Attendees:  Kevin Morooney, Brad Christ, Marc Wallman, Mark Johnson, Klaas Wierenga, Steve Zoppi, Elaine Alejo, Margaret Cullen, Laura Paglione

Regrets: Ann West

Joined by Heather Flanagan

Agenda:

  • Heather Flanagan - Discussion on Browser Changes and the Impacts on Federated Identity

Minutes:

  • Heather Flanagan ran through her presentation on browsers and how we might help contribute and  adapt to things as they change.  
  • The PAG discussed the problem of  browsers needing to prevent tracking and that  applications and services need to work through browsers to support SSO/federated login.
  • There was discussion on the issues with Cookies and how the larger browsers are dealing with them now

  • It was noted that Several organizations are grappling with different perspectives on the problem already: IETF, OIDF, W3C’s WICG WebID, Inc TAC, REFEDS

  • Educause would be a good group to talk to vendors and see how they are adapting their technologies. 

  • Heather suggested that she needs help in thinking about what needs to be done down the road and looking for folks that understand the problem and can take it to the next degree to step up to help get the information out. I2 can help by encouraging groups that might have resources that can be put towards this.  Charter is in progress right now.

  • Several felt it wasn't a governance question at this time

  • It was suggested that if  people on this call were to go to a W3C community group, we would be heard and could potentially make a difference.
  • It is much more about making sure that the impacts are understood and considered, from a technical perspective, rather than an attempt to say “stop”.  This is something that has to happen for user privacy, but we need to work with people to allow it to happen without being incredibly disruptive to our constituencies.  
  • Discussions also included how we get involved in the standards and figuring  out what is the right way to have a consent mechanism put in effect. Who do you trust as part of SAML?

Comments:

  • I think that a few well-informed technical folks could make a huge difference if we understand both: (1) how vital to user privacy it is to stop the widescale tracking that happens on the Internet today, and (2) how our class of applications relies on tracking to provide secure access to resources.  There needs to be a more nuanced answer than “stop all tracking” or “leave all tracking alone”, and I think it is in our best interest (along with others) to help find it.



  • Next meeting: Aug. 09 , 2021
  • No labels