IdCommons - User contributions [en]

Higgins Project Charter

2011-10-09T23:06:46Z

Paul.trevithick: /* Current Membership */

=== Name ===

Higgins Project Working Group

=== Purpose ===

The primary purpose of this working group is to support the efforts of the Higgins project. Higgins 2.0 is a project to create an open source Personal Data Service (PDS) that let's you control how your personal data is shared with friends and organizations you trust. A PDS is a cloud-based service that works on behalf of you, the individual. It gives you a central point of control for personal information about a you. Things like your interests, contact information, addresses, profiles, affiliations, friends, and so on. A PDS is a place where you establish bi-directional data flows between external businesses and your PDS. Or between your friends' PDS and your PDS.

=== Principles ===

* The Higgins Working Group will function according to the Identity Commons Principles
* See [[Purpose And Principles]].

=== Practices ===

The Higgins project operates under the practices of the Eclipse Foundation. We have a developer mailing list, hold weekly developer calls, and periodic face-to-face meeting. See the [http://eclipse.org/higgins Higgins Project]website for more details.

=== Requirements of Participation and How to Join ===

* This working goup is open to anyone working on, using or furthering the adoption of Higgins.
* See the [http://www.eclipse.org/ Eclipse Foundation] for information on participation.

=== Licenses and/or Restrictions on Usage of Work Product ===

* The Higgins open source project operates as a project of the Eclipse Foundation.
* All work is done under [http://www.eclipse.org/legal/epl-v10.html the Eclipse Public License (EPL)]

=== Current Deliverables and Milestones ===

* [http://www.eclipse.org/projects/project-plan.php?projectid=technology.higgins Higgins High-level Project Plan]

=== Current Meeting Schedule ===

* See the [http://eclipse.org/higgins Higgins Project website] and developers-list for details.

=== Current Membership ===

* Higgins is an open source project of the [http://eclipse.org Eclipse Foundation]. Participation is open to all.
* Mary Ruddy and Paul Trevithick are the project co-leads.

=== Current Stewards Council Representative and Alternate ===

* Mary Ruddy (Eclipse Higgins project, SocialPhysics)
* Paul Trevithick (Eclipse Higgins project, SocialPhysics)

=== Current Links ===

* [http://eclipse.org/higgins Higgins Project]

=== History ===

Approved by the [[Stewards Council]] on February 8, 2008.

* [[2007 Q4 Report Higgins]]
* [[2008 Q1 Report Higgins]]
* [[2008 Q2 Report Higgins]]
* [[2008 Q3 Report Higgins]]
* [[2008 Q4 Report Higgins]]
* [[2009 Q1 Report Higgins]]

Higgins Project Charter

2011-10-09T23:06:19Z

Paul.trevithick: /* Current Meeting Schedule */

=== Name ===

Higgins Project Working Group

=== Purpose ===

The primary purpose of this working group is to support the efforts of the Higgins project. Higgins 2.0 is a project to create an open source Personal Data Service (PDS) that let's you control how your personal data is shared with friends and organizations you trust. A PDS is a cloud-based service that works on behalf of you, the individual. It gives you a central point of control for personal information about a you. Things like your interests, contact information, addresses, profiles, affiliations, friends, and so on. A PDS is a place where you establish bi-directional data flows between external businesses and your PDS. Or between your friends' PDS and your PDS.

=== Principles ===

* The Higgins Working Group will function according to the Identity Commons Principles
* See [[Purpose And Principles]].

=== Practices ===

The Higgins project operates under the practices of the Eclipse Foundation. We have a developer mailing list, hold weekly developer calls, and periodic face-to-face meeting. See the [http://eclipse.org/higgins Higgins Project]website for more details.

=== Requirements of Participation and How to Join ===

* This working goup is open to anyone working on, using or furthering the adoption of Higgins.
* See the [http://www.eclipse.org/ Eclipse Foundation] for information on participation.

=== Licenses and/or Restrictions on Usage of Work Product ===

* The Higgins open source project operates as a project of the Eclipse Foundation.
* All work is done under [http://www.eclipse.org/legal/epl-v10.html the Eclipse Public License (EPL)]

=== Current Deliverables and Milestones ===

* [http://www.eclipse.org/projects/project-plan.php?projectid=technology.higgins Higgins High-level Project Plan]

=== Current Meeting Schedule ===

* See the [http://eclipse.org/higgins Higgins Project website] and developers-list for details.

=== Current Membership ===

* Higgins is an open source project of the [http://eclipse.org Eclipse Foundation]. Participation is open to all.
* Mary Ruddy and Paul Trevithick are the project co-leads.
* See [http://www.eclipse.org/higgins/team-leaders.php Higgins team-leaders] for more details.

=== Current Stewards Council Representative and Alternate ===

* Mary Ruddy (Eclipse Higgins project, SocialPhysics)
* Paul Trevithick (Eclipse Higgins project, SocialPhysics)

=== Current Links ===

* [http://eclipse.org/higgins Higgins Project]

=== History ===

Approved by the [[Stewards Council]] on February 8, 2008.

* [[2007 Q4 Report Higgins]]
* [[2008 Q1 Report Higgins]]
* [[2008 Q2 Report Higgins]]
* [[2008 Q3 Report Higgins]]
* [[2008 Q4 Report Higgins]]
* [[2009 Q1 Report Higgins]]

Higgins Project Charter

2011-10-09T23:05:56Z

Paul.trevithick: /* Current Deliverables and Milestones */

=== Name ===

Higgins Project Working Group

=== Purpose ===

The primary purpose of this working group is to support the efforts of the Higgins project. Higgins 2.0 is a project to create an open source Personal Data Service (PDS) that let's you control how your personal data is shared with friends and organizations you trust. A PDS is a cloud-based service that works on behalf of you, the individual. It gives you a central point of control for personal information about a you. Things like your interests, contact information, addresses, profiles, affiliations, friends, and so on. A PDS is a place where you establish bi-directional data flows between external businesses and your PDS. Or between your friends' PDS and your PDS.

=== Principles ===

* The Higgins Working Group will function according to the Identity Commons Principles
* See [[Purpose And Principles]].

=== Practices ===

The Higgins project operates under the practices of the Eclipse Foundation. We have a developer mailing list, hold weekly developer calls, and periodic face-to-face meeting. See the [http://eclipse.org/higgins Higgins Project]website for more details.

=== Requirements of Participation and How to Join ===

* This working goup is open to anyone working on, using or furthering the adoption of Higgins.
* See the [http://www.eclipse.org/ Eclipse Foundation] for information on participation.

=== Licenses and/or Restrictions on Usage of Work Product ===

* The Higgins open source project operates as a project of the Eclipse Foundation.
* All work is done under [http://www.eclipse.org/legal/epl-v10.html the Eclipse Public License (EPL)]

=== Current Deliverables and Milestones ===

* [http://www.eclipse.org/projects/project-plan.php?projectid=technology.higgins Higgins High-level Project Plan]

=== Current Meeting Schedule ===

* Higgins has weekly developers calls and holds periodic face-to-face meetings.
* See the [http://eclipse.org/higgins Higgins Project website] and developers-list for details.

=== Current Membership ===

* Higgins is an open source project of the [http://eclipse.org Eclipse Foundation]. Participation is open to all.
* Mary Ruddy and Paul Trevithick are the project co-leads.
* See [http://www.eclipse.org/higgins/team-leaders.php Higgins team-leaders] for more details.

=== Current Stewards Council Representative and Alternate ===

* Mary Ruddy (Eclipse Higgins project, SocialPhysics)
* Paul Trevithick (Eclipse Higgins project, SocialPhysics)

=== Current Links ===

* [http://eclipse.org/higgins Higgins Project]

=== History ===

Approved by the [[Stewards Council]] on February 8, 2008.

* [[2007 Q4 Report Higgins]]
* [[2008 Q1 Report Higgins]]
* [[2008 Q2 Report Higgins]]
* [[2008 Q3 Report Higgins]]
* [[2008 Q4 Report Higgins]]
* [[2009 Q1 Report Higgins]]

Higgins Project Charter

2011-10-09T23:05:08Z

Paul.trevithick: /* Purpose */

=== Name ===

Higgins Project Working Group

=== Purpose ===

The primary purpose of this working group is to support the efforts of the Higgins project. Higgins 2.0 is a project to create an open source Personal Data Service (PDS) that let's you control how your personal data is shared with friends and organizations you trust. A PDS is a cloud-based service that works on behalf of you, the individual. It gives you a central point of control for personal information about a you. Things like your interests, contact information, addresses, profiles, affiliations, friends, and so on. A PDS is a place where you establish bi-directional data flows between external businesses and your PDS. Or between your friends' PDS and your PDS.

=== Principles ===

* The Higgins Working Group will function according to the Identity Commons Principles
* See [[Purpose And Principles]].

=== Practices ===

The Higgins project operates under the practices of the Eclipse Foundation. We have a developer mailing list, hold weekly developer calls, and periodic face-to-face meeting. See the [http://eclipse.org/higgins Higgins Project]website for more details.

=== Requirements of Participation and How to Join ===

* This working goup is open to anyone working on, using or furthering the adoption of Higgins.
* See the [http://www.eclipse.org/ Eclipse Foundation] for information on participation.

=== Licenses and/or Restrictions on Usage of Work Product ===

* The Higgins open source project operates as a project of the Eclipse Foundation.
* All work is done under [http://www.eclipse.org/legal/epl-v10.html the Eclipse Public License (EPL)]

=== Current Deliverables and Milestones ===

* [http://www.eclipse.org/higgins/projectplan.php Higgins High-level Project Plan]

=== Current Meeting Schedule ===

* Higgins has weekly developers calls and holds periodic face-to-face meetings.
* See the [http://eclipse.org/higgins Higgins Project website] and developers-list for details.

=== Current Membership ===

* Higgins is an open source project of the [http://eclipse.org Eclipse Foundation]. Participation is open to all.
* Mary Ruddy and Paul Trevithick are the project co-leads.
* See [http://www.eclipse.org/higgins/team-leaders.php Higgins team-leaders] for more details.

=== Current Stewards Council Representative and Alternate ===

* Mary Ruddy (Eclipse Higgins project, SocialPhysics)
* Paul Trevithick (Eclipse Higgins project, SocialPhysics)

=== Current Links ===

* [http://eclipse.org/higgins Higgins Project]

=== History ===

Approved by the [[Stewards Council]] on February 8, 2008.

* [[2007 Q4 Report Higgins]]
* [[2008 Q1 Report Higgins]]
* [[2008 Q2 Report Higgins]]
* [[2008 Q3 Report Higgins]]
* [[2008 Q4 Report Higgins]]
* [[2009 Q1 Report Higgins]]

Claims Agent Teleconference 2011-03-14

2011-03-14T17:00:54Z

Paul.trevithick: /* Agenda */

Teleconference of the [[Claims Agent Working Group]].

