►
From YouTube: IETF93-ABFAB-20150720-1740
Description
ABFAB meeting session at IETF93
2015/07/20 1740
A
A
B
D
B
Thank
you
excellent
all
right,
then,
so
we
got
an
hour
better
make
the
most
of
it.
You
won't
see
in
the
note
well-
and
this
is
our
primary
focus
today-
they're
the
big
red
splotches
on
the
the
data
tracker
page
for
our
working
group.
That
says
that
we
have
one
document.
That's
been
sitting
in
the
RSC
editors
queues
for
four
1027
days
right.
The
other
is
only
320
t
nine
days
right.
This
we
gotta
fix
the
the
stuff.
That's
holding
this
up
is,
of
course,
triple
a
saml.
B
We
also
have
the
UI
graft,
you
ice
conservation,
grafts
to
get
get
done,
and
so
I
crafted
an
agenda
to
get
us
as
much
work
as
possible
on
those
two
documents.
There
is
one
more
if
we
have
time
I
promised
on
Stefan
to
do
a
quick
press
0
on
the
credential
forwarding
delegation
draft
that
he
stopped,
but
my
suggestion
is
that
we
quickly
dispense
with
you
I
considerations
in
in
like
three
minutes
and
then
move
on
to
triple-a.
Samo.
Are
you
okay
with
that
wrist
you?
E
B
E
B
B
B
A
B
Good
good
to
go
yeah,
it's
like
your
assessment,
okay,
fine!
So
next
Rev
as
quickly
as
humanly
possible,
I'll
issue,
a
working
group
last
call,
and
then
we
can
we
can
be.
You
can
be
in
right
up
stage
before
before.
September
yeah
that'd
be
fine.
Okay,
all
right-
and
this
actually
has
been
fairly
well
reviewed
now
recently,
so
you
know
it's
not
Chevy
all
right,
so
triple
a
saml
go
heavy!
Let
me
bring
up
your
slides.
A
D
Main
issue
will
have
with
this
draft
so
far
is
that
we
needed
a
mapping,
or
am
I
a
binding
between
the
saml
name
and
the
tripoli
name
when
the
policies
applied
based
on
some
names,
and
I
have
a
premium
proposal
that
I
sent
the
middle
east
just
today
with
the
definition
of
two
different
Road
script
of
types,
radish,
a
DB
descriptor
and
reduce
RP
descriptor
and
the
definition
of
radish
uri
scheme
that
has
some
pointed
out.
My
might
need
to
be
avoided.
Aquarium
wealth
in
for
sake
of
simplicity
and
well.
In
addition
of
this
next.
D
We
have
other
relevant
issues
were
but
minor,
three
issues
that
most
of
them
were
raised
by
g
in
our
last
conference,
which
was
that
with
a
new
name
of
the
entities
that
I
did,
try
to
amo
amo
Genesis
alpha
and
the
sam'l
names
that
were
in
the
previous
version
of
the
documents.
We
should
include
a
table
at
the
beginning
of
the
document
as
the
one
included
into
the
architecture
of
alpha,
and
I
already
done
this
done
this
sorry
in
version
I
have
in
my
computer
waiting
for
we
completely
to
be
submitted.
A
D
This
is
a
question
for
for
Reese
sorry
I
domain
only
made
representations
allowed
in
the
network
access
identifier,
name
identified
format,
I
mean
in
Section.
5
of
this
document
describes
this
network
access
identifier
name
identifier,
format,
which
is
a
form
attitude,
so
our
domain
only
may
presentation
allowed
for
this
forest.
Sometimes
the
IDB
doesn't
provide
a
full
name
of
the
user
today,
RP,
so
it's
possible
to
use
the
add
domain
or
at
realm
notation
is
nai.
A
A
D
And
these
are
a
question
that
you
should
maybe
should
be
for
Ascot
or
any
other
sunless
part
more
than
me.
Obviously,
should
section
she's,
not
one
confirmation
methods,
identifiers
also
refer
to
the
ones
in
section
8
ball
one.
This
was
one
of
your
yeah
comments
regime.
So
if
you
want
to
provide
more
information,
I.
