WG_Meeting 2022 01 11

Agenda

Gail's presentation re: SSE 2022 plan
Cisco SSE open source implementation is available, but no opinion on certification
Implementation maturity should precede creating a certification program
Is interop testing more important than certification? Seem so, given the number of implementations
What does an interop test look like? Gail shared how GAIN and other WGs are doing it
We would like to have OIDF support for doing the interop test
Support from OIDF to revamp the website (aligned with the OIDF "website refresh" initiative)
Tom Sato volunteered to draft the new website - how did FAPI get their page (fapi.openid.net)
FAPI page was a collaboration with FDX that didn't come to fruition. Not a model we should follow right now.
WG should update the home page on their own
OIDF is separately working on a website refresh
We should link to the sse.guide page from the WG home page.

Atul - CTO at SGNL, a new company working on enterprise authorization. Formerly at Google. Been with the WG from the beginning.
Shayne - works at Cisco, with SSE since mid-summer. Working diligently to implement some of this implementer's draft. Architect at Cisco working on authentication.
Lee - Director of Technical Strategy at Okta. Working on this in the past year. Championing this internally (program, strategy). Reach out to me if you would like to do anything with Okta
Gail - Executive Director of OIDF
Tom - Joined working group last autumn. Speciality is market adoption and outreach
Joshua Metz - Cisco, building the sample reference implementation. Work on the Duo security space
Tim - Standards architect at Microsoft and one of the original folks working on CAEP
Rifaat - Auth0 / Okta, Chair of the OAuth working group at the IETF. First time attending this meeting.
Stan - CEO of VeriClouds - provide identity threat intelligence. Contributing to the WG for about 3 years now.

How much compatibility should we maintain with a previous draft spec. Complicating this is that Google already has an implementation.
Precedent in the OIDC is that there is no backward compatibility with OIDF, but we could follow the OIDC model where we can add non-normative text at the end of the spec. The text may or may not mention specific implementations
There could be some value to improve some OIDF processes. How do we reference prior implementer's drafts of the spec?
We could follow the IETF model where we have multiple published versions of a draft spec, but you could reference a previous draft for backwards compatibility
Is it a nomenclature issue? Or is it just the WG flagging something as a referenceable draft?
WG assigns a specific numbered draft and can refer to it normatively
We should copy the style of the OIDC spec
Atul to update the PR with that language

People are getting interested in SSE
Talked to Ebay, Rakuten, Facebook, Booking.com, Coupang and so on
We should have developer onboarding style webinars or meetings
People who are interested need to convince their colleagues, so they need materials
Masterclass at Identiverse - proposed by Tom Sato

Proposed Panel
OIDF is going to be a non-profit sponsor of the conference
OIDF may get a breakout room, which we can use even if we do not get on the formal agenda

Can we alternate between one week of technical discussions and one week of other discussion so that we make progress on both fronts
We should mark each meeting in the wiki with a Tech / non-tech annotation