==Logistics==
* [http://timeanddate.com/worldclock/fixedtime.html?month=03&day=14&year=2011&hour=16&min=0&sec=0&p1=0&sort=2 Time]: 09:00am PT, 12:00pm ET
* [[Claims Agent Teleconference Bridge]]

==Agenda==

# Attendees
## Mary Ruddy
## RJ Schlet sp?
## Susan Morrow
## Ellen Newlen sp?
## Colin Wallis
## Paul Trevithick
## Dale Olds
## John Bradley
# Notes from previous meeting
#* [[Claims Agent Teleconference 2011-03-07]]
# Organization of this WG
#* Discussion of how to decide who was a member and what membership means.
#* John: We need to decide if we're developing specifications or not
#* Paul: Are we here to rubberstamp Microsoft's specifications and build an interoperable open source implementation? If so then we don't need IPR agreements.
#* Susan: I didn't sign up for that, there's so much more we can do.
#* Paul: I agree.
#* John: If we want the spec produced by this group to be accepted by OASIS or somewhere. It would be advantageous to deal with this up front.
#* Dale: Much as I dislike IPR agreements but I agree that it's the right thing to do here
#* John: At the moment we don't have a spec, so what we have here is a WG more like OASIS where there may be zero, one or more specs that will be produced. So folks are agreeing to contribute theirs or their employers IPR within the scope of the charter.
#* Dale: This is like Oauth where we say we're going to produce a spec. The container is the spec not the working group.
#* Dale: But I could go either way: IPR attached to the charter or to a spec.
#* Paul: Mary sent an OWF v0.9 version.
#* John: The v0.9 version is only for copyright, not for IPR. The v1.0 version is the one we want.
#* John: I just sent the v1.0 (that is oriented around a spec being the container (not a WG)). It is here: http://www.openwebfoundation.org/draft-agreements/draft---cla---contribution-patent-grant-v-1-0
#* Ellen: Corporate lawyers will want to limit as strictly as possible. And they may not be able to contribute at all.
#* Colin: The main thing that's different here is section 3 in the [http://www.openwebfoundation.org/draft-agreements/draft---cla---contribution-patent-grant-v-1-0 link above]
#* Paul: I wonder if Microsoft would agree to this?
#* John: Mutual non-asserts are useful when there are significant threats (e.g. in the OpenID situation with Microsoft, Google, and Facebook).
#* Mary: I think it is plausible that it would be acceptable to them
#* John: Public review of OWF 1.0 was supposed to end Oct 8th.
#* Paul: Now we'd need a spec with a scope to attach it to
#* Colin: The person signing the OWF need not be the name of the WG member.
#* Colin: The primary contact at OASIS is the equivalent to the person signing this document. IT has to go fairly high up in the organization to make it meaningful.
#* Colin: It's got a shortcoming because in the form there's no indication of the level of the signer
#* John: We can change this if we like
#* Colin: I'm happy to try to take this suggestion back to the OWF group.
#* Mary: So this is the strawman
#* Ellen: Our lawyers would want confidentiality vs. contribute. Normally we sign confidentiality agreements. I guarantee that we've signed agreements similar to this (mutual non-assert). We have a coordinator for all of our stds work. I'll check with him.
#* Paul: Do we need to narrow the scope of the spec beyond what's in our charter
#* John: Section 4 (45 day opt out) would require that people's contributions are recorded.
#* John: Note that you are only bound by your own contributions that are included in the specifications, etc. (unlike a more blanket approach as in OASIS). OWF is focused on IPR of people's contributions vs. the final output.
#* Colin: Both are potential targets to come after later. Theoretically if you can get the contributions tight then the final output takes care of itself.
#* John: But that implies a higher overhead contribution process.
#* John: If it were up to me I'd add that you're bound to the final spec. If they agree to the final version of the spec, then they are bound to all of the necessary claims, not just the ones they contributed.
#* Ellen: Who does this? OASIS?
#* John: Yes
#* Colin: We did something similar in the Security TC
#* John: It is slightly less sensitive when companies are agreeing to RAND.
#* Colin: I wonder if we should lift the words from the std OASIS license agreement.
#* John: There is an OASIS mutual non-assert. Maybe we should compare that one to this one.
#* Colin: Agreed
#* John: Part of the idea of the OWF agreement is that large companies lawyers are familiar with it but the more we monkey with it the more problems we might have
#* Mary: Are we better off starting with the OASIS non-assert document?
#* John: The OASIS is written under the alternative idea of that the IPR is tied to the WG Charter.
#* Paul: We'll get reactions from Microsoft on this issue on the list I predict.
#* Paul: It seems like we're heading into needing a process where only folks that have signed (some) IPR agreement are capable of remaining on the mailing list.
#* Paul: I think the more we modify these documents, the harder this is going to be to get the large corporations on board
#* John: The OASIS documents would need significant modifications.
# Open Questions
#* Perhaps we could discuss these: [[Claims Agent Open Questions]]
# IPR
## What is the IPR
## How do we control membership
# Next Meeting
#* Same time etc. next Monday

Claims Agent Teleconference 2011-03-14

2011-03-14T16:24:01Z

Paul.trevithick: /* Agenda */

Claims Agent Teleconference 2011-03-14

2011-03-14T16:07:10Z

Paul.trevithick: /* Agenda */

Claims Agent Teleconference 2011-03-14

2011-03-14T03:42:55Z

Paul.trevithick: /* Logistics */

Claims Agent Teleconference 2011-03-14

2011-03-14T03:41:15Z

Paul.trevithick: /* Logistics */

Claims Agent Teleconference Bridge

2011-03-14T03:40:37Z

Paul.trevithick: moved Claims Agent Teleconference Logistics to Claims Agent Teleconference Bridge

The bridge used by the [[Claims Agent Working Group]].

=== Details ===
OPTION #1: SKYPE – Dial +9900827047990866

OPTION #2: US/CANADA TOLL LINE: Dial +1 (201) 793-9022 then enter 7990866#

OPTION #3: US/CANADA TOLL-FREE LINE (please use only if necessary): Dial +1 (888) 350-0075 then enter 7990866#

OPTION #4: INTERNATIONAL TOLL NUMBERS: Dial the # then enter 7990866#
*Australia +61 1800240997
*Austria +43 080010259254
*Belgium +32 080050903
*France +33 0800940295
*Germany +49 08000004291
*Sweden +46 0200125385
*United Kingdom +44 08003581803

OPTION #5: INTERNATIONAL TOLL NUMBERS: Dial the # then enter 7990866#
*Long distance costs apply
*Austria +43 (0) 82040115470
*Belgium +32 (0) 7 0357134
*France +33 (0) 826109071
*Germany +49 01805009527
*Ireland +353 (0) 818270968
*Italy +39 848390177
*Spain +34 (9) 02885791
*Switzerland +41 (0) 8 48560397
*United Kingdom +44 (0) 8454018081

Claims Agent Teleconference Logistics

2011-03-14T03:40:37Z

Paul.trevithick: moved Claims Agent Teleconference Logistics to Claims Agent Teleconference Bridge

#REDIRECT [[Claims Agent Teleconference Bridge]]

Claims Agent Teleconference 2011-03-14

2011-03-14T03:40:25Z

Paul.trevithick: /* Logistics */

Claims Agent Teleconference 2011-03-14

2011-03-14T03:40:16Z

Paul.trevithick: /* Logistics */

Teleconference of the [[Claims Agent Working Group]].

==Logistics==
* Day: Monday
* [http://timeanddate.com/worldclock/fixedtime.html?month=03&day=14&year=2011&hour=16&min=0&sec=0&p1=0&sort=2 Time]: 09:00 PT, 12:00 ET
* [[Claims Agent Teleconference Logistics]]

==Agenda==

# Roll Call
## TBD
# Minutes
#* [[Claims Agent Teleconference 2011-03-07]]
# Open Questions
#* Perhaps we could discuss these: [[Claims Agent Open Questions]]

Claims Agent Teleconference 2011-03-14

2011-03-14T03:35:19Z

Paul.trevithick:

Teleconference of the [[Claims Agent Working Group]].

==Logistics==
* [[Claims Agent Teleconference Logistics]]

==Agenda==

# Roll Call
## TBD
# Minutes
#* [[Claims Agent Teleconference 2011-03-07]]
# Open Questions
#* Perhaps we could discuss these: [[Claims Agent Open Questions]]

Claims Agent Working Group

2011-03-14T03:33:58Z

Paul.trevithick: /* Open Questions */

Claims Agent Open Questions

2011-03-14T03:33:27Z

Paul.trevithick: moved Claims-Agent-Open-Questions to Claims Agent Open Questions

Open Questions for the formation of the Claims-Agent Working Group of Identity Commons.

== Technical Questions List for discussion at Identity Collaboration Day at RSA ==

*Q: What is the relationship between this group and OpenID AB/C and other groups
*Q: What is the relationship between this group and InfoCard/IMI:
**A: It is not a goal of this group to start with IMI 1.0 and 1.1 and extend it. Our work is not in of itself necessarily going to be backwards compatible with InfoCard although elements will be drawn from IMI.
*Q: If and/or when will dynamic pseudonyms be supported in login scenarios?
*Q: What parts of testing will be done in the Claims-Agent workging group and which under OSIS
**A: We can leverage OSIS as much as makes sense.

Claims-Agent-Open-Questions

2011-03-14T03:33:27Z

Paul.trevithick: moved Claims-Agent-Open-Questions to Claims Agent Open Questions

#REDIRECT [[Claims Agent Open Questions]]

Claims Agent Working Group

2011-03-14T03:32:51Z

Paul.trevithick: /* Open Technical Questions */

Claims Agent Working Group

2011-03-14T03:32:19Z

Paul.trevithick: /* Next Scheduled Face-to-Face Meeting */

Claims Agent Working Group

2011-03-14T03:31:56Z

Paul.trevithick: /* Mailing List */

Claims Agent Teleconference 2011-03-14

2011-03-14T03:31:27Z

Paul.trevithick:

Teleconference of the [[Claims Agent Working Group]].

==Logistics==
* [[Claims Agent Teleconference Logistics]]

==Agenda==

===1) Roll Call===
# TBD

===2) Minutes===
* [[Claims Agent Teleconference 2011-03-07]]

Claims Agent Teleconference 2011-03-14

2011-03-14T03:31:05Z

Paul.trevithick: /* 2) Approve minutes */

==Logistics==
* [[Claims Agent Teleconference Logistics]]

==Agenda==

===1) Roll Call===
# TBD

===2) Minutes===
* [[Claims Agent Teleconference 2011-03-07]]

Claims Agent Working Group

2011-03-14T03:30:13Z

Paul.trevithick: /* Teleconferences */

Claims Agent Teleconference 2011-03-07

2011-03-14T03:30:02Z

Paul.trevithick: moved Claims Agent Teleconference 2011-03-17 to Claims Agent Teleconference 2011-03-07

A teleconference of the [[Claims Agent Working Group]].

==Logistics==
* 11AM ET

==Attendees==

# Ariel Gordon
# Bob Peniero
# Tom Jones
# Craig Wittenberg
# Mary Ruddy
# Paul Trevithick
# Peter Watkins
# Iain Henderson
# Colin Wallis
# Susan Morrow
# John Bradley
# Patricia Weibe

==Discussion==

===(1) Overview U-Prove ===

Craig Wittenberg discussed http://microsoft.com/uprove - a summary of the R2 community preview:

"U-Prove agents" are a kind of "claims agent"
Agents would be run by a variety of providers. We need to work on the governing rules & policies, but we already have a number of parties interested in running agents.
Each country will probably want to have its own agents running within its borders
Interoperability across a range of browsers and OSes is very important, so we've tested with about 10 combinations
We've tested 4-5 browsers on Windows. 3 browsers on OSX. Android, iPhone and Windows Phone 7.

===(2) Demos of U-Prove===

Ariel Gordon shared his screen and did some demos of uProve. These demos are available from http://microsoft.com/uprove.

====Demo #1: Contuso Auctions. Part One: verified car data (from seller)====

Business goal was to improve the UX and decrease the fraud levels on a large scale auction site
Demo contrasted manually filling in a form vs. retrieving verified car information from the registry of motor vehicles
U-Prove agent shown was Azure-hosted (cloudapp.net) Silverlight app
RP: wants Vehicle Year, VIN, Make & Model
RP trusts several alternative claim providers
Agent redirects to the user's choice of provider
User logs in to provider and gets the claims
The agent displays the values of the claims
With this (Silverlight) version of the agent you can save the tokens locally on the user's computer

====Demo #2: Contuso Auctions. Part Two: verified bidder====

RP wants these claims: Given name, surnam,e street address, postal code
Choice of commercial or governmental claims providers
Bottom line: we are able to leverage real world trust online. We think that this online trust can actually increase real world trust as well

====Demo #3: Unemployment Benefits Agency for the "Yellow" state====

By using verified identity information the state can start putting high value transactions online.
This is a real scenario that has been discussed with this "yellow" state organization
Ariel showed the reuse of a previously saved U-Prove token with verified personal information

===Q&A===

* SusanM: What format was the U-Prove token saved? Does it have a specific lifetime?
* ArielG: In this CTP the information is stored inside of the Silverlight storage area. The format being used is the U-Prove token. As for expiration, the answer is that this is set by the issuer. There are methods to revoke tokens.
* ArielG: In the demo any user that has access to my Windows logon has access to my tokens. We can increase the security to binding the tokens to a separate security device. This would also protect against malware that could steal tokens from Silverlight.
* ArielG did a demo (using the "green" state claim provider) that uses a smartcard as a binding device. For the purposes of the demo we created a smartcard emulator (although at RSA Microsoft did a demo using a real Gemalto smartcard).
* SusanM: does it work with HTML5 local storage
* ArielG: We have investigated but didn't use this in the CTP we just released. There were two issues: (i) performance issues with implementing the crypto in JavaScript and (ii) ubiquity of HTML5
* CraigW: We're not requiring Silverlight. All of these demos work with a plain HTML browser. There are differences of course. With Silverlight the private keys are stored locally only.
* SandyP: I think there's another Mac/Silverlight bug.
* ArielG: Please send me the specifics.
* BobP: What's the different between the U-Prove agent and CardSpace?
* CraigW: Many of the same themes are there. The core value of user-centric selections, choice, etc. One difference is that CardSpace didn't have U-Prove integrated. Another difference: there is no "introduction mechanism" There are no cards that you have to pre-install. We tried to make it super-easy to NOT require pre-loading of cards. Another difference: there is a cloud-only version (although Avoco and Higgins have done this too). Another difference: broader platform support.

