Jan 29-31 Provo F2F Agenda

Higgins face-to-face meeting in Provo, Utah, January 29-31, 2008.

Logistics

Location: Executive Briefing Room 1, Building H, Novell's office. 1800 South Novell Place, Provo, UT 84606, (801) 861-7000, map
- After you enter building H, the executive briefing rooms are through glass doors on your right.
- Call Jim at 801 380 8760 if you have any problems.
Time: The event will start Tuesday at 9:00 AM and end Thursday at noon.
- A continental breakfast will be available starting at 8:30 AM
- For early-comers and late-leavers, we're planning one or more ski days. See the ski poll
Hotel: Several of us are staying at the Marriott Conference Center in Provo (Map). There are also a few hotels within walking distance (may have to deal with snow though)
Weather: Dress warmly. It may be cold.
Getting there: Most people fly into the SLC airport and drive to Provo. Here are directions from SLC International Airport to Novell.

Expected Attendees

Dale Olds - Novell
Jim Sermersheim - Novell
Mary Ruddy - SocialPhysics/Parity
Paul Trevithick - SocialPhysics/Parity
Tony Nadalin - Bandit
Tom Doman - Novell
Daniel Sanders - Novell
Phil Hunt - Oracle
Drummond Reed - Cordance/Parity
Andy Hodgkinson - Novell
Duane Buss
Michael McIntosh - IBM
Markus Sabadello - Parity
Carl Binding - IBM
Uppili Srinivasan - Oracle
George Stanchev - Serena
Anthony Bussani - IBM

Attending by Phone (888-457-5984, passcode 5849826). Alert us on #higgins IRC for agenda items you wish to join for:

Brian Carroll - Serena
Paula Austel - IBM
David Primmer - Google (for session on STS IdP + SAML IdP refactoring)
Bruce Rich - IBM
Greg Byrd - IBM (for configuration discussion, possibly more)

Tuesday

NOTES ON THE AGENDA PROCESS

The agenda as proposed on this wiki page is just a place to start. Usually we rearrange and adjust the topics as the meeting progresses. We take notes right in this wiki page. If a demo is included it is in the topic's title line "[DEMO]". If the topic can't be moved there should be a bullet.

We will track at least the agenda on the #Higgins IRC channel. If you wish to call in for an agenda item, please let us know on the #higgins IRC channel and we'll set up a conference bridge. The conference bridge number will be 888-457-5984, passcode 5849826

9:00-9:20 Welcome, Introductions, Logistics [Jim, Paul, Mary, (Dale)]

Introductions
Eclipse ground rules
Logistics
- We will post the current agenda item to #higgins
  - Need IRC Scribes: Mike and Jim volunteered
- Will take notes onto this Wiki
  - Need Wiki Scribes (we'll decide per session)

9:30 [2:20 hrs] IdAS & IGF Design [Jim and Phil]

See 2008 Provo F2F IdAS & IGF Design Session Notes

11:50 [15min] Higgins 1.0 Release Plans [Mary]

Review of 1.0 bug list
Status of IP Review – IP Log accepted
Status of Release Review
- Have OK to hold review
- Tentatively scheduled for Feb 13
- First drafts slides due 1/30
- Final slides due 1/3
- Final slides posted by EMO on 1/6
- Can release if get OK at release review (no more waiting period)
- Possible Eclipse announcement date – Feb 20
Status of "graduation from incubation" review - Revisit this after complete Release Review and 1.1 planning
Eclipse Quality page

Lunch

1pm Tuesday Afternoon

[15min] Introduction to Higgins [Paul]

As we move towards paying more attention to documentation and technical marketing of what we've already done, we need to find a way to divide Higgins into logical peices.
Paul will introduce the new three layer model (See Solutions)
Paul will then focus on the "new/old" bottom layer: (see Higgins Global Graph)

[10min] API Extensibility [Jim]

Now that we've decided to consider Higgins APIs "provisional" (see <insert link>) this issue is something that we can keep working on over time.
Jim present requirements
- Differing proposals are at IdAS API Extensibility
- Are we going to use deprecation?
We're pushing this beyond 1.0, and tentatively pushing this agenda topic to a later slot.

