Skip to main content

Notice: This Wiki is now read only and edits are no longer possible. Please see: for the plan.

Jump to: navigation, search

11.16.2006 F2F Agenda


Higgins logo 76Wx100H.jpg

Agenda for Higgins face-to-face meeting in Cambridge Massachusetts, November 16-17, 2006.


IBM's office at One Rogers Street, third floor, room 3154, in Cambridge, MA.

Planning to attend

  1. Jeff Broberg CA
  2. Abhi Shelat IBM
  3. Greg Byrd IBM
  4. Mike McIntosh IBM
  5. Tony Nadalin IBM
  6. Uppili Srinivasan Oracle
  7. Tom Doman Novell
  8. Mary Ruddy Parity
  9. Paul Trevithick Parity
  10. Sergei Yakovlev Parity
  11. Igor Tsinman Parity
  12. Gerry Beuchelt Sun

Thursday, November 16

8:30 Continental breakfast

9:00 Introductions, Orientation (15 min) [Mary and Paul]

  • Special welcome to Jeffrey Broberg and Uppili Srinivasan
  • Wifi passwords
  • #Higgins notetaker volunteer

9:15 IIW Demo (Dec4 in MountainView) (75 min) [Tom]

  • Design & implementation related to the joint Higgins/Novell planned demo
  • Discussion of positioning objectives for IIW in light of current IP constraints
  • [MikeM]: Describe planned Token Service to Identity Attribute Service integration planned for demo
  • Notes from this section.

The following URL summarizes progress on the reference application.

Mike discusses his managed-card creator app which is checked into org.eclipse.higgins.sts.informationcardgenerator. Shows a demo.

WS-MEX now subsumes WS-Transfer.

The Dec4 demonstration will show a remote identity-provider scenario using a Higgins STS and a modified Mediawiki. First, the IE7 user loads a managed card (created by Mike's app) into cardspace. Then, the IE7 user begins a login to the novell-modified mediawiki, the cardspace system is invoked, the user selects the managed card, the user's cardspace interacts with Mike's STS, the user eventually receives an RSTR, and processes this message to forward a token to the mediawiki to complete the login.

Currently, the STS is only configured on Mike's local machine. Todo: figure out how to run the STS on the eclipse-higgins server. Metadata endpoint is working, but not interacting correctly with Microsoft cardspace.

Discussion about configuration methods for ContextProviders.

Right now, to configure, we use one URI to open a context. That is not sufficient. There is need for parameters to be passed, but doing this binds us to a specific implementation. Eg. Context to store home personal information. Schema is name-address-phone number. Should be able to give that context a unique name. With idas, dream was to swap out context providers, switch between hosting provider (let marketplace compete on trust--this requires ability to switch operators). Promise of using URI to name context allows switching very quickly. If it is possible to unique idenitty "paul's personal stuff" with URI, and ability to export/import contexts, then potential to switch operator works well b/c context is not bound to a particular provider/url. This is the vision.

change name of ...CanCreate to ...CanOpen because creation suggests a new object whereas open suggests instantiating a handle to an object that already exists.

Summary: Registry binds a URI to a blob of configuration data. Details to be fleshed out by Paul here. Registry becomes stateful; it persistently maintains this binding (in addition to dynamically discovering providers, etc.).

10:30 Break (15 min)

10:45 Focused IdAS topics (60 min) [Tom]

  • What does a ContextURI really mean?
    • The Context "sameness" question is still not completely resolved; we need some written guidelines
  • Presuming that a ContextRef URI doesn't contain all configuration data required for a Context Provider (CP) to open/create a Context, then is there a new parameter required on IContextFactory.createContext?
  • Should we add one more parameter (probably of type java.util.Properties) to both canCreate and createContext methods of IContextFactory? (we may need to configure/re-configure a context post create)
  • If we are creating a new Context then should we pass in a schema at the same time?
    • In LDAP, schema is already fixed. In some other context providers, e.g. a pure rdf store, the schema must be specified. what if transferring context from another place?