===(3) Microsoft R2 White paper===

* Craig highlighted the white paper available on http://microsoft.com/uprove
* Starting on page 8 (section 3): we have a simple overview of the architectural elements.
* Craig showed the level of detail in the white paper especially the swimlanes with and without the Silverlight components
* Craig highlighted that in the RP security policy there are two completely separate lists: the set of claims vs. the set of trusted claim providers (different/better than CardSpace)
* Craig walked through many other details

Q&A:
* Peter: The demos are at the point were the value is obvious. Now we're looking at specific use cases and how the user-centric model is the only way to implement this. But my question is how we could get more collective action on describing and promoting the use cases.
* Craig: I agree, but I'm less clear of how to do this.
* Peter: If you've got some US states behind these demos.
* Craig: I have been cautious to dive into too much detail. We have had extensive conversations with a number of US states. To your point of use cases, they have very specific use cases they wish to pursue. I have been having these conversations behind the scenes and get the permission of these parties to discuss this. My hope has been to combine the selection of a few use cases and to work on them and make sure that the UX is put into practice, that real users.

Claims Agent Teleconference 2011-03-17

2011-03-14T03:30:02Z

Paul.trevithick: moved Claims Agent Teleconference 2011-03-17 to Claims Agent Teleconference 2011-03-07

#REDIRECT [[Claims Agent Teleconference 2011-03-07]]

Claims Agent Teleconference 2011-03-14

2011-03-14T03:29:41Z

Paul.trevithick: /* Logistics */

==Logistics==
* [[Claims Agent Teleconference Logistics]]

==Agenda==

===1) Roll Call===
# TBD

===2) Approve minutes===
* [[Claims Agent Teleconference 2011-03-07]]

Claims Agent Teleconference Bridge

2011-03-14T03:27:12Z

Paul.trevithick: Created page with 'The bridge used by the Claims Agent Working Group. === Details === OPTION #1: SKYPE – Dial +9900827047990866 OPTION #2: US/CANADA TOLL LINE: Dial +1 (201) 793-9022 then...'

Claims Agent Teleconference 2011-03-14

2011-03-14T03:26:39Z

Paul.trevithick: Created page with '===Logistics=== * Claims Agent Teleconference Logistics'

===Logistics===
* [[Claims Agent Teleconference Logistics]]

Claims Agent Working Group

2011-03-14T03:26:08Z

Paul.trevithick: /* Teleconferences */

Claims Agent Working Group

2011-03-14T03:25:24Z

Paul.trevithick: /* Next Conference Call */

Claims Agent Teleconference 2011-03-07

2011-03-14T03:24:26Z

Paul.trevithick:

Claims Agent Working Group

2011-03-14T03:23:58Z

Paul.trevithick: moved Claims-Agent to Claims Agent Working Group

=== Project Name ===

Claims Agent Working Group

=== Purpose ===

The purpose of this working group is to (i) create a forum for the development of standards-based, interoperable, verified claims agent implementations (which would include both open source and commercial components), to (ii) initially focus on specific scenarios that the community and customers work together to implement and deploy end-to-end and (iii) provide funding and other incentives for the development of open source components.
A verified claims agent is a set of software components that allows the user to utilize claim-sets from different sources at relying parties (RPs) of their choosing, under their control, using technology that helps to protect their privacy and helps to ensure the security of the system end to end. Verified claims come from sources that do the verification and digitally sign the claims-sets; the agent itself does not do the verification and does not re-sign the claims or sets.

=== Teleconferences ===
* [[Claims Agent Teleconference 2011-03-17]]

=== Mailing List ===

You can subscribe to our [http://lists.idcommons.net/lists/info/claims-agent mailing list]

=== Next Conference Call ===

* Next Conference call is Friday, February 4,1:00 ET, 10:00 PT

Call In Details (ICF's bridge)

OPTION #1: SKYPE – Dial +9900827047990866

OPTION #2: US/CANADA TOLL LINE: Dial +1 (201) 793-9022 then enter 7990866#

OPTION #3: US/CANADA TOLL-FREE LINE (please use only if necessary): Dial +1 (888) 350-0075 then enter 7990866#

OPTION #4: INTERNATIONAL TOLL NUMBERS: Dial the # then enter 7990866#
*Australia +61 1800240997
*Austria +43 080010259254
*Belgium +32 080050903
*France +33 0800940295
*Germany +49 08000004291
*Sweden +46 0200125385
*United Kingdom +44 08003581803

OPTION #5: INTERNATIONAL TOLL NUMBERS: Dial the # then enter 7990866#
*Long distance costs apply
*Austria +43 (0) 82040115470
*Belgium +32 (0) 7 0357134
*France +33 (0) 826109071
*Germany +49 01805009527
*Ireland +353 (0) 818270968
*Italy +39 848390177
*Spain +34 (9) 02885791
*Switzerland +41 (0) 8 48560397
*United Kingdom +44 (0) 8454018081

=== Next Scheduled Face-to-Face Meeting ===
*Monday, February 14th During Identity Collaboration Day. See [http://www.internetidentityworkshop.com/identity-collaboration-day-feb-14th-prior-to-rsa/ Identity Collaboration Day Registration]
*We may also continue the discussion on the morning of Tuesday, February 15, location TBD.

=== Open Technical Questions ===
The list of open questions can be found at [http://wiki.idcommons.net/index.php?title=Claims-Agent-Open-Questions Open-Questions]

Claims-Agent

2011-03-14T03:23:58Z

Paul.trevithick: moved Claims-Agent to Claims Agent Working Group

#REDIRECT [[Claims Agent Working Group]]

Claims Agent Teleconference 2011-03-07

2011-03-14T03:23:44Z

Paul.trevithick:

Description of a teleconference of the [[Claims-Agent]] working group.

==Logistics==
* 11AM ET

==Attendees==

# Ariel Gordon
# Bob Peniero
# Tom Jones
# Craig Wittenberg
# Mary Ruddy
# Paul Trevithick
# Peter Watkins
# Iain Henderson
# Colin Wallis
# Susan Morrow
# John Bradley
# Patricia Weibe

==Discussion==

===(1) Overview U-Prove ===

Craig Wittenberg discussed http://microsoft.com/uprove - a summary of the R2 community preview:

"U-Prove agents" are a kind of "claims agent"
Agents would be run by a variety of providers. We need to work on the governing rules & policies, but we already have a number of parties interested in running agents.
Each country will probably want to have its own agents running within its borders
Interoperability across a range of browsers and OSes is very important, so we've tested with about 10 combinations
We've tested 4-5 browsers on Windows. 3 browsers on OSX. Android, iPhone and Windows Phone 7.

===(2) Demos of U-Prove===

Ariel Gordon shared his screen and did some demos of uProve. These demos are available from http://microsoft.com/uprove.

====Demo #1: Contuso Auctions. Part One: verified car data (from seller)====

Business goal was to improve the UX and decrease the fraud levels on a large scale auction site
Demo contrasted manually filling in a form vs. retrieving verified car information from the registry of motor vehicles
U-Prove agent shown was Azure-hosted (cloudapp.net) Silverlight app
RP: wants Vehicle Year, VIN, Make & Model
RP trusts several alternative claim providers
Agent redirects to the user's choice of provider
User logs in to provider and gets the claims
The agent displays the values of the claims
With this (Silverlight) version of the agent you can save the tokens locally on the user's computer

====Demo #2: Contuso Auctions. Part Two: verified bidder====

RP wants these claims: Given name, surnam,e street address, postal code
Choice of commercial or governmental claims providers
Bottom line: we are able to leverage real world trust online. We think that this online trust can actually increase real world trust as well

====Demo #3: Unemployment Benefits Agency for the "Yellow" state====

By using verified identity information the state can start putting high value transactions online.
This is a real scenario that has been discussed with this "yellow" state organization
Ariel showed the reuse of a previously saved U-Prove token with verified personal information

===Q&A===

* SusanM: What format was the U-Prove token saved? Does it have a specific lifetime?
* ArielG: In this CTP the information is stored inside of the Silverlight storage area. The format being used is the U-Prove token. As for expiration, the answer is that this is set by the issuer. There are methods to revoke tokens.
* ArielG: In the demo any user that has access to my Windows logon has access to my tokens. We can increase the security to binding the tokens to a separate security device. This would also protect against malware that could steal tokens from Silverlight.
* ArielG did a demo (using the "green" state claim provider) that uses a smartcard as a binding device. For the purposes of the demo we created a smartcard emulator (although at RSA Microsoft did a demo using a real Gemalto smartcard).
* SusanM: does it work with HTML5 local storage
* ArielG: We have investigated but didn't use this in the CTP we just released. There were two issues: (i) performance issues with implementing the crypto in JavaScript and (ii) ubiquity of HTML5
* CraigW: We're not requiring Silverlight. All of these demos work with a plain HTML browser. There are differences of course. With Silverlight the private keys are stored locally only.
* SandyP: I think there's another Mac/Silverlight bug.
* ArielG: Please send me the specifics.
* BobP: What's the different between the U-Prove agent and CardSpace?
* CraigW: Many of the same themes are there. The core value of user-centric selections, choice, etc. One difference is that CardSpace didn't have U-Prove integrated. Another difference: there is no "introduction mechanism" There are no cards that you have to pre-install. We tried to make it super-easy to NOT require pre-loading of cards. Another difference: there is a cloud-only version (although Avoco and Higgins have done this too). Another difference: broader platform support.

===(3) Microsoft R2 White paper===

* Craig highlighted the white paper available on http://microsoft.com/uprove
* Starting on page 8 (section 3): we have a simple overview of the architectural elements.
* Craig showed the level of detail in the white paper especially the swimlanes with and without the Silverlight components
* Craig highlighted that in the RP security policy there are two completely separate lists: the set of claims vs. the set of trusted claim providers (different/better than CardSpace)
* Craig walked through many other details

Q&A:
* Peter: The demos are at the point were the value is obvious. Now we're looking at specific use cases and how the user-centric model is the only way to implement this. But my question is how we could get more collective action on describing and promoting the use cases.
* Craig: I agree, but I'm less clear of how to do this.
* Peter: If you've got some US states behind these demos.
* Craig: I have been cautious to dive into too much detail. We have had extensive conversations with a number of US states. To your point of use cases, they have very specific use cases they wish to pursue. I have been having these conversations behind the scenes and get the permission of these parties to discuss this. My hope has been to combine the selection of a few use cases and to work on them and make sure that the UX is put into practice, that real users.

Claims Agent Teleconference 2011-03-07

2011-03-14T03:22:21Z

Paul.trevithick: /* (3) Microsoft R2 White paper */

==Logistics==
* 11AM ET

==Attendees==

# Ariel Gordon
# Bob Peniero
# Tom Jones
# Craig Wittenberg
# Mary Ruddy
# Paul Trevithick
# Peter Watkins
# Iain Henderson
# Colin Wallis
# Susan Morrow
# John Bradley
# Patricia Weibe

==Discussion==

===(1) Overview U-Prove ===

Craig Wittenberg discussed http://microsoft.com/uprove - a summary of the R2 community preview:

"U-Prove agents" are a kind of "claims agent"
Agents would be run by a variety of providers. We need to work on the governing rules & policies, but we already have a number of parties interested in running agents.
Each country will probably want to have its own agents running within its borders
Interoperability across a range of browsers and OSes is very important, so we've tested with about 10 combinations
We've tested 4-5 browsers on Windows. 3 browsers on OSX. Android, iPhone and Windows Phone 7.

===(2) Demos of U-Prove===

Ariel Gordon shared his screen and did some demos of uProve. These demos are available from http://microsoft.com/uprove.

