Template - Meeting notes

Owned by Yarille Ortiz, created
Last updated: Nov 07, 2024 by Chris Vienneau
2 min read

Ocober 24th  Date

 

 Participants

  •  

 Goals

  • Overview

    Edit

    In the Technical Discussion and Planning Meeting held on October 24, 2024, participants transitioned the session to Zoom and discussed plans to make the meeting public for Linux Foundation members. Toby led a focus on Identity 2.0 projects, including Decentralized Identifiers (DIDs) and Verifiable Credentials, highlighting interoperability challenges. Claude addressed the complexities of authentication in desktop applications, emphasizing trust boundaries with identity managers. The discussion then shifted to zero trust models, device authentication nuances, and the efficacy of sandboxed environments. Participants examined OAuth workflows and cross-application token sharing issues, noting the difficulties of maintaining plugin authentication. The meeting concluded with planning next steps, including a presentation to separate authorization from authentication, with Chris tasked to prepare a demo and gather insights from security experts at Autodesk. Action items were assigned to facilitate these initiatives for future discussions.

    Notes

    Meeting Transition and Setup (02:16 - 09:42)

    • Meeting moved from one platform to Zoom

    • Discussion about making the meeting public for Linux Foundation members

    • Chris to make the meeting public after this session

    Identity and Authentication Discussion (09:42 - 20:34)

    • Toby presented on Identity 2.0 projects and standards

    • Discussed Decentralized Identifiers (DIDs) and their challenges

    • Explored Verifiable Credentials and their interoperability with DIDs

    • Examined the concept of Verified Presentations and their similarity to OAUTH flows

    ️ Desktop Authentication Challenges (20:34 - 28:48)

    • Claude discussed challenges of authentication in desktop products

    • Explored the complexities of storing sensitive information like refresh tokens

    • Discussed the need for establishing trust boundaries between desktop products and identity managers

    Zero Trust and Device Authentication (28:49 - 39:29)

    • Discussed the importance of device authentication in zero trust models

    • Explored differences between mobile and desktop environments in terms of security

    • Considered the potential of sandboxed environments within desktop contexts

    OAuth Workflows and Cross-Application Token Sharing (39:29 - 52:22)

    • Examined OAuth workflows and their documentation

    • Discussed cross-application token sharing and its challenges across vendors

    • Explored the complexities of managing plugin authentication within desktop products

    Next Steps and Future Discussions (52:22 - 01:00:10)

    • Planned presentation on separating authorization from authentication

    • Chris to prepare a demo on different authorization experiences

    • Discussed need for input from security experts at companies like Autodesk

    Action items

    Chris

    • Make the meeting public for Linux Foundation members after this session (02:57)

    • Prepare a demo on different authorization experiences for the next meeting (55:52)

    Chris, Darrell, and Spencer

    • Prepare slides on Zero Trust and methods to solve related problems (56:45)

    unassigned

    • Find security experts from companies like Autodesk to provide input on proposed solutions (57:24)

 Discussion topics

Time

Item

Presenter

Notes

Time

Item

Presenter

Notes

 

 

 









 Action items

Action items

Edit

Chris

Make the meeting public for Linux Foundation members after this session (02:57)

Prepare a demo on different authorization experiences for the next meeting (55:52)

Chris, Darrell, and Spencer

Prepare slides on Zero Trust and methods to solve related problems (56:45)

unassigned

Find security experts from companies like Autodesk to provide input on proposed solutions (57:24)

 Decisions