E
C
D
I
have
had
similar
thing,
but
obviously
the
location
would
be
an
uri
naming
the
tipple
8rp
element
both
are
very
similar
in
the
format,
but
we
need
both
of
them
because
of
the
semantics
of
the
own
name.
We
need
one
is
describing
on
LED
and
the
other
one
is
describing
an
RP.
This
is
similar
of
what
already
exists
for
the
web
single
sign-on
profiles
in
salmon.
D
Next-
and
this
was
my
proposal
to
name
triple-a
entities
juicing
on
you
are
I
which
some
didn't
like
it
was
a
well
in
Rogers.
We
have
three
different
possibilities:
name
on
RP,
the
first
one
is
using
the
IP
address.
The
second
one
is
using
the
dance
identifier
attribute,
and
the
third
one
is
using.
The
four
attributes
described
in
RFC
7055,
so
I
define
a
uri
for
each
one
of
them,
which
this
is
specific
format
and
the
last
part
of
the
uri
would
be
the
actual
value
of
the
identifier
for
the
tubular
entity.
For
the
IEP.
D
D
F
So
hi
Sam
Harmon,
first
of
all,
I'd
like
to
say
great,
a
real
heartfelt
thanks
to
to
Alejandro
for
moving
this
forward.
This
has
been
stuck
for
at
least
a
year.
I
think,
if
not
longer
and
no
well,
no,
that's
no,
that's
not
quite
true
like,
but
but
basically
maybe
around
six
hundred
days
or
so,
and
this
is
basically
the
kind
of
concrete
proposal
we
need
to
make
it
move
it
forward.
What
I
propose
that
we
do
to
focus?
F
This
discussion
is
first
like
there's
the
whole
question
of
whether
we
can
define
a
radius
uri,
but
I'd
like
to
defer
that
for
a
little
bit
and
basically
talk
about
kind
of
the
structure
of
the
metadata
and
stuff
and
basically,
let's
ignore
the
process,
issues
surrounding
registering
a
radius
uri.
If
we
could
do
this
what's
on
the
screen
there
now
in
the
example,
would
we
be
happy
with
it?
F
I
like
to
answer
that
question
first,
because
I
think
it's
going
to
be
easier
and
if
the
answer
is
yes,
then
we
can
focus
on
the
process
nitty
gritty
details,
but
we
basically
know
we
have
a
solution
and
we're
just
dealing
with
process
mess,
but
basically
like
comments
from
Reese
llave.
Basically,
people
who
know
sam'l
metadata
and
is
like
is
this.
Basically,
what
we're
trying
to
do
is
this
basically
good.
B
D
B
B
F
B
B
B
F
Speaking
if
we
try
and
register
a
radius
uri
scheme,
it's
going
to
be
a
lot
of
work.
If
we
try
and
register
a
radius
uri
schema
that
doesn't
actually
involve
like
the
hostname
or
IP
address,
or
port
of
a
radius
server,
it's
going
to
raise
some
eyebrows
a
lot,
so
my
only
issue
is
one
a
process.
Basically,
I
think
if
we
do
it,
this
way
we're
going
to
get
get
some.
F
It
will
be
hard
to
get
this
document
published
and
we
will
get
to
talk
to
the
apps
community
a
lot
more
than
then.
We
wanted
to
and
move
it
to
talk
for
a
text
a
lot
more
than
we
want
to
so
I
understand
that
location
is
a
mandatory
attribute
in
a
this,
isn't
in
an
endpoint
right,
mm-hmm!
Okay,
can
we
add
extra
attributes.
F
Yeah,
basically,
what
I'm
hoping
we
can
do
is
specify
a
placeholder
URI
that
we
for
today
that
basically
has
no
we're
not
telling
you
how
to
get
there,
but
that
if
there's
a
radius
you
are
I
defined
in
the
future.
We
could
replace
it
with
and
then
just
put
this
in
other
attributes,
like
I
mean
basically,
we
can
have
our
urm
for
no
really,
you
don't
need
to
know.
F
F
F
B
F
Yeah
base
well,
basically
that
gets
us
out
of
defining
a
new
uri
on
and
oh,
the
other
thing
it
allows
us
to
do
is
in
the
future.