====Demo #1: Contuso Auctions. Part One: verified car data (from seller)====

Business goal was to improve the UX and decrease the fraud levels on a large scale auction site
Demo contrasted manually filling in a form vs. retrieving verified car information from the registry of motor vehicles
U-Prove agent shown was Azure-hosted (cloudapp.net) Silverlight app
RP: wants Vehicle Year, VIN, Make & Model
RP trusts several alternative claim providers
Agent redirects to the user's choice of provider
User logs in to provider and gets the claims
The agent displays the values of the claims
With this (Silverlight) version of the agent you can save the tokens locally on the user's computer

====Demo #2: Contuso Auctions. Part Two: verified bidder====

RP wants these claims: Given name, surnam,e street address, postal code
Choice of commercial or governmental claims providers
Bottom line: we are able to leverage real world trust online. We think that this online trust can actually increase real world trust as well

====Demo #3: Unemployment Benefits Agency for the "Yellow" state====

By using verified identity information the state can start putting high value transactions online.
This is a real scenario that has been discussed with this "yellow" state organization
Ariel showed the reuse of a previously saved U-Prove token with verified personal information

===Q&A===

* SusanM: What format was the U-Prove token saved? Does it have a specific lifetime?
* ArielG: In this CTP the information is stored inside of the Silverlight storage area. The format being used is the U-Prove token. As for expiration, the answer is that this is set by the issuer. There are methods to revoke tokens.
* ArielG: In the demo any user that has access to my Windows logon has access to my tokens. We can increase the security to binding the tokens to a separate security device. This would also protect against malware that could steal tokens from Silverlight.
* ArielG did a demo (using the "green" state claim provider) that uses a smartcard as a binding device. For the purposes of the demo we created a smartcard emulator (although at RSA Microsoft did a demo using a real Gemalto smartcard).
* SusanM: does it work with HTML5 local storage
* ArielG: We have investigated but didn't use this in the CTP we just released. There were two issues: (i) performance issues with implementing the crypto in JavaScript and (ii) ubiquity of HTML5
* CraigW: We're not requiring Silverlight. All of these demos work with a plain HTML browser. There are differences of course. With Silverlight the private keys are stored locally only.
* SandyP: I think there's another Mac/Silverlight bug.
* ArielG: Please send me the specifics.
* BobP: What's the different between the U-Prove agent and CardSpace?
* CraigW: Many of the same themes are there. The core value of user-centric selections, choice, etc. One difference is that CardSpace didn't have U-Prove integrated. Another difference: there is no "introduction mechanism" There are no cards that you have to pre-install. We tried to make it super-easy to NOT require pre-loading of cards. Another difference: there is a cloud-only version (although Avoco and Higgins have done this too). Another difference: broader platform support.

===(3) Microsoft R2 White paper===

* Craig highlighted the white paper available on http://microsoft.com/uprove
* Starting on page 8 (section 3): we have a simple overview of the architectural elements.
* Craig showed the level of detail in the white paper especially the swimlanes with and without the Silverlight components
* Craig highlighted that in the RP security policy there are two completely separate lists: the set of claims vs. the set of trusted claim providers (different/better than CardSpace)
* Craig walked through many other details

Q&A:
* Peter: The demos are at the point were the value is obvious. Now we're looking at specific use cases and how the user-centric model is the only way to implement this. But my question is how we could get more collective action on describing and promoting the use cases.
* Craig: I agree, but I'm less clear of how to do this.
* Peter: If you've got some US states behind these demos.
* Craig: I have been cautious to dive into too much detail. We have had extensive conversations with a number of US states. To your point of use cases, they have very specific use cases they wish to pursue. I have been having these conversations behind the scenes and get the permission of these parties to discuss this. My hope has been to combine the selection of a few use cases and to work on them and make sure that the UX is put into practice, that real users.

Claims Agent Teleconference 2011-03-07

2011-03-14T03:22:04Z

Paul.trevithick:

==Logistics==
* 11AM ET

==Attendees==

# Ariel Gordon
# Bob Peniero
# Tom Jones
# Craig Wittenberg
# Mary Ruddy
# Paul Trevithick
# Peter Watkins
# Iain Henderson
# Colin Wallis
# Susan Morrow
# John Bradley
# Patricia Weibe

==Discussion==

===(1) Overview U-Prove ===

Craig Wittenberg discussed http://microsoft.com/uprove - a summary of the R2 community preview:

"U-Prove agents" are a kind of "claims agent"
Agents would be run by a variety of providers. We need to work on the governing rules & policies, but we already have a number of parties interested in running agents.
Each country will probably want to have its own agents running within its borders
Interoperability across a range of browsers and OSes is very important, so we've tested with about 10 combinations
We've tested 4-5 browsers on Windows. 3 browsers on OSX. Android, iPhone and Windows Phone 7.

===(2) Demos of U-Prove===

Ariel Gordon shared his screen and did some demos of uProve. These demos are available from http://microsoft.com/uprove.

====Demo #1: Contuso Auctions. Part One: verified car data (from seller)====

Business goal was to improve the UX and decrease the fraud levels on a large scale auction site
Demo contrasted manually filling in a form vs. retrieving verified car information from the registry of motor vehicles
U-Prove agent shown was Azure-hosted (cloudapp.net) Silverlight app
RP: wants Vehicle Year, VIN, Make & Model
RP trusts several alternative claim providers
Agent redirects to the user's choice of provider
User logs in to provider and gets the claims
The agent displays the values of the claims
With this (Silverlight) version of the agent you can save the tokens locally on the user's computer

====Demo #2: Contuso Auctions. Part Two: verified bidder====

RP wants these claims: Given name, surnam,e street address, postal code
Choice of commercial or governmental claims providers
Bottom line: we are able to leverage real world trust online. We think that this online trust can actually increase real world trust as well

====Demo #3: Unemployment Benefits Agency for the "Yellow" state====

By using verified identity information the state can start putting high value transactions online.
This is a real scenario that has been discussed with this "yellow" state organization
Ariel showed the reuse of a previously saved U-Prove token with verified personal information

===Q&A===

* SusanM: What format was the U-Prove token saved? Does it have a specific lifetime?
* ArielG: In this CTP the information is stored inside of the Silverlight storage area. The format being used is the U-Prove token. As for expiration, the answer is that this is set by the issuer. There are methods to revoke tokens.
* ArielG: In the demo any user that has access to my Windows logon has access to my tokens. We can increase the security to binding the tokens to a separate security device. This would also protect against malware that could steal tokens from Silverlight.
* ArielG did a demo (using the "green" state claim provider) that uses a smartcard as a binding device. For the purposes of the demo we created a smartcard emulator (although at RSA Microsoft did a demo using a real Gemalto smartcard).
* SusanM: does it work with HTML5 local storage
* ArielG: We have investigated but didn't use this in the CTP we just released. There were two issues: (i) performance issues with implementing the crypto in JavaScript and (ii) ubiquity of HTML5
* CraigW: We're not requiring Silverlight. All of these demos work with a plain HTML browser. There are differences of course. With Silverlight the private keys are stored locally only.
* SandyP: I think there's another Mac/Silverlight bug.
* ArielG: Please send me the specifics.
* BobP: What's the different between the U-Prove agent and CardSpace?
* CraigW: Many of the same themes are there. The core value of user-centric selections, choice, etc. One difference is that CardSpace didn't have U-Prove integrated. Another difference: there is no "introduction mechanism" There are no cards that you have to pre-install. We tried to make it super-easy to NOT require pre-loading of cards. Another difference: there is a cloud-only version (although Avoco and Higgins have done this too). Another difference: broader platform support.

===(3) Microsoft R2 White paper===

* Craig highlighted the white paper available on http://microsoft.com/uprove
* Starting on page 8 (section 3): we have a simple overview of the architectural elements.
* Craig showed the level of detail in the white paper especially the swimlanes with and without the Silverlight components
* Craig highlighted that in the RP security policy there are two completely separate lists: the set of claims vs. the set of trusted claim providers (different/better than CardSpace)
* Craig walked through many other details

Q&A:
* Peter: The demos are at the point were the value is obvious. Now we're looking at specific use cases and how the user-centric model is the only way to implement this. But my question is how we could get more collective action on describing and promoting the use cases. <I missed some of what Peter said here>
* Craig: I agree, but I'm less clear of how to do this.
* Peter: If you've got some US states behind these demos.
* Craig: I have been cautious to dive into too much detail. We have had extensive conversations with a number of US states. To your point of use cases, they have very specific use cases they wish to pursue. I have been having these conversations behind the scenes and get the permission of these parties to discuss this. My hope has been to combine the selection of a few use cases and to work on them and make sure that the UX is put into practice, that real users.

Claims Agent Working Group

2011-03-14T03:19:06Z

Paul.trevithick: /* Teleconferences */

Claims Agent Teleconference 2011-03-07

2011-03-14T03:18:45Z

Paul.trevithick: moved Claims Agent/Teleconference 2011-03-17 to Claims Agent Teleconference 2011-03-17

test

Claims Agent/Teleconference 2011-03-17

2011-03-14T03:18:45Z

Paul.trevithick: moved Claims Agent/Teleconference 2011-03-17 to Claims Agent Teleconference 2011-03-17

#REDIRECT [[Claims Agent Teleconference 2011-03-17]]

Claims Agent Teleconference 2011-03-07

2011-03-14T03:18:23Z

Paul.trevithick: Created page with 'test'

test

Claims Agent Working Group

2011-03-14T03:18:12Z

Paul.trevithick: /* Purpose */

=== Project Name ===

Claims Agent Working Group

=== Purpose ===

The purpose of this working group is to (i) create a forum for the development of standards-based, interoperable, verified claims agent implementations (which would include both open source and commercial components), to (ii) initially focus on specific scenarios that the community and customers work together to implement and deploy end-to-end and (iii) provide funding and other incentives for the development of open source components.
A verified claims agent is a set of software components that allows the user to utilize claim-sets from different sources at relying parties (RPs) of their choosing, under their control, using technology that helps to protect their privacy and helps to ensure the security of the system end to end. Verified claims come from sources that do the verification and digitally sign the claims-sets; the agent itself does not do the verification and does not re-sign the claims or sets.

=== Teleconferences ===
* [[Claims Agent/Teleconference 2011-03-17]]

=== Mailing List ===

You can subscribe to our [http://lists.idcommons.net/lists/info/claims-agent mailing list]

=== Next Conference Call ===

* Next Conference call is Friday, February 4,1:00 ET, 10:00 PT

Call In Details (ICF's bridge)

OPTION #1: SKYPE – Dial +9900827047990866

OPTION #2: US/CANADA TOLL LINE: Dial +1 (201) 793-9022 then enter 7990866#

OPTION #3: US/CANADA TOLL-FREE LINE (please use only if necessary): Dial +1 (888) 350-0075 then enter 7990866#

OPTION #4: INTERNATIONAL TOLL NUMBERS: Dial the # then enter 7990866#
*Australia +61 1800240997
*Austria +43 080010259254
*Belgium +32 080050903
*France +33 0800940295
*Germany +49 08000004291
*Sweden +46 0200125385
*United Kingdom +44 08003581803

OPTION #5: INTERNATIONAL TOLL NUMBERS: Dial the # then enter 7990866#
*Long distance costs apply
*Austria +43 (0) 82040115470
*Belgium +32 (0) 7 0357134
*France +33 (0) 826109071
*Germany +49 01805009527
*Ireland +353 (0) 818270968
*Italy +39 848390177
*Spain +34 (9) 02885791
*Switzerland +41 (0) 8 48560397
*United Kingdom +44 (0) 8454018081

=== Next Scheduled Face-to-Face Meeting ===
*Monday, February 14th During Identity Collaboration Day. See [http://www.internetidentityworkshop.com/identity-collaboration-day-feb-14th-prior-to-rsa/ Identity Collaboration Day Registration]
*We may also continue the discussion on the morning of Tuesday, February 15, location TBD.

=== Open Technical Questions ===
The list of open questions can be found at [http://wiki.idcommons.net/index.php?title=Claims-Agent-Open-Questions Open-Questions]

Claims Agent Working Group

2011-03-14T03:17:21Z

Paul.trevithick: /* Status */

=== Project Name ===

Claims Agent Working Group

=== Purpose ===

The purpose of this working group is to (i) create a forum for the development of standards-based, interoperable, verified claims agent implementations (which would include both open source and commercial components), to (ii) initially focus on specific scenarios that the community and customers work together to implement and deploy end-to-end and (iii) provide funding and other incentives for the development of open source components.
A verified claims agent is a set of software components that allows the user to utilize claim-sets from different sources at relying parties (RPs) of their choosing, under their control, using technology that helps to protect their privacy and helps to ensure the security of the system end to end. Verified claims come from sources that do the verification and digitally sign the claims-sets; the agent itself does not do the verification and does not re-sign the claims or sets.

