# WG Meeting: 2024-11-19 ## Agenda - [Performance of streams](https://github.com/openid/sharedsignals/issues/211) - [Machine readable event schema](https://github.com/openid/sharedsignals/issues/158) - [Risk level change event](https://github.com/openid/sharedsignals/issues/200) - OpenID Budget for 2025 - SSWG items - Status of SSF conformance tests ## Attendees - Erik Gomez (JGSW) - Atul Tulshibagwale (SGNL) - Thomas Darimont (OIDF) - Sean O'Neill (Easy Dynamics - Jay Leslie (Easy Dynamics) - Jen Schreiber (Workday) - Gail Hodges (OIDF) - Sean O'Dell (Disney) - Keiko Itakura(Okta) - Mike Kiser (SailPoint) - Yair Sarig (Omnissa) - Stan Bounev (VeriClouds) ## Notes ### Budget discussion - (Gail) What are the high-level goals of the WG? - Final specs, additional schemas, etc. - Interop events (Gartner, new forums), cross the adoption chasm - Major prospects could include US Government - More security analyses? - Support for comms (4 planned blog posts), white paper - In-person workshop - A big prospect for SSF is an ecosystem that already uses another OpenID spec (e.g. FAPI) - Ecosystem white paper? - Outreach to specific communities (like we did in Brazil and Chile) - AuthZEN and IPSIE - Australia thinking of a community group for the Australia market - Conformance and certification - (Sean) How do you implement the spec? They want more hands on consulting (as OIDF members, not private company representatives) - (Gail) OIDF could set aside budget for very selective engagement with key organizations to build broad support - (Mike) Some of the general advice part can be left to IPSIE, because that is what it was meant for - (Sean) They want the details, not the high-level vision - (Mike) OIDF may not be the right place to do this kind of consulting - (Sean) We need a practitioner group, I might start it, but I don't know where - (Stan) Can we offer certifications to consulting companies and also employees of implementer companies? "Certified Shared Signals Expert" courses offered by OIDF and a test to give a certification to the peopole successfuly complete it. - (Gail) IDPro could do this with OIDF funding - (Sean) That might work - (Gail) We need a clear sense of what the major initiatives are, and what their scope is. ### Certification / Conformance update - (Thomas) Conformance tests current status: - Thomas shared a demo - (Thomas) What can we do in the Gartner interop timeframe - (Atul) Other than encouraging participants to test, we can't do anything because of the close timing - (Mike) Agree - (Thomas) I'm testing with three different providers (caep.dev, Omnissa, and Okta) Various degrees of success - (Atul) When / where can we get access to the conformance tests? - (Thomas) It's already in the OIDF GitLab, but not live yet because it is in development - (Atul) How do we go about verifying the tests - (Thomas) Let's do a deep dive, where we go through every test, with the knowledge of the implementation and the spec, we should be able to build confidence - (Thomas) We would like to get to a "mergeable" state by the end of the week, hopefully ready by next week end - (Yair) Can the responses be stored in a file? - (Thomas) There is a "Download logs" feature that lets you view all the requests and responses - (Thomas) This is how some FAPI participants are certifying their implementations - (Thomas) They run the tests on their staging environment, and have tools to verify the results with the expected results - (Atul) Can we go to GitLab today and download it? - (Thomas) - Main [GitLab link](https://gitlab.com/openid/conformance-suite) - Branch for SSF development: [Gitlab Link](https://gitlab.com/openid/conformance-suite/-/tree/gl1386-ssf-tests?ref_type=heads) ### Machine Readable Schema - Notes added as a comment in: - [Machine readable event schema](https://github.com/openid/sharedsignals/issues/158) ## Action Items