# WG Meeting: 2025-01-14 ## Agenda - Special Topic Group - Multi-subject events - Potential Use Case: Death and the Digital Estate - Gartner interop March 2025 London ## Attendees - Shayne Miel (Cisco) - Tom Sato (VeriClouds) - Yair Sarig (Omnissa) - Brian Soby (AppOmni) - Mike Kiser (SailPoint) - Atul Tulshibagwale (SGNL) - Stan Bounev (VeriClouds) - Apoorva Deshpande (Okta) - Tushar Raibhandare (Google) ## Notes ### Gartner Interop March 2025 London - [Atul] March 24th, confirmed - 3 slots and a breakout session - What should we add to this interop? - Maybe different rules for newcomers to encourage participation - Separate call with retro from last interops, ideally next week in early morning (US) - [Shayne] Can we use the conformance tests in this interop? - [Stan] Was there interest from new companies at the recent interop? - [Atul] There were a number of new companies: IBM, Google, AppOmni, Omnissa, Jamf - Too soon to tell in terms of adoption though ### Special Topic Group - [Atul] Can we add something that indicates what the Special Topic Group is about in the group's name? - [Atul] I'm in favor of this - [Apoorva] Does this mean that you have to become a member to participate? There was some desire with the CG to let non-members participate - [Atul] You will have to sign a contribution agreement like you do as part of the WG - [Shayne] WG approves Special Topic Group, with the provision that it updates its name to be more descriptive - [Stan] I would like to co-chair ### Potential Use Case: Death and the Digital Estate - [Mike] Death and the Digital Estate Community Group has started up: https://openid.net/cg/death-and-the-digital-estate/ - Might be an additional use case for events/SSF - Signal notification of death might be sent out from an authoritative source and consumed by anyone listening for it - Integrates with a lot of different areas that are still in a lot of flux: legal, governmental, ethical, etc. - [Yair] - Signals might be subsets of another signal - Death signal which might be a subset of a different signal - [Apporva] could be a VC claim as well - look at the VC aspect as well - How is this different from a risk signal of account purged? - [Mike] - Agreed, we're looking at VCs, personhood creds, etc. - [Shayne] - Is this just about death, or about delegation? - e.g. CEO doesn't have time to do everything - [Mike] - Definitely includes incapcitation, medical events, etc - maybe falls short of "general delegation" -- [Stan] - fascinating topic - So are you not waiting for an official authority to weigh in? - A vendor can assert that someone is deceased? - [Mike] - No, authoritative sources are key, but the technical path of communication of the event might be able to be created previously - Don't *really* want an IDP to be able to arbitrarily declare someone as deceased. - DefCon talk about the danger of weak authority: https://www.youtube.com/watch?v=9FdHq3WfJgs - [Yair] - Account delete/ revoke - is it different? - [Mike] - It is likely different in terms of reactivation of past accounts. These should never come back or be reused. - [Stan] -Is this event stuff the right approach? - [Mike] - Great question(s). Still in the early phases of thought, but wanted the SSF WG to be aware of what was developing and the questions that are being asked. ### Multi-subject events - [Shayne] Brought up by Thomas Dairmont, may wait until he can join to discuss - [Apoorva] SET spec prohibits multi-subject - [Stan] Can you give an example? - [Shayne] Thomas's example was the issuer was compromised and needs to log everyone out - [Yair] Can't we use groups, or other parts of Complex Subject, for this? - [Apoorva] Heads up - IETF is working on adding multiple events into the push transport - https://datatracker.ietf.org/doc/draft-deshpande-secevent-http-multi-push/ - https://datatracker.ietf.org/doc/draft-tulshibagwale-pushpull-delivery/ ## Action Items