If
we
ever,
we
actually
do
want
to
tell
you
where
the
radius
server
is
like.
If
someone
comes
up
with
the
use
case
where
they
actually,
you
know
like
want
to
give
you
what
to
do
this
with
some
sort
of
rat
sack
thing.
If
they
define
that
you
are
I,
then
they
can
actually
stick
it
in
the
location
field
like
sam'l
intended
all.
F
F
B
F
No
I
do
because
the
location,
because
it's
not
the
location
that
we
care
about
for
this
finding,
what
we
care
about
is
the
naming
information
right.
We
actually
care
about
the
triple
a
name
in
the
reason
we
want
to
define.
This
in
point
is
not
because
we
want
to
specify
the
location
because,
again
in
his
proposal,
we
don't
actually
have
a
location
in
the
UI.
Well,.
B
D
B
You're,
you
know
think
you're
right,
you
define
your
own
typically
I
mean
I
DPSS,
Oh
descriptor,
for
instance,
you
see
us
sort
of
the
base
stuff,
signature,
extensions,
yada,
yada
and
then,
after
that,
you
define
that
if
it
defines
its
own
set
of
things
that
it
needs-
and
in
this
case
it
then
it
shouldn't,
be
an
end
point.
It
should
be
something
else.
Would.
F
E
B
B
B
Yeah,
it
was
in
our
charter,
it
it's
in
our
children
through
that.
So
you
know
we're,
so
somebody
want
I
actually
want
to
get
a
volunteer.
You
think
I'm
alejandra
do
you
have?
Are
you
already
in
the
sstc
in
the
Oasis
you're?
Not
there
does
anybody
I
mean
I
have
I'm
normally
in
the
group,
but
I
have
never
sort
of
spent
any
resources
and
I
shouldn't
really
be
pushing
the
draft,
but
somebody
else
who
already
have
presence
in
the
sstc
be
willing
to
help
alejandro
this.
B
B
A
B
A
C
A
B
A
A
A
A
A
A
A
B
B
B
I
was
actually
going
to
mention
a
femoral
King
and
that's
so
we
have
sort
of
two
things
that
have
come
up
during
deployment.
One
of
them
is
ephemeral,
King.
The
other
is
Colonel
delegation,
and
you
know
if
I
mean
there
still
seems
to
be
active
work
in
this
field,
and
it
would
be
a
shame
not
to
sort
of
pursue
and
finalize
some
of
this
stuff.
B
B
B
B
I
wait.
We
promise
we
promise.
I
will
never
do
this
again,
but
so
what
we're
looking
at
I
think
then
it's
an
agreement
to
make
sure
that
by
by
Oklahoma
we
have
all
it's
all.
It's
a
clean
rights,
clean
slate
everything's
well
through
the
it
should
be
through
the
RC
editors,
cubed
and
I
on
there's
no
reason
for
us
not
to
be
finished
with
our
current
work
by
your
karma
and
and
I'm
not
sure
if
there
is
enough
people
actually
coming
to
your
karma
to
have
a
meeting
there
there.
B
B
B
C
F
C
B
A
C
C
Over
the
course
of
the
last
six
months,
or
so,
if
I
finish,
take
a
plug-in
or
an
extension
for
chrome
and
for
Firefox
that
allows
you
communicates
with
a
Apache
module
which
we've
written,
that
does
GSS
authentication
through
a
Web
API
sort
web
web
calls.
So
we
actually
have
a
full
and
it's
that
context,
a
roundtrip
a
full
a
month
series
of
round
trips
through
the
GSS
that
pull
up
the
moonshot
identity.
Selector.
D
F
Apache
module
makes
the
GSS
context
available
to
the
Apache
request,
so
any
other
Apache
module
can
do
whatever
it
wants
in
terms
of
GSS.
We
would
love
to
take
get
a
patch
from
someone
to
export
the
attributes
to
their
environment
variables
or
you
know,
another
I
mean
that
would
be
really
awesome
or
another
way
to
do.
This
might
be
to
integrate
into
ship,
but
basically
does
not
do
it
today
we
would
love
to
get
to
it.
It's
an
open
source
project.
If
anyone
gets
to
it
sooner
than
it'll
get
done
sooner.