[1hr] IdAS and the Higgins Data Model; Open Issues [Jim]

Background: Higgins Data Model
Issues are tracked at Data Model Open Issues#General
- Covered "mixed attribute values" and "Closed or Open Simple data types" but didn't really get a lot of resolution.
- Still need to talk about other two issues

3:00pm 15 min break

3:15pm [30min] HOWL and the Higgins Data Model; Proposed update [Paul]

For background, here is the existing howl:HOWL
Review of proposed changes to higgins.owl: HOWL Update
New higgins.owl
Person.owl Example

4:10pm [15min] Higgins on Android [Tony, Paul]

IBM
- IBM's CES Demo
Parity
- [5min] Parity's work
  - WebKit limitations
  - Javascript injection approach
  - Challenges/Issues
  - Wishlist
Starting an Android work area within Higgins?
- IP issues around Android
- Contributions

4:20pm [10min] DEMO: Eclipse-based Selector [Mike]

Solution: Eclipse-based Selector Solution
Installation on Windows with IE
Sign in to RP site

4:30pm [45min+] Higgins Selector Selector [Mike, Paul]

Intro: Read http://www.incontextblog.com/?p=17
Platform-idependent architecture:
Discussion of the design
See diagram on slide #7 here: <missing link>
See also Higgins Platform Support notation proposal

[5min] Report on Java Impl Selector Performance Issues [Paul]

Selector Performance Information

[15min] DEMO: Client-based Selector "DigitalMe" [Andy]

Demo
Current status
Integration of next-gen HBX and Higgins Selector Selector ??
Documentation
- Harmonization of Bandit site
Roadmap

9:00am Wednesday Morning

[45min] Selector UIs [Tony?, Andy?]

Higgins is blessed(!) with multiple i-card selector UIs:
- GTK-based "DigitalMe" on Linux
- Cocoa-based "DigitalMe" on OSX
- RCP-based
- Firefox-embedded (requires hosted I-Card svc)h
- AIR-based (requires hosted I-Card svc)
Need to reduce the number of parallel implementations
Need to converge on a common UI
- Document the steps in any login process where: (trying for "common enough" here)
  - The user needs to make a decision (e.g. to operate a control)
  - What information is needed by the user to make the decision
  - Where this information comes from
  - What is at risk if such a choice is hidden from the user, e.g. by user preference
Need to improve the UI
What about http://wiki.eclipse.org/User_Interface_Best_Practices_Working_Group

9:45AM [15 min] [DEMO] AIR-based Selector Demo [Jeesmon]

[3 min] HBX/Firefox Demo [Paul]
[12 min] HBX/IE AIR web-based Selector Demo [Jeesmon remote from Needham, MA]
Architecture Diagram including integration with Selector Selector
Installation demonstration
Login to RP site demonstration

[10min] [DEMO] Web-based Selector Demo [Paul]

We've added what we think is a UI improvment over CardSpace UX: "remember this card (at this site)" (coupled with "remember this password for the card")
Remember this Card Overview
Need to discuss "twinkle" idea, "unremember" function

[30min] The Future of the Configuration Component [Greg]

Configuration component: need two versions of Configuration.common (one for plugin-based configurations and one for jar-based configurations)
support "writing" not just reading
better support for passwords in the file
make it possible to do "round tripping" somehow (MikeM)
central configuration service?
- problems: how to transfer stuff from file system (e.g. keystore) to the service?
- we're currently passing objects around that are hard to serialize
- use JSON
Configuration UI?
NOTE: Greg B. would like to call in, if this discussion happens. On Wednesday, I'm available 9-11am and 12:30-3:00 (Provo time).

10:40 [1hr] Access Control [Tom]

Access Control Issues in LDAP
Acesss Control Issues in JNDI
General Access Control Issues
Providing Access Control through IdAS
Should we start collecting use cases?

Wednesday Afternoon

[2hrs] STS IdP Solution in Depth [Mike]

Similar to New York F2F sesion, but shorter
(Weds or Thurs please)
STS Work items:
- STS token service still bypasses IdAS to access/update attributes
- Sample STS should cut over to using XMLFile Context Provider
- Use of "informationCard generator" in STS's profile service?
- Currently the STS MEX endpoint only advertises support for transport-level security (using UN token or self-seigned SAML token)

[20 min] Considerations for a multi-protocol ID provider [Uppili]

When considering merging of STS and SAML from a Higgins infrastructure perspective, it will be useful to discuss and get some common understanding about what is the ultimate "functional" objective. Are there cross-functional use cases in scope for the resulting multi-protocol system, or are we just sharing code between what would be completely independent systems. Would this guide how to approach the same issue if a reference implementation of OpenID were considered as part of Higgins (in future).
- Look at the canonical layers of an IDP
- Allude about infrastructure building blocks that can be shared
- Meditate about some cross-protocol use cases / scenarios (like global sign-out)
( I think this item should be here or somewhere prior to the "Merging" discussion, below).

