Jan 29-31 Provo F2F Agenda

Higgins face-to-face meeting in Provo, Utah, January 29-31, 2008.

Logistics

• Location: Novell's office. 1800 South Novell Place, Provo, UT 84606, (801) 861-7000
• Time: The event will start Tuesday at 9:00AM and end Thursday at noon.
  • For early-comers and late-leavers, we're planning one or more ski days. See the ski poll
• Hotel: Several of us are staying at the Marriott Conference Center in Provo (Map). There are also a few hotels within walking distance (may have to deal with snow though)
• Weather: Dress warmly. It may be cold.
• Getting there: Most people fly into the SLC airport and drive to Provo. Here are directions from SLC International Airport to Novell.

Expected Attendees

1. Dale Olds - Novell
2. Jim Sermersheim - Novell
3. Mary Ruddy - SocialPhysics/Parity
4. Paul Trevithick - SocialPhysics/Parity
5. Tony Nadalin - Bandit
6. Tom Doman - Novell
7. Daniel Sanders - Novell
8. Phil Hunt - Oracle
9. Drummond Reed - Cordance/Parity
10. Andy Hodgkinson - Novell
11. Duane Buss
12. Michael McIntosh - IBM
13. Markus Sabadello - Parity
14. Carl Binding - IBM
15. Uppili Srinivasan - Oracle
16. George Stanchev - Serena
17. Anthony Bussani - IBM

Attending by Phone (watch this space for conf #):

1. Brian Carroll - Serena
2. Paula Austel - IBM
3. David Primmer - Google (for session on STS IdP + SAML IdP refactoring)
4. Bruce Rich - IBM
5. Greg Byrd - IBM (for configuration discussion, possibly more)

Tuesday

NOTES ON THE AGENDA PROCESS

The agenda as proposed on this wiki page is just a place to start. Usually we rearrange and adjust the topics as the meeting progresses. We take notes right in this wiki page. If a demo is included it is in the topic's title line "[DEMO]". If the topic can't be moved there should be a bullet.

We will track at least the agenda on the #Higgins IRC channel.

9:00-9:20 Welcome, Introductions, Logistics [Paul, Mary, Dale]

• Introductions
• Eclipse ground rules
• Logistics

[30min] Higgins 1.0 Release Plans [Mary]

• Review of 1.0 bug list
• Status of IP Review
• Status of "graduation from incubation" review
• Estimated 1.0 Release date: _________

[1+hr] IdAS & IGF Design [Jim and Phil]

• Call in session??
• [1hr] Presentation of IGF Requirements

[1hr] API Extensibility [Jim]

• Jim present requirements
• Discussion

[1hr] Higgins Data Model [Paul & Jim]

• See Higgins Data Model
• HOWL & IdAS
  • [Paul] Review of proposed changes to higgins.owl
  • Quick look at OWL 1.1
  • Relax to OWL-Full (withdraw decidability requirement)
  • Jim's 4/5 open issues <need to enumerate them here>
• Authorization?

[30min] Higgins on Android [Mike?, Paul?]

• IBM
  • IBM's CES Demo
• Parity
  • [5min] Parity's work
    • WebKit limitations
    • Javascript injection approach
    • Challenges/Issues
    • Wishlist
• Starting an Android work area within Higgins?
  • IP issues around Android
  • Contributions

[10min] DEMO: Eclipse-based Selector [Mike]

• Solution: Eclipse-based Selector Solution
• Installation on Windows with IE
• Sign in to RP site

[45min+] Higgins Selector Selector [Mike, Paul]

• Intro: Read http://www.incontextblog.com/?p=17
• Discussion of the design
• See diagram on slide #7 here: <missing link>
• See also Higgins Platform Support notation proposal

[15min] Report on Java Impl Selector Performance Issues [Paul]

• <Brian: need to insert a pie chart here with wiki page>

[45min] Selector UIs [Tony?, Andy?]

