Attending: Joel Farrell, Valerie Smothers, Prasad Chodavarapu, Andy Rabin, Scott Kroyer
Confirm Toufeeq and James can attend face to face.
1 Review of Security Guidelines
Joel will do an editorial pass on the guidelines this week. Prasad reviewed section 4. For 4.1.2, Joel recommended we may suggest something simple like open id connect if they don't have a complicated scenario. Prasad agreed. Andy clarified that OAuth would be the first choice. Joel noted f-j should be subbullets of e. Prasad noted one variation of third party is using google id or another third party. Prasad noted that he is recommending people use products rather than try to implement on their own. That is a general recommendation that would apply across scenarios. Joel offered to think about where to put that. He noted that some things have the same recommendations whther self hosting or third party.
For 4.2, Joel suggested chainging the title to IAM for applications between Enterprises (or use between organizations? - VS). For 4.2.2, Prasad clarified that the general approach would not change if Organization A uses self or third party hosted. He asked if the recommended option should be OAuth 2. Joel agreed that would be helpful.
4.3 has potential for future applications. It would allow for much broader exposure. Joel agreed this would be most important going forward.
4.4, Prasad noted many applications can hook into your identity provider of choice. Organizations can grow while keeping their identity management approach intact. Office 365 is an example.
Joel agreed the use cases were very good.
Section 5: Joel agreed SSO is becoming a must have. Joel noted that SAML is not growing like OAuth 2 and Open ID, but it is essential in some envornments. We may want to mention SAML2. Prasad agreed. Joel noted the mention of the movement to cloud-based identity management. He noted most enterprises don't use that yet. We should avoid prognostications we can't back up. He may tweak the working.
Joel noted references would not be visible if printed. Valerie offered to make them more like our other references. Joel said time permitting, Valerie will format. Joel added we can publish the final version after the meeting. the meeting will provide an opportunity to review. Prasad agreed there may be changes resulting from the meeting,
2 Prep for TSC Session at annual meeting
Joel noted that flow diagrams may provide a good overview of the technology. We can focus on the use cases. Joel noted he has availability to speak with Prasad further. We will plan to distribute the security document ahead of time.
3 Security doc review
4 API discussion with WG members
Joel asked who should attend. They would need to receive a copy. Candidates: Amy Opalek, Kirke Lawton, Cyndi Streun, Tarang Shah, Sascha Cohen, Susan Albright, Ed Kennedy, Radu Vestemean, other vendors. Joel noted we will divide time between this and questions about APIs. This could go 40-20 minutes. Valerie will send a draft invitation to Joel. Joel and Prasad will follow-up on slides. Scott noted he will attend.