=== Mailing List ===

You can subscribe to our [http://lists.idcommons.net/lists/info/claims-agent mailing list]

=== Next Conference Call ===

* Next Conference call is Friday, February 4,1:00 ET, 10:00 PT

Call In Details (ICF's bridge)

OPTION #1: SKYPE – Dial +9900827047990866

OPTION #2: US/CANADA TOLL LINE: Dial +1 (201) 793-9022 then enter 7990866#

OPTION #3: US/CANADA TOLL-FREE LINE (please use only if necessary): Dial +1 (888) 350-0075 then enter 7990866#

OPTION #4: INTERNATIONAL TOLL NUMBERS: Dial the # then enter 7990866#
*Australia +61 1800240997
*Austria +43 080010259254
*Belgium +32 080050903
*France +33 0800940295
*Germany +49 08000004291
*Sweden +46 0200125385
*United Kingdom +44 08003581803

OPTION #5: INTERNATIONAL TOLL NUMBERS: Dial the # then enter 7990866#
*Long distance costs apply
*Austria +43 (0) 82040115470
*Belgium +32 (0) 7 0357134
*France +33 (0) 826109071
*Germany +49 01805009527
*Ireland +353 (0) 818270968
*Italy +39 848390177
*Spain +34 (9) 02885791
*Switzerland +41 (0) 8 48560397
*United Kingdom +44 (0) 8454018081

=== Next Scheduled Face-to-Face Meeting ===
*Monday, February 14th During Identity Collaboration Day. See [http://www.internetidentityworkshop.com/identity-collaboration-day-feb-14th-prior-to-rsa/ Identity Collaboration Day Registration]
*We may also continue the discussion on the morning of Tuesday, February 15, location TBD.

=== Open Technical Questions ===
The list of open questions can be found at [http://wiki.idcommons.net/index.php?title=Claims-Agent-Open-Questions Open-Questions]

Personal Data Ecosystem Charter

2011-02-01T02:56:59Z

Paul.trevithick: /* Current Membership */

=== Name ===

Personal Data Ecosystem Collaborative Consortium

=== Purpose ===

To get this emerging personal data ecosystem to work for all, there are many interests that need to be brought forward, and different interests that need to be balanced. These include individuals, businesses, governments, advocacy groups, standards bodies, developers, personal data store service providers, government regulators, media, and others.

The purpose of The Personal Data Ecosystem Collaborative Consortium (PDECC) is to support all these interests being brought forward and to define the emergent market models, convergence around technical standards for personal data services and the policies that support them.

=== Principles ===

IC Principles:

# '''Self-Organization.''' Enable any working group to self-organize at any time, on any scale, in any form, around any activity consistent with the Purpose and Principles.
# '''Transparency.''' Fully and transparently disclose the Purpose and Principles of each working group, any requirement of participation, and any license or restriction of usage of its work product.
# '''Inclusion.''' Conduct deliberations and make decisions by bodies and methods that reasonably represent all relevant and affected parties.
# '''Empowerment.''' Vest authority, perform functions, and use resources in the smallest or most local part that includes all relevant and affected parties.
# '''Collaboration.''' Resolve conflict without resort to economic, legal, or other duress.
# '''Openness.''' Conduct, publish, and archive communications in a manner that facilitates open and trusted interactions within and across all working groups and the public Internet.
# '''Dogfooding.''' When feasible and appropriate, employ the work product of Identity Commons working groups to facilitate the operation and interaction of Identity Commons itself.

Additional Principles:

=== Practices ===

PDECC fulfills its purpose via:
* Convening multi-stakeholder conversations:
** Via the Podcast
** at industry events
** online in existing fora
*** blogs
*** mailing lists
** online in fora it develops for this purpose

* Providing knowledge resources for companies, users, and policy makers
** Being a public repository of information in the emerging market place to help bring clarity

* Providing cooperation space that brings coherence and common practices in order for the ecosystem to work for everyone.
** Fostring key dialogues around critical issues like market models and legal frameworks.

=== Requirements of Participation and How to Join ===

* General Mailing list.

* The initial mailing list is going to be about standardization and open to those who are actually implementing.

* The mailing blog is re-publishing work from around the web that focuses on this area.

* We are working on a community governance/belonging model.

=== Licenses and/or Restrictions on Usage of Work Product ===

Public output of the community is by default licensed as Creative Commons with Attribution.

=== Current Deliverables and Milestones ===

* Key Conversations around critical issues in the community.
* Podcasts
* Hub of Who's Who and which companies are working on what

=== Current Meeting Schedule ===

* IIW in May

=== Current Membership ===

Individuals who work in Industry
* Kaliya Hamlin
* Iain Henderson
* Mary Hodder
* Phil Windley
* William Heath
* Drummond Reed
* Paul Trevithick

Startup Companies
* Mydex
* Azigo

Public Companies
* ?

=== Current Stewards Council Representative and Alternate ===

Kaliya Hamlin
Alternate: Iain Henderson

=== Current Links ===

* [http://www.personaldataecosystem.org Personal Data Ecosystem]
* [http://wiki.idcommons.net/Personal_Data_Ecosystem Wiki Space]

=== Related Groups ===

* [http://kantarainitiative.org/confluence/display/infosharing/Home Volunteered Personal Information at Kantara]
* [http://projectvrm.org Project VRM]
* [http://www.openidentityexchange.org/ OIX (Open Identity Exchange)]
* [http://www.oasis-open.org/committees/xdi/ OASIS XRI Technical Committee]
* [http://www.oasis-open.org/committees/xdi/ OASIS XDI Technical Committee]

=== History ===

Claims Agent Charter

2011-01-31T04:25:34Z

Paul.trevithick: typo fix

'''Version 1.6'''
=== Status ===
* 16-Jan-2011: v1.6: ptrevithick: added a link to the new claims-agent mailing list
* 13-Jan-2011: v1.5: ptrevithick: added a mention that anyone can login with any OpenID and add their names to the participants list
* 10-Jan-2011: v1.4: craigwi: incorporated feedback from conference call
* 09-Jan-2011: v1.3: craigwi: incorporate feedback from early reviewers
* 07-Jan-2011: v1.2: craigwi: added initial scenarios; reworked language around components .vs. active client; other clarifications.
* 04-Jan-2011: v1.1: ptrevithick: renamed from Claims Broker to Claims Agent
* 30-Dec-2010: v1.0: ptrevithick: charter circulated for discussion period within Stewards Council

=== Name ===

Claims Agent Working Group

=== Purpose ===

The purpose of this working group is to (i) create a forum for the development of standards-based, interoperable, verified claims agent implementations (which would include both open source and commercial components), to (ii) initially focus on specific scenarios that the community and customers work together to implement and deploy end-to-end and (iii) provide funding and other incentives for the development of open source components.
A verified claims agent is a set of software components that allows the user to utilize claim-sets from different sources at relying parties (RPs) of their choosing, under their control, using technology that helps to protect their privacy and helps to ensure the security of the system end to end. Verified claims come from sources that do the verification and digitally sign the claims-sets; the agent itself does not do the verification and does not re-sign the claims or sets. The agent has the following characteristics:
* MUST be able to be used with an unmodified browser (includes all types of desktop and mobile devices; support for specific platforms and browsers TBD); this capability would be supported by a “cloud hosted” agent and would support many, but not all of the possible privacy and security features.
* MUST be possible to configure the system to prevent claims providers from being able to trivially track the use of a claims-set. MUST also be possible to configure the system to prevent trivial correlation of claims-sets delivered to different recipients. Both of these capabilities can be achieved by so-called minimal disclosure technologies based on zero knowledge cryptographic techniques or equivalent techniques.
* MUST provide mechanisms to mitigate the theft or lending of claims sets; e.g., claims sets could be cryptographically bound to a device such as a TPM chip, smart card, or phone.
* MAY include components downloaded to the user’s desktop or mobile device (e.g., a browser extension) to provide additional privacy and security features; e.g., used to invoke the agent service while reducing the phishing attack surface; store information local to the device; prevent the agent service from observing the flow of claims from provider to RP.
* Components downloaded to the user’s desktop or mobile device MAY also enhance the user experience, but MUST remain aligned and conceptually compatible with the user experience provided by the agent service.
* Architecture MUST support applications on a desktop or mobile device other than a browser; initial development efforts MAY not.
* MAY support existing specifications and protocols such as WS-Federation, OpenID, SAML and IMI
* MAY be used to provide claims used for authentication
* MAY include the ability to provide current or past claims (and convey which is which)
* MUST enable the exchange of variable claims which means that in some scenarios the process of retrieving claims-sets includes additional parameters that indicate something about the context of the request

=== Overall Scope ===

* To create a verified claims agent development community that includes open source, research and commercial efforts.
* To build liason relationships with related efforts at OpenID Artifact Binding WG, IETF (e.g., OAuth), Kantara (e.g. ULX and CI), Mozilla (e.g. Account Manager) and W3C (new initiatives being considered). Where possible to work with these organizations on their respective specs, rather than creating new specs.
* To build and test together at least one complete implementation of all claims agent components, including multiple cloud hosted agents and components for a wide range of desktop and mobile devices (specific systems and versions support TBD). May be a mix of open source and commercial components. The binaries of the commercially developed components must be available under RANDZ terms. All desktop and mobile device components must be compatible with all of the cloud agent instances.
* To fund one complete, open source claims agent implementation including a cloud agent (e.g., in Java, or .NET, or other suitable language) and components for desktop and mobile devices. All open source code will be licensed under TBD license (most likely Apache 2.0) and resulting components must be interoperable with any commercially developed components.
* To support and fund interoperability testing of claims agent components developed by the working group
* To participate in discussions on: Trust frameworks that support the verified claims agent; relevant changes in laws and regulations; feedback from members of the privacy community.
* Ensure that the architecture and all components developed enable expansion of the initial target scenarios to include commercial sources of claims, claims orchestration and aggregation, and claims marketplaces (where there may be transaction costs per claims exchange).
* Consider how the architecture and components developed can enable value added services on both the cloud agent and the desktop and mobile devices.

=== Initial Target Scenario Characteristics ===

* Claims come from government, health and education sources and are verified by some source-dependent means.
* The expectation is that there is no cost to the citizen to use the claims and very limited cost, if any, to the organizations who consume them.
* Supported RPs include those at the same institutions that provided the claims, different agencies at different levels of governments and across national borders, as well as commercial organizations.
* Claims are exchanged in a way that helps protect the privacy of the citizen and security requirements of the claims provider (specific mechanisms employed depend on the scenario).
* Support for authentication would be limited to pre-allocated identifiers such as email (i.e., not dynamically allocated pseudonyms)

=== Principles ===

See Identity Commons [[Purpose And Principles]]

=== Practices ===

* We plan to collaborate using an Identity Commons-hosted mailing list
* We plan to contribute source code to a common repository. This repository will likely be a new repository in a larger effort such as [http://www.outercurve.org/ Outercurve Foundation] or [http://www.eclipse.org Eclipse].
* We plan to collaborate with the Identity Commons OSIS WG for interoperability testing.
* Specifications to be standardized would be submitted to standards groups such as OASIS, W3C, IETF and OpenID.
* We plan to seek corporate funding for the open source code and interoperability phases of this work. As Identity Commons evolves to support directed funding, this funding will eventually be to Identity Commons and, after an overhead fee is extracted, the balance pass to this working group.

=== Requirements of Participation and How to Join ===

To show interest in joining after this WG is approved by the Identity Commons Stewards Council, just add your name to the list below. This WG will be open to all.

=== Licenses and/or Restrictions on Usage of Work Product ===
* Open Web Foundation for specs
* TBD: likely Apache 2.0 for code

=== Current Deliverables and Milestones ===

To be determined.

=== Current Meeting Schedule ===

To be determined.

=== Current Membership ===
This group has been proposed by Paul Trevithick. The following people have indicated interest in participating.

* Mikaël Ates
* John Bradley
* Iain Henderson (Mydex)
* Rainer Hörbe
* Mike McIntosh (Azigo)
* Susan Morrow (Avoco)
* Andrew Nash
* Axel Nennker
* Søren Peter Nielsen (DK Govt)
* Sandy Porter (Avoco)
* Domenico Rotondi (TXT e-solutions SpA)
* Mary Ruddy (Meristic)
* RJ Schlecht (Booz Allen Hamilton)
* Don Thibeau (OIDF, OIX)
* Owen Thomas (Clique Space)
* Paul Trevithick (Azigo)
* Michael Versace
* Colin Wallis (NZ Govt)
* David Wasley (InCommon)
* Peter Watkins (Province of British Columbia)
* Craig Wittenberg (Microsoft)
* Ariel Gordon (Microsoft)

====To join====
# Add your name above (alphabetic by last name) if you'd like to participate. You can log in with any OpenID to this wiki.
# Join the [http://lists.idcommons.net/lists/info/claims-agent claims-agent list]

=== Current Stewards Council Representative and Alternate ===

The stewards council representative will be selected by the members of the working group.

=== Current Links ===

None at present.

