UI
  • Date of next F2F
  • IdAS Futures
    • Changes to IdAS to support eventual WSDL for IdAS
    • 197366 C# binding for IdAS
    • Access Control Model
      • Access Control CP
    • Remotable IdAS Interfaces
    • Better schema support (including modifications)
    • Capabilities-based selection of Context
    • Refactor AuthN to something like JAAS
    • C# Implementation.
    • Audit Instrumentation
    • Allow policy (like CARML requirements) to be passed through.
      • May need API Extensibility in order to pass policies through to the backing data store
    • Activation Framework for CPs
    • IdAS Alignment with IGF (includes a number of the above)
  • Selector issues
    • How to present the different selectors to the world
    • How to move forward toward commonality (Progress discussion on selector collaboration)

Back to the top