• Higgins is blessed(!) with multiple i-card selector UIs:
  • client-based "DigitalMe" on Linux
  • client-based "DigitalMe" on OSX
  • Eclipse-based
  • web-based Firefox(in-browser)
  • web-based IE/AIR
• Need to reduce the number of parallel implementations
• Need to converge on a common UI
• Need to improve the UI

[30min] DEMO: Client-based Selector "DigitalMe" [Andy]

• Demo
• Current status
• Integration of next-gen HBX and Higgins Selector Selector ??
• Documentation
  • Harmonization of Bandit site
• Roadmap

The Future of the Configuration Component

• Configuration component: need two versions of Configuration.common (one for plugin-based configurations and one for jar-based configurations)
• support "writing" not just reading
• better support for passwords in the file
• make it possible to do "round tripping" somehow (MikeM)
• central configuration service?
  • problems: how to transfer stuff from file system (e.g. keystore) to the service?
  • we're currently passing objects around that are hard to serialize
  • use JSON
• Configuration UI?
• NOTE: Greg B. would like to call in, if this discussion happens. Any time other than 1-3:30pm Tuesday (Mountain Time) would be ok.

Autobuilds, Auto-tests

• Eclipse features?
• C++
• Nightly Junit tests?

Moving, Renaming Components

• Split selector selector from HBXIE
• Plugins folder
• .deployment.idas.basic -> move to app?
• .rpps -> ss
• .rsse -> rename to .ss.rsse

Wednesday

[2hrs] STS IdP Solution in Depth [Mike]

• Similar to New York F2F sesion, but shorter
• (Weds or Thurs please)
• STS Work items:
  • STS token service still bypasses IdAS to access/update attributes
  • Sample STS should cut over to using XMLFile Context Provider
  • Use of "informationCard generator" in STS's profile service?
  • Currently the STS MEX endpoint only advertises support for transport-level security (using UN token or self-seigned SAML token)

[15 min] Card-based Oauth [Paul]

• Support for Oauth in the world of Higgins
• Oauth uses redirects all over the place and asks the person to sign in using un/pw at the service provider. There must be a better user experience.
• How about O-cards? User experience:
  • User gets an O-card from Service Provider (e.g. Google Calendar)
  • User fires up Oauth Consumer that wants Google Calendar data stream
  • Selector appears with Google Calendar card displayed
  • Selector UI asks to approve grant of rights
  • User clicks "Approve" button
  • Done. [No redirects, no un/pw entry at SP, etc.]

[45min] Merging SAML2 IdP into STS framework [Mike, Markus]

• Pre-merge refactoring
  • Should we rename low level reusable sts.* components -> htp.* (Higgins Token Processing)
• Task planning
• Resources

[45min] [DEMO] Novell open source IdP presentation [Daniel]

• (Weds or Thurs please)
• This uses the Higgins STS and IdAS components. Presentation will include the following:
• High level architectural overview of IdP and how Higgins STS and IdAS are used.
• Demonstration.
  • Download the IdP tarball.
  • Build it.
  • Deploy to server that has Tomcat installed.
  • Configure using web based admin.
    • Miscellaneous configuration.
    • Configuration of attributes that can be stored.
    • Configuration of information card templates.
    • Configuration of Java keystore
    • Configuration of IdAS context provider.
    • Look at the XML configuration files that are generated by admin.
    • Customizing how the IdP will look and feel.
  • Create user account
  • Manage user account, including change password
  • Issue information card using a card template
  • Use information card

[10min] [DEMO] Web-based Selector Demo [Paul]

• We've added what we think is a UI improvment over CardSpace UX: "remember this card (at this site)" (coupled with "remember this password for the card")
• <Brian: I need wiki page describing logic if/else of this function>
• Need to discuss "twinkle" idea, "unremember" function

[15 min] [DEMO] Web-based Selector Demo [Jeesmon]

• [3 min] HBX/Firefox Demo [Paul]
• [12 min] HBX/IE AIR web-based Selector Demo [Jeesmon remote from Needham, MA]
• Architecture Diagram including integration with Selector Selector
• Installation demonstration
• Login to RP site demonstration

[20min] Web-based Selector: HBX Authentication and the Selector Service [Drummond]

• Today the web-based selector uses a username (community XRI i-name) and master password to authenticate directly to the back end selector service.
• A new approach is to factor out provisioning and authentication of a client-side identity selector to separate web services. This approach has several advantages:
  • It can provide non-identifying tokens to provision and/or authenticate a back end selector service account, preserving privacy.
  • It can standardize provisioning and configuration of multiple front-end identity selectors (e.g., on different devices all used by the same user) to talk to the same back end identity agent.
  • It can opening new models of authentication in the future without requiring changes to the back end identity agent service.
• Work has begun on a protocol for this purpose: ISAP - Identity Selector Authentication Protocol.