=== Related Groups ===

* OpenID Artifact Binding Working Group
* [http://kantarainitiative.org/confluence/display/ulx/Home Kantara ULX WG] and [http://kantarainitiative.org/confluence/display/wgci Consumer Identity WG]
* [https://mozillalabs.com/blog/2010/03/account-manager/ Mozilla Account Manager]
* [http://code.google.com/p/openinfocard/ OpenInfoCard]
* [http://www.fc2-consortium.org/ FC2]
* [http://wiki.eclipse.org/Cloud_Selector_1.1 Higgins Cloud Selector]
* [http://wiki.eclipse.org/Active_Client_Overview Higgins Active Client]

=== History ===

This is where the group can share about how/why the group was founded and where will be where quarterly reports will be linked to.

Claims Agent Working Group

2011-01-31T04:23:57Z

Paul.trevithick: /* Status */

=== Project Name ===

Claims Agent Working Group

=== Purpose ===

The purpose of this working group is to (i) create a forum for the development of standards-based, interoperable, verified claims agent implementations (which would include both open source and commercial components), to (ii) initially focus on specific scenarios that the community and customers work together to implement and deploy end-to-end and (iii) provide funding and other incentives for the development of open source components.
A verified claims agent is a set of software components that allows the user to utilize claim-sets from different sources at relying parties (RPs) of their choosing, under their control, using technology that helps to protect their privacy and helps to ensure the security of the system end to end. Verified claims come from sources that do the verification and digitally sign the claims-sets; the agent itself does not do the verification and does not re-sign the claims or sets.

=== Status ===

The Claims-Agent Working group in its formation phase. It has already started having weekly meetings. The [http://wiki.idcommons.net/Claims_Agent_Charter proposed charter] has completed its Identity Commons discussion period. After the charter is updated to reflect the 1/28/11 conference call, we will call for a Identity Commons vote to formally create the working group.

=== Mailing List ===

You can subscribe to our [http://lists.idcommons.net/lists/info/claims-agent mailing list]

=== Next Conference Call ===

* Next Conference call is Friday, February 4,1:00 ET, 10:00 PT

Call In Details (ICF's bridge)

OPTION #1: SKYPE – Dial +9900827047990866

OPTION #2: US/CANADA TOLL LINE: Dial +1 (201) 793-9022 then enter 7990866#

OPTION #3: US/CANADA TOLL-FREE LINE (please use only if necessary): Dial +1 (888) 350-0075 then enter 7990866#

OPTION #4: INTERNATIONAL TOLL NUMBERS: Dial the # then enter 7990866#
*Australia +61 1800240997
*Austria +43 080010259254
*Belgium +32 080050903
*France +33 0800940295
*Germany +49 08000004291
*Sweden +46 0200125385
*United Kingdom +44 08003581803

OPTION #5: INTERNATIONAL TOLL NUMBERS: Dial the # then enter 7990866#
*Long distance costs apply
*Austria +43 (0) 82040115470
*Belgium +32 (0) 7 0357134
*France +33 (0) 826109071
*Germany +49 01805009527
*Ireland +353 (0) 818270968
*Italy +39 848390177
*Spain +34 (9) 02885791
*Switzerland +41 (0) 8 48560397
*United Kingdom +44 (0) 8454018081

=== Next Scheduled Face-to-Face Meeting ===
*Monday, February 14th During Identity Collaboration Day. See [http://www.internetidentityworkshop.com/identity-collaboration-day-feb-14th-prior-to-rsa/ Identity Collaboration Day Registration]
*We may also continue the discussion on the morning of Tuesday, February 15, location TBD.

=== Open Technical Questions ===
The list of open questions can be found at [http://wiki.idcommons.net/index.php?title=Claims-Agent-Open-Questions Open-Questions]

Claims Agent Working Group

2011-01-31T04:22:53Z

Paul.trevithick: /* Purpose */

=== Project Name ===

Claims Agent Working Group

=== Purpose ===

The purpose of this working group is to (i) create a forum for the development of standards-based, interoperable, verified claims agent implementations (which would include both open source and commercial components), to (ii) initially focus on specific scenarios that the community and customers work together to implement and deploy end-to-end and (iii) provide funding and other incentives for the development of open source components.
A verified claims agent is a set of software components that allows the user to utilize claim-sets from different sources at relying parties (RPs) of their choosing, under their control, using technology that helps to protect their privacy and helps to ensure the security of the system end to end. Verified claims come from sources that do the verification and digitally sign the claims-sets; the agent itself does not do the verification and does not re-sign the claims or sets.

=== Status ===

The Claims-Agent Working group in its formation phase. It has already started having weekly meetings. The [http://wiki.idcommons.net/Claims_Broker_Charter proposed charter] has completed its Identity Commons discussion period. After the charter is updated to reflect the 1/28/11 conference call, we will call for a Identity Commons vote to formally create the working group.

=== Mailing List ===

You can subscribe to our [http://lists.idcommons.net/lists/info/claims-agent mailing list]

=== Next Conference Call ===

* Next Conference call is Friday, February 4,1:00 ET, 10:00 PT

Call In Details (ICF's bridge)

OPTION #1: SKYPE – Dial +9900827047990866

OPTION #2: US/CANADA TOLL LINE: Dial +1 (201) 793-9022 then enter 7990866#

OPTION #3: US/CANADA TOLL-FREE LINE (please use only if necessary): Dial +1 (888) 350-0075 then enter 7990866#

OPTION #4: INTERNATIONAL TOLL NUMBERS: Dial the # then enter 7990866#
*Australia +61 1800240997
*Austria +43 080010259254
*Belgium +32 080050903
*France +33 0800940295
*Germany +49 08000004291
*Sweden +46 0200125385
*United Kingdom +44 08003581803

OPTION #5: INTERNATIONAL TOLL NUMBERS: Dial the # then enter 7990866#
*Long distance costs apply
*Austria +43 (0) 82040115470
*Belgium +32 (0) 7 0357134
*France +33 (0) 826109071
*Germany +49 01805009527
*Ireland +353 (0) 818270968
*Italy +39 848390177
*Spain +34 (9) 02885791
*Switzerland +41 (0) 8 48560397
*United Kingdom +44 (0) 8454018081

=== Next Scheduled Face-to-Face Meeting ===
*Monday, February 14th During Identity Collaboration Day. See [http://www.internetidentityworkshop.com/identity-collaboration-day-feb-14th-prior-to-rsa/ Identity Collaboration Day Registration]
*We may also continue the discussion on the morning of Tuesday, February 15, location TBD.

=== Open Technical Questions ===
The list of open questions can be found at [http://wiki.idcommons.net/index.php?title=Claims-Agent-Open-Questions Open-Questions]

Claims Agent Charter

2011-01-17T04:39:53Z

Paul.trevithick: /* Current Membership */

'''Version 1.6'''
=== Status ===
* 16-Jan-2011: v1.6: ptrevithick: added a link to the new claims-agent mailing list
* 13-Jan-2011: v1.5: ptrevithick: added a mention that anyone can login with any OpenID and add their names to the participants list
* 10-Jan-2011: v1.4: craigwi: incorporated feedback from conference call
* 09-Jan-2011: v1.3: craigwi: incorporate feedback from early reviewers
* 07-Jan-2011: v1.2: craigwi: added initial scenarios; reworked language around components .vs. active client; other clarifications.
* 04-Jan-2011: v1.1: ptrevithick: renamed from Claims Broker to Claims Agent
* 30-Dec-2010: v1.0: ptrevithick: charter circulated for discussion period within Stewards Council

=== Name ===

Claims Agent Working Group

=== Purpose ===

The purpose of this working group is to (i) create a forum for the development of standards-based, interoperable, verified claims agent implementations (which would include both open source and commercial components), to (ii) initially focus on specific scenarios that the community and customers work together to implement and deploy end-to-end and (iii) provide funding and other incentives for the development of open source components.
A verified claims agent is a set of software components that allows the user to utilize claim-sets from different sources at relying parties (RPs) of their choosing, under their control, using technology that helps to protect their privacy and helps to ensure the security of the system end to end. Verified claims come from sources that do the verification and digitally sign the claims-sets; the agent itself does not do the verification and do not resign the claims or sets. The agent has the following characteristics:
* MUST be able to be used with an unmodified browser (includes all types of desktop and mobile devices; support for specific platforms and browsers TBD); this capability would be supported by a “cloud hosted” agent and would support many, but not all of the possible privacy and security features.
* MUST be possible to configure the system to prevent claims providers from being able to trivially track the use of a claims-set. MUST also be possible to configure the system to prevent trivial correlation of claims-sets delivered to different recipients. Both of these capabilities can be achieved by so-called minimal disclosure technologies based on zero knowledge cryptographic techniques or equivalent techniques.
* MUST provide mechanisms to mitigate the theft or lending of claims sets; e.g., claims sets could be cryptographically bound to a device such as a TPM chip, smart card, or phone.
* MAY include components downloaded to the user’s desktop or mobile device (e.g., a browser extension) to provide additional privacy and security features; e.g., used to invoke the agent service while reducing the phishing attack surface; store information local to the device; prevent the agent service from observing the flow of claims from provider to RP.
* Components downloaded to the user’s desktop or mobile device MAY also enhance the user experience, but MUST remain aligned and conceptually compatible with the user experience provided by the agent service.
* Architecture MUST support applications on a desktop or mobile device other than a browser; initial development efforts MAY not.
* MAY support existing specifications and protocols such as WS-Federation, OpenID, SAML and IMI
* MAY be used to provide claims used for authentication
* MAY include the ability to provide current or past claims (and convey which is which)
* MUST enable the exchange of variable claims which means that in some scenarios the process of retrieving claims-sets includes additional parameters that indicate something about the context of the request

=== Overall Scope ===

* To create a verified claims agent development community that includes open source, research and commercial efforts.
* To build liason relationships with related efforts at OpenID Artifact Binding WG, IETF (e.g., OAuth), Kantara (e.g. ULX and CI), Mozilla (e.g. Account Manager) and W3C (new initiatives being considered). Where possible to work with these organizations on their respective specs, rather than creating new specs.
* To build and test together at least one complete implementation of all claims agent components, including multiple cloud hosted agents and components for a wide range of desktop and mobile devices (specific systems and versions support TBD). May be a mix of open source and commercial components. The binaries of the commercially developed components must be available under RANDZ terms. All desktop and mobile device components must be compatible with all of the cloud agent instances.
* To fund one complete, open source claims agent implementation including a cloud agent (e.g., in Java, or .NET, or other suitable language) and components for desktop and mobile devices. All open source code will be licensed under TBD license (most likely Apache 2.0) and resulting components must be interoperable with any commercially developed components.
* To support and fund interoperability testing of claims agent components developed by the working group
* To participate in discussions on: Trust frameworks that support the verified claims agent; relevant changes in laws and regulations; feedback from members of the privacy community.
* Ensure that the architecture and all components developed enable expansion of the initial target scenarios to include commercial sources of claims, claims orchestration and aggregation, and claims marketplaces (where there may be transaction costs per claims exchange).
* Consider how the architecture and components developed can enable value added services on both the cloud agent and the desktop and mobile devices.

=== Initial Target Scenario Characteristics ===

* Claims come from government, health and education sources and are verified by some source-dependent means.
* The expectation is that there is no cost to the citizen to use the claims and very limited cost, if any, to the organizations who consume them.
* Supported RPs include those at the same institutions that provided the claims, different agencies at different levels of governments and across national borders, as well as commercial organizations.
* Claims are exchanged in a way that helps protect the privacy of the citizen and security requirements of the claims provider (specific mechanisms employed depend on the scenario).
* Support for authentication would be limited to pre-allocated identifiers such as email (i.e., not dynamically allocated pseudonyms)

=== Principles ===

See Identity Commons [[Purpose And Principles]]

=== Practices ===

* We plan to collaborate using an Identity Commons-hosted mailing list
* We plan to contribute source code to a common repository. This repository will likely be a new repository in a larger effort such as [http://www.outercurve.org/ Outercurve Foundation] or [http://www.eclipse.org Eclipse].
* We plan to collaborate with the Identity Commons OSIS WG for interoperability testing.
* Specifications to be standardized would be submitted to standards groups such as OASIS, W3C, IETF and OpenID.
* We plan to seek corporate funding for the open source code and interoperability phases of this work. As Identity Commons evolves to support directed funding, this funding will eventually be to Identity Commons and, after an overhead fee is extracted, the balance pass to this working group.

=== Requirements of Participation and How to Join ===

To show interest in joining after this WG is approved by the Identity Commons Stewards Council, just add your name to the list below. This WG will be open to all.

=== Licenses and/or Restrictions on Usage of Work Product ===
* Open Web Foundation for specs
* TBD: likely Apache 2.0 for code

=== Current Deliverables and Milestones ===

To be determined.