(with importing, there must be some schema mapping)

  • We now have: identity) // Opens this Context using the provided identity.
    • We had talked earlier about having IContext.getOpenPolicy() define what should be passed to
  • Sergey Lyakhov recently proposed adding transaction support (adding begin(), commit() and rollback()) to IContext. Comments?
  • Why isn't IdASRegistry a singleton?
  • NEW: Schema API and association between attribute types and filter comparators

11:45 higgins.owl (15 min) [Paul]

  • alias property (sub-property of higgins:attribute, domain=DS, range=SubjectRelationship)
  • knows property (sub-property of higgins:attribute, domain=DS, range=SubjectRelationship)
  • simpleMetadata properties on ContextObjects: lastConnectionAttempt, lastConnection
  • password property (sub-property of higgins:attribute, domain=DS, range=StringSimpleAttribute)
  • adding all of the XSD literal types (still not done)

12:00 Lunch (45 min)

12:45 "Upper" Higgins Architecture (above IdAS and TS) (1hr 15min) [Paul]

  • Review latest Architecture changes
  • Walk through Higgins CardSpace self-issued I-Card Provider flow to get us all oriented
    • HBX -> RP Protocol Support -> ISS Web UI --> ISS -> I-Card Registry -> CardSpace I-Card Provider -> I-Card -> Token Service -> Token Provider -> IdAS etc.
  • Introduction to the I-Card concept (PPT presentation)
  • Detailed discussion of the three proposed I-Card Interfaces
    • Should we use OWL to represent complex claim types, or something simpler?
  • Description of the three concrete I-Card Provider implementations under development
    • CardSpace Managed I-Card Provider
    • CardSpace Self-Issued I-Card Provider
    • IdAS I-Card Provider
  • Proposal to use I-Card Manager to create new I-Cards vs. including this in ISS Web UI as in Microsoft's UX

2:00 IDmix (60 min) [Abhi]

  • Spelling of idemix vs. IDmix
  • idemix integration
    1. idemix plugin in the STS
    2. flows of policies through Higgins (e.g., from the relying party to the HBX, ISS all the way down to STS and the idemix plugin)

3:00 Break (15 min)

3:15 RP Security Policy (30 min) [Abhi]

  • Collect use cases and requirements (including non-auth use cases)

4:15 Higgins compatability with the Laws of Identity (30 minutes?) [Tony]

7:00? Dinner TBD

Friday, November 17

8:00 Continental breakfast

9:00 IIW Demo continued (30 min) [Tom]

  • Follow on issues

9:30 Token Service Update [Mike]

  • Latest progress, issues, integration with IdAS
  • Integration of Eclipse/Java registry for Token Providers?

9:45 Higgins components (30 min) [Paul]

  • Review Components
  • Javadoc & nightly builds
  • PSF & CVS
  • Dependencies
  • Builds - download page link, do we need doc too?
  • Concept of owner; responsibilities
  • Walk through each line

10:30 Break (15 min)

10:45 Use of third party software by Eclipse projects (30 min) [Mary]

11:15 Deployment Scenarios (30 min) [Paul]

  • Reviewing new Deployments (Deployment Scenarios) wiki page
  • Discuss scope, other deployments
  • NEW: STS / IdAS configuration issues

11:45 Lunch (45 min)

12:30 Registries (15 min) [Greg]

  • We need three registries (for Context Providers, Token Providers and I-Card Providers).
  • All need to work in both Eclipse/OSGI and raw Java runtime environments
  • Is this an opportunity for some share code?

12:45 Interoperability Space (30 min) [Paul]

1:15 Milestone planning (30 min)

  • reviewing progress on M0.6
  • spending some time mapping out 0.7, 0.8, 0.9 and 1.0

1:45 Claim data interoperability (15 min) [Paul]

  • Industry convergence on attribute/claim namespaces/schemas
    • Recent conversations with Microsoft and Verisign

1:30 Other Topics

  • OpenID support
  • Parity/Higgins/Second Life id verification project
  • What is the best use for our new vServer?
    • TS endpoint
    • IdAS endpoint
    • Entire Higgins service endpoint
    • Next Higgins face-to-face in Provo Utah at the end of January. Date to be finalized

3:00 Adjourn

See Also

Copyright © Eclipse Foundation, Inc. All Rights Reserved.