[45min] Introduction to R-Cards [Paul]

• Evolution of i-card definition
• Definition of r-card
• Where r-cards fit in Higgins Data Model
• Proposed data format (schema) [Drummond]
• How they work -- the BestBuy COA "VRM" use case

[1hr] Introduction to XDI and X3 [Drummond]

• Very brief background on OASIS XDI TC
• Explain how XDI is the protocol equivalent of the Higgins Data Model (and that's why I'm working with Paul and Markus and Higgins)
• Show a few simple examples of X3 (using Markus' XDI Converter) to show how the XDI RDF Model can be used to implement the HDM and vice versa.
• Point out the XDI RDF Model sections.
• Finish by showing X3 for the same r-card scenario that Paul went through

[15min] [DEMO] XDI4J Code Walk-through [Markus]

• Introduce XDI4J
• Give a basic tour
• Show the XDI Messenger
• Show the XDI messages that would be transmitted for the BestBuy COA VRM use case Paul

Terminology & ISIP Interop [Paul]

• Information Cards vs. I-Cards
• Managed, Personal, and Shared --card categories
• R-Cards, ISIP-M-Card, ISIP-P-Card --card types
• UA-to-RP
• UA-to-IdP
• UA card import/export
• Other interop issues
• Discuss the development of a "portable ledger" format that would allow import/export of this ledger so that card history could be maintained (at least within Higgins selectors)

[30min] Five ways to integrate OpenID [Paul]

1. OP Uses Cards for Auth (prevents phishing)
2. Sxip OpenID Cards (OpenID claim type in managed cards or shared cards)
3. OpenID Card: fills in pw at OP (prevents phishing)
4. OpenID CP: OpenID OP into CP
5. OpenID & Cards: Grand Unification

Thursday (ends at noon)

1.0 and 1.1 and... Plan

• Review of outstanding bugzilla bugs (known bugs in 1.0)
• Branch proposal:
  • Create branches (as we do now) for stable builds
  • Just keep marching towards 1.1, 1.2, 1.3 etc.
• 1.1 Plan
  • Highlights

Introduction to Open Identity Network Non-profit [Paul]

• See OIN and http://openidentitynetwork.org
• Status of incorporation/launch
• Marketing plan for 2008
• Operating plan for 2008

RSA (April) and Catalyst (July) Interop Planning

• Objectives?
• Documentation of Higgins (eclipse-based, client-based, web-based) interop status/results?
  • The Higgins wiki is still circa June 2007
  • Need a matrix of support for Higgins 1.0
• New functionality
  • R-Cards
  • OpenID
  • Selector Selector

Review and discussion of alternative to Microsoft's i-card logo [Paul]

• Why we can't live with the current one
• Road forward

Marketing & Outreach [Paul, Mary]

• State of the art evangelizing: dataportability evangelism projects. We should be so cool. They have a killer YouTube video already.
• [Paul] New http://higgins-project.org website
  • Folding in http://cloudtripper.org/ underneath?
• [Mary] Press release plan: coordination with Eclipse Foundation
• Discussion of how we will publicize Higgins 1.0.
• Outreach to independent OSS developers
  • What should we be doing? Should we have an plan?
  • What example CPs would get folks excited? A Twitter CP?
• Outreach to other related efforts
  • Dataportability.org - What more should we be doing
  • Semantic Web crowd
  • ...other groups

Thursday afternoon - Unofficial Continuation

• Whoever wants to stay, stay

Fodder

• Beyond Higgins 1.0

Links

• Higgins Home