=== Current Meeting Schedule ===

To be determined.

=== Current Membership ===
This group has been proposed by Paul Trevithick. The following people have indicated interest in participating.

* Mikaël Ates
* John Bradley
* Iain Henderson (Mydex)
* Rainer Hörbe
* Mike McIntosh (Azigo)
* Susan Morrow (Avoco)
* Andrew Nash
* Axel Nennker
* Søren Peter Nielsen (DK Govt)
* Sandy Porter (Avoco)
* Domenico Rotondi (TXT e-solutions SpA)
* Mary Ruddy (Meristic)
* Don Thibeau (OIDF, OIX)
* Owen Thomas (Clique Space)
* Paul Trevithick (Azigo)
* Michael Versace
* Colin Wallis (NZ Govt)
* Peter Watkins (Province of British Columbia)
* Craig Wittenberg (Microsoft)

====To join====
# Add your name above (alphabetic by last name) if you'd like to participate. You can log in with any OpenID to this wiki.
# Join the [http://lists.idcommons.net/lists/info/claims-agent claims-agent list]

=== Current Stewards Council Representative and Alternate ===

The stewards council representative will be selected by the members of the working group.

=== Current Links ===

None at present.

=== Related Groups ===

* OpenID Artifact Binding Working Group
* [http://kantarainitiative.org/confluence/display/ulx/Home Kantara ULX WG] and [http://kantarainitiative.org/confluence/display/wgci Consumer Identity WG]
* [https://mozillalabs.com/blog/2010/03/account-manager/ Mozilla Account Manager]
* [http://code.google.com/p/openinfocard/ OpenInfoCard]
* [http://www.fc2-consortium.org/ FC2]
* [http://wiki.eclipse.org/Cloud_Selector_1.1 Higgins Cloud Selector]
* [http://wiki.eclipse.org/Active_Client_Overview Higgins Active Client]

=== History ===

This is where the group can share about how/why the group was founded and where will be where quarterly reports will be linked to.

Claims Agent Charter

2011-01-17T03:02:32Z

Paul.trevithick:

'''Version 1.6'''
=== Status ===
* 16-Jan-2011: v1.6: ptrevithick: added a link to the new claims-agent mailing list
* 13-Jan-2011: v1.5: ptrevithick: added a mention that anyone can login with any OpenID and add their names to the participants list
* 10-Jan-2011: v1.4: craigwi: incorporated feedback from conference call
* 09-Jan-2011: v1.3: craigwi: incorporate feedback from early reviewers
* 07-Jan-2011: v1.2: craigwi: added initial scenarios; reworked language around components .vs. active client; other clarifications.
* 04-Jan-2011: v1.1: ptrevithick: renamed from Claims Broker to Claims Agent
* 30-Dec-2010: v1.0: ptrevithick: charter circulated for discussion period within Stewards Council

=== Name ===

Claims Agent Working Group

=== Purpose ===

The purpose of this working group is to (i) create a forum for the development of standards-based, interoperable, verified claims agent implementations (which would include both open source and commercial components), to (ii) initially focus on specific scenarios that the community and customers work together to implement and deploy end-to-end and (iii) provide funding and other incentives for the development of open source components.
A verified claims agent is a set of software components that allows the user to utilize claim-sets from different sources at relying parties (RPs) of their choosing, under their control, using technology that helps to protect their privacy and helps to ensure the security of the system end to end. Verified claims come from sources that do the verification and digitally sign the claims-sets; the agent itself does not do the verification and do not resign the claims or sets. The agent has the following characteristics:
* MUST be able to be used with an unmodified browser (includes all types of desktop and mobile devices; support for specific platforms and browsers TBD); this capability would be supported by a “cloud hosted” agent and would support many, but not all of the possible privacy and security features.
* MUST be possible to configure the system to prevent claims providers from being able to trivially track the use of a claims-set. MUST also be possible to configure the system to prevent trivial correlation of claims-sets delivered to different recipients. Both of these capabilities can be achieved by so-called minimal disclosure technologies based on zero knowledge cryptographic techniques or equivalent techniques.
* MUST provide mechanisms to mitigate the theft or lending of claims sets; e.g., claims sets could be cryptographically bound to a device such as a TPM chip, smart card, or phone.
* MAY include components downloaded to the user’s desktop or mobile device (e.g., a browser extension) to provide additional privacy and security features; e.g., used to invoke the agent service while reducing the phishing attack surface; store information local to the device; prevent the agent service from observing the flow of claims from provider to RP.
* Components downloaded to the user’s desktop or mobile device MAY also enhance the user experience, but MUST remain aligned and conceptually compatible with the user experience provided by the agent service.
* Architecture MUST support applications on a desktop or mobile device other than a browser; initial development efforts MAY not.
* MAY support existing specifications and protocols such as WS-Federation, OpenID, SAML and IMI
* MAY be used to provide claims used for authentication
* MAY include the ability to provide current or past claims (and convey which is which)
* MUST enable the exchange of variable claims which means that in some scenarios the process of retrieving claims-sets includes additional parameters that indicate something about the context of the request

=== Overall Scope ===

* To create a verified claims agent development community that includes open source, research and commercial efforts.
* To build liason relationships with related efforts at OpenID Artifact Binding WG, IETF (e.g., OAuth), Kantara (e.g. ULX and CI), Mozilla (e.g. Account Manager) and W3C (new initiatives being considered). Where possible to work with these organizations on their respective specs, rather than creating new specs.
* To build and test together at least one complete implementation of all claims agent components, including multiple cloud hosted agents and components for a wide range of desktop and mobile devices (specific systems and versions support TBD). May be a mix of open source and commercial components. The binaries of the commercially developed components must be available under RANDZ terms. All desktop and mobile device components must be compatible with all of the cloud agent instances.
* To fund one complete, open source claims agent implementation including a cloud agent (e.g., in Java, or .NET, or other suitable language) and components for desktop and mobile devices. All open source code will be licensed under TBD license (most likely Apache 2.0) and resulting components must be interoperable with any commercially developed components.
* To support and fund interoperability testing of claims agent components developed by the working group
* To participate in discussions on: Trust frameworks that support the verified claims agent; relevant changes in laws and regulations; feedback from members of the privacy community.
* Ensure that the architecture and all components developed enable expansion of the initial target scenarios to include commercial sources of claims, claims orchestration and aggregation, and claims marketplaces (where there may be transaction costs per claims exchange).
* Consider how the architecture and components developed can enable value added services on both the cloud agent and the desktop and mobile devices.

=== Initial Target Scenario Characteristics ===

* Claims come from government, health and education sources and are verified by some source-dependent means.
* The expectation is that there is no cost to the citizen to use the claims and very limited cost, if any, to the organizations who consume them.
* Supported RPs include those at the same institutions that provided the claims, different agencies at different levels of governments and across national borders, as well as commercial organizations.
* Claims are exchanged in a way that helps protect the privacy of the citizen and security requirements of the claims provider (specific mechanisms employed depend on the scenario).
* Support for authentication would be limited to pre-allocated identifiers such as email (i.e., not dynamically allocated pseudonyms)

=== Principles ===

See Identity Commons [[Purpose And Principles]]

=== Practices ===

* We plan to collaborate using an Identity Commons-hosted mailing list
* We plan to contribute source code to a common repository. This repository will likely be a new repository in a larger effort such as [http://www.outercurve.org/ Outercurve Foundation] or [http://www.eclipse.org Eclipse].
* We plan to collaborate with the Identity Commons OSIS WG for interoperability testing.
* Specifications to be standardized would be submitted to standards groups such as OASIS, W3C, IETF and OpenID.
* We plan to seek corporate funding for the open source code and interoperability phases of this work. As Identity Commons evolves to support directed funding, this funding will eventually be to Identity Commons and, after an overhead fee is extracted, the balance pass to this working group.

=== Requirements of Participation and How to Join ===

To show interest in joining after this WG is approved by the Identity Commons Stewards Council, just add your name to the list below. This WG will be open to all.

=== Licenses and/or Restrictions on Usage of Work Product ===
* Open Web Foundation for specs
* TBD: likely Apache 2.0 for code

=== Current Deliverables and Milestones ===

To be determined.

=== Current Meeting Schedule ===

To be determined.

=== Current Membership ===
This group has been proposed by Paul Trevithick. The following people have indicated interest in participating.

* John Bradley
* Iain Henderson (Mydex)
* Rainer Hörbe
* Mike McIntosh (Azigo)
* Susan Morrow (Avoco)
* Andrew Nash
* Axel Nennker
* Søren Peter Nielsen (DK Govt)
* Sandy Porter (Avoco)
* Domenico Rotondi (TXT e-solutions SpA)
* Mary Ruddy (Meristic)
* Don Thibeau (OIDF, OIX)
* Owen Thomas (Clique Space)
* Paul Trevithick (Azigo)
* Michael Versace
* Colin Wallis (NZ Govt)
* Peter Watkins (Province of British Columbia)
* Craig Wittenberg (Microsoft)

====To join====
# Add your name above (alphabetic by last name) if you'd like to participate. You can log in with any OpenID to this wiki.
# Join the [http://lists.idcommons.net/lists/info/claims-agent claims-agent list]

=== Current Stewards Council Representative and Alternate ===

The stewards council representative will be selected by the members of the working group.

=== Current Links ===

None at present.

=== Related Groups ===

* OpenID Artifact Binding Working Group
* [http://kantarainitiative.org/confluence/display/ulx/Home Kantara ULX WG] and [http://kantarainitiative.org/confluence/display/wgci Consumer Identity WG]
* [https://mozillalabs.com/blog/2010/03/account-manager/ Mozilla Account Manager]
* [http://code.google.com/p/openinfocard/ OpenInfoCard]
* [http://www.fc2-consortium.org/ FC2]
* [http://wiki.eclipse.org/Cloud_Selector_1.1 Higgins Cloud Selector]
* [http://wiki.eclipse.org/Active_Client_Overview Higgins Active Client]

=== History ===

This is where the group can share about how/why the group was founded and where will be where quarterly reports will be linked to.

Claims Agent Charter

2011-01-13T15:22:09Z

Paul.trevithick: /* Requirements of Participation and How to Join */

'''Version 1.5'''
=== Status ===
* 13-Jan-2011: v1.5: ptrevithick: added a mention that anyone can login with any OpenID and add their names to the participants list
* 10-Jan-2011: v1.4: craigwi: incorporated feedback from conference call
* 09-Jan-2011: v1.3: craigwi: incorporate feedback from early reviewers
* 07-Jan-2011: v1.2: craigwi: added initial scenarios; reworked language around components .vs. active client; other clarifications.
* 04-Jan-2011: v1.1: ptrevithick: renamed from Claims Broker to Claims Agent
* 30-Dec-2010: v1.0: ptrevithick: charter circulated for discussion period within Stewards Council

=== Name ===

Claims Agent Working Group

=== Purpose ===

The purpose of this working group is to (i) create a forum for the development of standards-based, interoperable, verified claims agent implementations (which would include both open source and commercial components), to (ii) initially focus on specific scenarios that the community and customers work together to implement and deploy end-to-end and (iii) provide funding and other incentives for the development of open source components.
A verified claims agent is a set of software components that allows the user to utilize claim-sets from different sources at relying parties (RPs) of their choosing, under their control, using technology that helps to protect their privacy and helps to ensure the security of the system end to end. Verified claims come from sources that do the verification and digitally sign the claims-sets; the agent itself does not do the verification and do not resign the claims or sets. The agent has the following characteristics:
* MUST be able to be used with an unmodified browser (includes all types of desktop and mobile devices; support for specific platforms and browsers TBD); this capability would be supported by a “cloud hosted” agent and would support many, but not all of the possible privacy and security features.
* MUST be possible to configure the system to prevent claims providers from being able to trivially track the use of a claims-set. MUST also be possible to configure the system to prevent trivial correlation of claims-sets delivered to different recipients. Both of these capabilities can be achieved by so-called minimal disclosure technologies based on zero knowledge cryptographic techniques or equivalent techniques.
* MUST provide mechanisms to mitigate the theft or lending of claims sets; e.g., claims sets could be cryptographically bound to a device such as a TPM chip, smart card, or phone.
* MAY include components downloaded to the user’s desktop or mobile device (e.g., a browser extension) to provide additional privacy and security features; e.g., used to invoke the agent service while reducing the phishing attack surface; store information local to the device; prevent the agent service from observing the flow of claims from provider to RP.
* Components downloaded to the user’s desktop or mobile device MAY also enhance the user experience, but MUST remain aligned and conceptually compatible with the user experience provided by the agent service.
* Architecture MUST support applications on a desktop or mobile device other than a browser; initial development efforts MAY not.
* MAY support existing specifications and protocols such as WS-Federation, OpenID, SAML and IMI
* MAY be used to provide claims used for authentication
* MAY include the ability to provide current or past claims (and convey which is which)
* MUST enable the exchange of variable claims which means that in some scenarios the process of retrieving claims-sets includes additional parameters that indicate something about the context of the request

=== Overall Scope ===

* To create a verified claims agent development community that includes open source, research and commercial efforts.
* To build liason relationships with related efforts at OpenID Artifact Binding WG, IETF (e.g., OAuth), Kantara (e.g. ULX and CI), Mozilla (e.g. Account Manager) and W3C (new initiatives being considered). Where possible to work with these organizations on their respective specs, rather than creating new specs.
* To build and test together at least one complete implementation of all claims agent components, including multiple cloud hosted agents and components for a wide range of desktop and mobile devices (specific systems and versions support TBD). May be a mix of open source and commercial components. The binaries of the commercially developed components must be available under RANDZ terms. All desktop and mobile device components must be compatible with all of the cloud agent instances.
* To fund one complete, open source claims agent implementation including a cloud agent (e.g., in Java, or .NET, or other suitable language) and components for desktop and mobile devices. All open source code will be licensed under TBD license (most likely Apache 2.0) and resulting components must be interoperable with any commercially developed components.
* To support and fund interoperability testing of claims agent components developed by the working group
* To participate in discussions on: Trust frameworks that support the verified claims agent; relevant changes in laws and regulations; feedback from members of the privacy community.
* Ensure that the architecture and all components developed enable expansion of the initial target scenarios to include commercial sources of claims, claims orchestration and aggregation, and claims marketplaces (where there may be transaction costs per claims exchange).
* Consider how the architecture and components developed can enable value added services on both the cloud agent and the desktop and mobile devices.

