In-Person Account Chooser Workgroup meeting in Seattle June 11th

[Eric Sachs]

Microsoft will be hosting an in-person workgroup meeting from 10am-4pm Pacific Time on June 11th.  If you are interested in attending in person, please respond to this thread.  Microsoft & Google will each have a few people attending, and we are hoping others will join as well.  First dibs on seats go to current members of the workgroup.  We are still finalizing a room, so we are not sure yet how many seats there will be.  The meeting will be operated under standard OIDF IPR policies.  A key goal is to leverage the longer timeslot and in-person meetings to walk away with items we believe need to be specifications.

Some of the suggested agenda items include the following.  Feel free to suggest others

• walkthrough of security/privacy reasons for Select Account page being shown by an Account Chooser instead of the website a user is logging into
  
• comparison of the AccountChooser.com service to similar types of APIs appearing on mobile platforms such as Android.  While those APIs might be proprietary to the platform, is their any API standardization we might try to pursue
  
• enabling users to pick their own Account Chooser service on a given browser instance, and clarifying the standard API interfaces
  
• brainstorming how a vendor could build a "smart" Account Chooser service that a user might enable, including remembering their preferred accounts for a given site.  Try to figure out if that requires change the standard API interface
  
• should we have a standard for those services to send/receive passwords with the site, including auto-generated passwords?  What about other fields like gender, age, etc.
  
• discuss different bootstrapping strategies for getting account entries into an Account Chooser.  Should we allow certified websites to push in emails from their own domains automatically?  Websites with higher certification might be able to push in any emails.  Should that require a yearly payment on top of certification fees?
  
• given only an email address from an Account Chooser what might best practices be for RPs to discovery whether a "good" IDP exists for that domain, and how to interact with it
  
• more discussion of UX best practices on the Select Account page of showing email address only with no IDP meta-data
  
• should AccountChooser offer a standard "Add Account" page to collect email and promote OS/browser specific options for different humans who share a device?
  
• should AccountChooser offer a standard "Signup" page that shows the know IDPs for that email, along with option to use a password or auto generated password
  
• should AccountChooser management page that lets entries be deleted also warn user's that it is safer to reset the cookie jar or user account or OS
• Updated SelectAccount UX based on additional user experience studies
• Publishing low-level Advanced' API 'docs for integration with an Account Chooser

--

Eric Sachs | Group Product Manager for Identity | esa...@google.com 

[Brian Berliner]

        -Brian

Sent from my iPhone

--
 
---
You received this message because you are subscribed to the Google Groups "OIDF Account Chooser list" group.
To unsubscribe from this group and stop receiving emails from it, send an email to oidf-account-choos...@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.
 
 

[Eric Sachs]

>> First dibs on seats go to current members of the workgroup.  We are still finalizing a room, so we are not sure yet how many seats there will be.

Unless you have already contacted me about a seat at the meeting, all the spots are now taken.  We will take detailed notes though and publish them afterwards.

[Paul Agbabian]

Hey Eric did my folks register with you?

Paul

Sent from my mobile device

--

[Eric Sachs]

>> Hey Eric did my folks register with you?

BrianB and I have a 1on1 thread to finalize logistics.

[Mike Jones]

We’ve upgraded the room to 43/3600, which holds 20 people and has room around the outside for additional chairs, if needed.  Bring ’em on! J

 

                                                            -- Mike

[Pamela Dingle]

Just when I thought I was too late....

Count me in!  This is going to be epic.

Pamela Dingle  |  Sr. Technical Architect
PingIdentity  |   www.pingidentity.com
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
O: 303-999-5890   M: 303-999-5890
Email: pdi...@pingidentity.com
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Connect with Ping Twitter: @pingidentity LinkedIn Group: Ping's Identity Cloud     Facebook.com/pingidentitypage

Connect with me Twitter: @pamelarosiedee

[Eric Sachs]

I posted a public doc with logistics/agenda/attendees.  Anyone should be able to add comments to it.  If you want edit rights, let me know.

We can try to use the same doc to collect notes during the meeting itself.

[Edmund Jay]

I would like to attend this meeting also.

-- Edmund

[Eric Sachs]

Great.  There is now room for additional people.  Is there any logistical information you need that is not already listed on the agenda?

--

 
---
You received this message because you are subscribed to the Google Groups "OIDF Account Chooser list" group.
To unsubscribe from this group and stop receiving emails from it, send an email to oidf-account-choos...@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.
 
 

[Mike Jones]

It seems like it would be important for us to have a discussion about what the working group is planning to standardize and what it is not (and why), to record those decisions, and to develop a plan for who will be writing what standards-track documents when.  Possible things that could be standardized include the JavaScript APIs, the HTML 5 local storage formats, and possible future data structures and procedures enabling users to roam Account Chooser state between browsers.  In fact, if not too presumptuous, I’d like this to be the first item, since it’s central to what the working group’s deliverables are.

 

Could you add this to the agenda, Eric?

 

(If decisions about this are already recorded by the working group, please excuse my not being up to speed.  In that case, this agenda item could be morphed to be just reviewing those decisions.)

 

I’m looking forward to seeing many of you in Redmond soon!

 

                                                                                -- Mike

 

From: oidf-account...@googlegroups.com [mailto:oidf-account...@googlegroups.com] On Behalf Of Eric Sachs
Sent: Wednesday, May 29, 2013 5:15 PM
To: oidf-account-chooser-list
Subject: Re: In-Person Account Chooser Workgroup meeting in Seattle June 11th

 

Great.  There is now room for additional people.  Is there any logistical information you need that is not already listed on the agenda?

[Tim Bray]

As Eric knows, I'm becoming fairly fanatical over the bootstrap process, since I’ve discovered that AccountChooser is easy to sell developers when it’s loaded with accounts, and very difficult when it’s empty and the first developers in have to bear all the costs of loading it up, while receiving none of the benefits. So almost everything else is fairly uninteresting to me until we have a plan in place to crack that nut.

 -T

[David Primmer]

I feel the same as Tim and it didn't take long for me to come to this realization. While those considering implementing AC may be comforted by having all the security and standards boxes checked, that's not what sells it as a product. All the demos show it bootstrapped and that's what people want.

[Pamela Dingle]

Hi all,

Ping has a new developer evangelist named Bradford Stephens.  I'm hoping Bradford can significantly contribute to our outreach and materials, Eric if there is room could you add Bradford to the attendance list for the meeting?  Bradford has already applied to be a member of this mailing list.

Thanks,

Pamela

[Eric Sachs]

There is room for Bradford.  Fortunately the MSFT folks were able to get a bigger room.

I updated the agenda to list both him and Edmund as attendees.  I have received some other emails with suggested modifications to the agenda.  I have not had time to process those yet, but will try to do so soon.

[Nat Sakimura]

I understand that, but from the point of view of locking down the IPR, we have to have the spec and vote on it. 

True, the bootstrapping problem is very important for the developers. 

However, if there is no spec document with locked down IPR, then when the developers of significant relying party tries to go online with their code, the legal department is likely to put a brake on it. 

So, it has to be done as well. 

As to populating the central AccountChooser, is it possible for significant RPs in OIDF to cooperate and start populating AC? 

2013/5/30 Tim Bray <twb...@google.com>

--
Nat Sakimura (=nat)

Chairman, OpenID Foundation
http://nat.sakimura.org/
@_nat_en