[45min] Merging SAML2 IdP into STS framework [Mike, Markus]

Pre-merge refactoring
- Should we rename low level reusable sts.* components -> htp.* (Higgins Token Processing)
Task planning
Resources

[45min] [DEMO] Novell open source IdP presentation [Daniel]

(Weds or Thurs please)
This uses the Higgins STS and IdAS components. Presentation will include the following:
High level architectural overview of IdP and how Higgins STS and IdAS are used.
Demonstration.
- Download the IdP tarball.
- Build it.
- Deploy to server that has Tomcat installed.
- Configure using web based admin.
  - Miscellaneous configuration.
  - Configuration of attributes that can be stored.
  - Configuration of information card templates.
  - Configuration of Java keystore
  - Configuration of IdAS context provider.
  - Look at the XML configuration files that are generated by admin.
  - Customizing how the IdP will look and feel.
- Create user account
- Manage user account, including change password
- Issue information card using a card template
- Use information card

[45min] Introduction to R-Cards [Paul]

Evolution of i-card definition
Definition of r-card. See R-Card
Where r-cards fit in Higgins Data Model
Proposed data format (schema) [Drummond]
How they work -- the BestBuy COA "VRM" use case

[1hr] Introduction to XDI and X3 [Drummond]

Very brief background on OASIS XDI TC
Explain how XDI is the protocol equivalent of the Higgins Data Model (and that's why I'm working with Paul and Markus and Higgins)
Show a few simple examples of X3 (using Markus' XDI Converter) to show how the XDI RDF Model can be used to implement the HDM and vice versa.
Point out the XDI RDF Model sections.
Finish by showing X3 for the same r-card scenario that Paul went through

[15min] [DEMO] XDI4J Code Walk-through [Markus]

Introduce XDI4J
Give a basic tour
Show the XDI Messenger
Show the XDI messages that would be transmitted for the BestBuy COA VRM use case Paul

Thursday (ends at noon)

1.0 and 1.1 and... Plan

Review of outstanding bugzilla bugs (known bugs in 1.0)
Branch proposal:
- Create branches (as we do now) for stable builds
- Just keep marching towards 1.1, 1.2, 1.3 etc.
1.1 Plan
- Highlights

Introduction to Open Identity Network Non-profit [Paul]

See OIN and http://openidentitynetwork.org
Status of incorporation/launch
Marketing plan for 2008
Operating plan for 2008

RSA (April) and Catalyst (July) Interop Planning

Objectives?
Documentation of Higgins (eclipse-based, client-based, web-based) interop status/results?
- The Higgins wiki is still circa June 2007
- Need a matrix of support for Higgins 1.0
New functionality
- R-Cards
- OpenID
- Selector Selector

Review and discussion of alternative to Microsoft's i-card logo [Paul]

Why we can't live with the current one
Road forward

Marketing & Outreach [Paul, Mary]

State of the art evangelizing: dataportability evangelism projects. We should be so cool. They have a killer YouTube video already.
[Paul] New http://higgins-project.org website
- Folding in http://cloudtripper.org/ underneath?
[Mary] Press release plan: coordination with Eclipse Foundation
Discussion of how we will publicize Higgins 1.0.
Outreach to independent OSS developers
- What should we be doing? Should we have an plan?
- What example CPs would get folks excited? A Twitter CP?
Outreach to other related efforts

- http://dataportability.org
- http://www.opendatacommons.org/
- http://practicalportability.org/
- Semantic Web crowd
- Etc
Events

Thursday afternoon - Unofficial Continuation

Whoever wants to stay, stay

Fodder

Beyond Higgins 1.0

Links

Higgins Home

Breadcrumbs

Notice: This Wiki is now read only and edits are no longer possible. Please see: https://gitlab.eclipse.org/eclipsefdn/helpdesk/-/wikis/Wiki-shutdown-plan for the plan.