=== Initial Target Scenario Characteristics ===

* Claims come from government, health and education sources and are verified by some source-dependent means.
* The expectation is that there is no cost to the citizen to use the claims and very limited cost, if any, to the organizations who consume them.
* Supported RPs include those at the same institutions that provided the claims, different agencies at different levels of governments and across national borders, as well as commercial organizations.
* Claims are exchanged in a way that helps protect the privacy of the citizen and security requirements of the claims provider (specific mechanisms employed depend on the scenario).
* Support for authentication would be limited to pre-allocated identifiers such as email (i.e., not dynamically allocated pseudonyms)

=== Principles ===

See Identity Commons [[Purpose And Principles]]

=== Practices ===

* We plan to collaborate using an Identity Commons-hosted mailing list
* We plan to contribute source code to a common repository. This repository will likely be a new repository in a larger effort such as [http://www.outercurve.org/ Outercurve Foundation] or [http://www.eclipse.org Eclipse].
* We plan to collaborate with the Identity Commons OSIS WG for interoperability testing.
* Specifications to be standardized would be submitted to standards groups such as OASIS, W3C, IETF and OpenID.
* We plan to seek corporate funding for the open source code and interoperability phases of this work. As Identity Commons evolves to support directed funding, this funding will eventually be to Identity Commons and, after an overhead fee is extracted, the balance pass to this working group.

=== Requirements of Participation and How to Join ===

To show interest in joining after this WG is approved by the Identity Commons Stewards Council, just add your name to the list below. This WG will be open to all.

=== Licenses and/or Restrictions on Usage of Work Product ===
* Open Web Foundation for specs
* TBD: likely Apache 2.0 for code

=== Current Deliverables and Milestones ===

To be determined.

=== Current Meeting Schedule ===

To be determined.

=== Current Membership ===
This group has been proposed by Paul Trevithick. The following people have indicated interest in participating. Add your name (and optional affiliation) if you'd like to participate. (You can log in with any OpenID to this wiki)

* John Bradley
* Iain Henderson (Mydex)
* Mike McIntosh (Azigo)
* Susan Morrow (Avoco)
* Andrew Nash
* Sandy Porter (Avoco)
* Mary Ruddy (Meristic)
* Don Thibeau (OIDF, OIX)
* Paul Trevithick (Azigo)
* Peter Watkins (Province of British Columbia)
* Craig Wittenberg (Microsoft)
* Michael Versace

=== Current Stewards Council Representative and Alternate ===

The stewards council representative will be selected by the members of the working group.

=== Current Links ===

None at present.

=== Related Groups ===

* OpenID Artifact Binding Working Group
* [http://kantarainitiative.org/confluence/display/ulx/Home Kantara ULX WG] and [http://kantarainitiative.org/confluence/display/wgci Consumer Identity WG]
* [https://mozillalabs.com/blog/2010/03/account-manager/ Mozilla Account Manager]
* [http://code.google.com/p/openinfocard/ OpenInfoCard]
* [http://www.fc2-consortium.org/ FC2]
* [http://wiki.eclipse.org/Cloud_Selector_1.1 Higgins Cloud Selector]
* [http://wiki.eclipse.org/Active_Client_Overview Higgins Active Client]

=== History ===

This is where the group can share about how/why the group was founded and where will be where quarterly reports will be linked to.

Claims Agent Charter

2011-01-13T15:19:28Z

Paul.trevithick:

'''Version 1.5'''
=== Status ===
* 13-Jan-2011: v1.5: ptrevithick: added a mention that anyone can login with any OpenID and add their names to the participants list
* 10-Jan-2011: v1.4: craigwi: incorporated feedback from conference call
* 09-Jan-2011: v1.3: craigwi: incorporate feedback from early reviewers
* 07-Jan-2011: v1.2: craigwi: added initial scenarios; reworked language around components .vs. active client; other clarifications.
* 04-Jan-2011: v1.1: ptrevithick: renamed from Claims Broker to Claims Agent
* 30-Dec-2010: v1.0: ptrevithick: charter circulated for discussion period within Stewards Council

=== Name ===

Claims Agent Working Group

=== Purpose ===

The purpose of this working group is to (i) create a forum for the development of standards-based, interoperable, verified claims agent implementations (which would include both open source and commercial components), to (ii) initially focus on specific scenarios that the community and customers work together to implement and deploy end-to-end and (iii) provide funding and other incentives for the development of open source components.
A verified claims agent is a set of software components that allows the user to utilize claim-sets from different sources at relying parties (RPs) of their choosing, under their control, using technology that helps to protect their privacy and helps to ensure the security of the system end to end. Verified claims come from sources that do the verification and digitally sign the claims-sets; the agent itself does not do the verification and do not resign the claims or sets. The agent has the following characteristics:
* MUST be able to be used with an unmodified browser (includes all types of desktop and mobile devices; support for specific platforms and browsers TBD); this capability would be supported by a “cloud hosted” agent and would support many, but not all of the possible privacy and security features.
* MUST be possible to configure the system to prevent claims providers from being able to trivially track the use of a claims-set. MUST also be possible to configure the system to prevent trivial correlation of claims-sets delivered to different recipients. Both of these capabilities can be achieved by so-called minimal disclosure technologies based on zero knowledge cryptographic techniques or equivalent techniques.
* MUST provide mechanisms to mitigate the theft or lending of claims sets; e.g., claims sets could be cryptographically bound to a device such as a TPM chip, smart card, or phone.
* MAY include components downloaded to the user’s desktop or mobile device (e.g., a browser extension) to provide additional privacy and security features; e.g., used to invoke the agent service while reducing the phishing attack surface; store information local to the device; prevent the agent service from observing the flow of claims from provider to RP.
* Components downloaded to the user’s desktop or mobile device MAY also enhance the user experience, but MUST remain aligned and conceptually compatible with the user experience provided by the agent service.
* Architecture MUST support applications on a desktop or mobile device other than a browser; initial development efforts MAY not.
* MAY support existing specifications and protocols such as WS-Federation, OpenID, SAML and IMI
* MAY be used to provide claims used for authentication
* MAY include the ability to provide current or past claims (and convey which is which)
* MUST enable the exchange of variable claims which means that in some scenarios the process of retrieving claims-sets includes additional parameters that indicate something about the context of the request

=== Overall Scope ===

* To create a verified claims agent development community that includes open source, research and commercial efforts.
* To build liason relationships with related efforts at OpenID Artifact Binding WG, IETF (e.g., OAuth), Kantara (e.g. ULX and CI), Mozilla (e.g. Account Manager) and W3C (new initiatives being considered). Where possible to work with these organizations on their respective specs, rather than creating new specs.
* To build and test together at least one complete implementation of all claims agent components, including multiple cloud hosted agents and components for a wide range of desktop and mobile devices (specific systems and versions support TBD). May be a mix of open source and commercial components. The binaries of the commercially developed components must be available under RANDZ terms. All desktop and mobile device components must be compatible with all of the cloud agent instances.
* To fund one complete, open source claims agent implementation including a cloud agent (e.g., in Java, or .NET, or other suitable language) and components for desktop and mobile devices. All open source code will be licensed under TBD license (most likely Apache 2.0) and resulting components must be interoperable with any commercially developed components.
* To support and fund interoperability testing of claims agent components developed by the working group
* To participate in discussions on: Trust frameworks that support the verified claims agent; relevant changes in laws and regulations; feedback from members of the privacy community.
* Ensure that the architecture and all components developed enable expansion of the initial target scenarios to include commercial sources of claims, claims orchestration and aggregation, and claims marketplaces (where there may be transaction costs per claims exchange).
* Consider how the architecture and components developed can enable value added services on both the cloud agent and the desktop and mobile devices.

=== Initial Target Scenario Characteristics ===

* Claims come from government, health and education sources and are verified by some source-dependent means.
* The expectation is that there is no cost to the citizen to use the claims and very limited cost, if any, to the organizations who consume them.
* Supported RPs include those at the same institutions that provided the claims, different agencies at different levels of governments and across national borders, as well as commercial organizations.
* Claims are exchanged in a way that helps protect the privacy of the citizen and security requirements of the claims provider (specific mechanisms employed depend on the scenario).
* Support for authentication would be limited to pre-allocated identifiers such as email (i.e., not dynamically allocated pseudonyms)

=== Principles ===

See Identity Commons [[Purpose And Principles]]

=== Practices ===

* We plan to collaborate using an Identity Commons-hosted mailing list
* We plan to contribute source code to a common repository. This repository will likely be a new repository in a larger effort such as [http://www.outercurve.org/ Outercurve Foundation] or [http://www.eclipse.org Eclipse].
* We plan to collaborate with the Identity Commons OSIS WG for interoperability testing.
* Specifications to be standardized would be submitted to standards groups such as OASIS, W3C, IETF and OpenID.
* We plan to seek corporate funding for the open source code and interoperability phases of this work. As Identity Commons evolves to support directed funding, this funding will eventually be to Identity Commons and, after an overhead fee is extracted, the balance pass to this working group.

=== Requirements of Participation and How to Join ===

To be written

=== Licenses and/or Restrictions on Usage of Work Product ===
* Open Web Foundation for specs
* TBD: likely Apache 2.0 for code

=== Current Deliverables and Milestones ===

To be determined.

=== Current Meeting Schedule ===

To be determined.

=== Current Membership ===
This group has been proposed by Paul Trevithick. The following people have indicated interest in participating. Add your name (and optional affiliation) if you'd like to participate. (You can log in with any OpenID to this wiki)

* John Bradley
* Iain Henderson (Mydex)
* Mike McIntosh (Azigo)
* Susan Morrow (Avoco)
* Andrew Nash
* Sandy Porter (Avoco)
* Mary Ruddy (Meristic)
* Don Thibeau (OIDF, OIX)
* Paul Trevithick (Azigo)
* Peter Watkins (Province of British Columbia)
* Craig Wittenberg (Microsoft)
* Michael Versace

=== Current Stewards Council Representative and Alternate ===

The stewards council representative will be selected by the members of the working group.

=== Current Links ===

None at present.

=== Related Groups ===

* OpenID Artifact Binding Working Group
* [http://kantarainitiative.org/confluence/display/ulx/Home Kantara ULX WG] and [http://kantarainitiative.org/confluence/display/wgci Consumer Identity WG]
* [https://mozillalabs.com/blog/2010/03/account-manager/ Mozilla Account Manager]
* [http://code.google.com/p/openinfocard/ OpenInfoCard]
* [http://www.fc2-consortium.org/ FC2]
* [http://wiki.eclipse.org/Cloud_Selector_1.1 Higgins Cloud Selector]
* [http://wiki.eclipse.org/Active_Client_Overview Higgins Active Client]

=== History ===

This is where the group can share about how/why the group was founded and where will be where quarterly reports will be linked to.