Brian,
Can you please setup the two following votes for the membership?
Thanks,
--David
Begin forwarded message:
From: David Recordon <[email protected]>
Date: February 1, 2009 11:02:15 AM GMT+13:00
To: [email protected]
Subject: RECOMMENDED: Proposal to create the Contract Exchange
Extension working group
The Specifications Council recommends that the Foundation members
approve the creation of the Contract Exchange Extension working
group (http://openid.net/pipermail/specs-council/2009-January/000110.html
), as proposed below and found at http://wiki.openid.net/Working_Groups%3AContract_Exchange_1
.
If you are a member of the OpenID Foundation, you'll be able to
login and vote on the creation of this new working group after this
14-day notice period. The vote thus will be from Wednesday Saturday
14th through Saturday February 21st. All votes are held in US
Pacific Time.
--David
_______________________________________________
specs mailing list
[email protected]
http://openid.net/mailman/listinfo/specs
Begin forwarded message:
From: David Recordon <[email protected]>
Date: February 1, 2009 11:03:02 AM GMT+13:00
To: OpenID Specs Mailing List <[email protected]>
Subject: Re: RECOMMENDED: Proposal to create the OpenID and OAuth
Hybrid Extension working group
Unless there are any objections, I will change this voting period to
match that of the CX working group where the vote will open Saturday
February 14th.
--David
----- "David Recordon" <[email protected]> wrote:
> The Specifications Council recommends that the Foundation members
approve the creation of the OpenID and OAuth Hybrid Extension
working group (http://openid.net/pipermail/specs-council/2009-January/000099.html
), as proposed below and found at http://wiki.openid.net/OpenID-and-OAuth-Hybrid-Extension
.
>
>
If you are a member of the OpenID Foundation, you'll be able to
login and vote on the creation of this new working group after this
14-day notice period. The vote thus will be from Wednesday February
11th through Wednesday February 18th. All votes are held in US
Pacific Time.
>
--David
>
>
Background Information
OpenID has always been focused on how to enable user-authentication
within the browser. Over the last year, OAuth has been developed to
allow authorization either from within a browser, desktop software,
or mobile devices. Obviously there has been interest in using OpenID
and OAuth together allowing a user to share their identity as well
as grant a Relying Party access to an OAuth protected resource in a
single step. A small group of people have been working on developing
an extension to OpenID which makes this possible in a collaborative
fashion within http://code.google.com/p/step2/. This small project
includes a draft spec and Open Source implementations which the
proposers would like to finalize within the OpenID Foundation.
>
Working Group Name
OpenID OAuth Hybrid Working Group
>
Purpose
Produce a standard OpenID extension to the OpenID Authentication
protocol that provides a mechanism to embed an OAuth approval
request into an OpenID authentication request to permit combined
user approval. The extension addresses the use case where the OpenID
Provider and OAuth Service Provider are the same service. To provide
good user experience, it is important to present a combined
authentication and authorization screen for the two protocols.
>
Scope
The proposed work is as follows:
>
* Extend the OpenID authentication request/response and the
assertion verification mechanism, to embed an OAuth approval request
into an OpenID authentication request. Assuming the OpenID Provider
and OAuth Service Provider are the same service.
* Insulation of each protocol from the other, both for backwards
compatibility as well as to enable OpenID and OAuth to evolve and
incorporate additional features without requiring reviews of the
combined usage. Especially, to allow future support for unregistered
OAuth consumers.
* Security analysis and best practices
>
Out of scope
>
* The OpenID extension does not define an unregistered OAuth
consumers mode, but instead ensures that such support would be
possible by protocol insulation. The unregistered consumers mode
should be defined separately in the OAuth specifications.
>
Anticipated Contributions
Finalize the OpenID OAuth Extension spec (http://step2.googlecode.com/svn/spec/openid_oauth_extension/drafts/0/openid_oauth_extension.html
) as an official OpenID Extension.
>
Proposed List of Specifications
OpenID OAuth Extension 1.0. Specification completion by Q1 2009.
>
Anticipated audience or users of the work
* OpenID Providers and Relying Parties
* OAuth Consumers and Service Providers
* Implementers of OpenID Providers and Relying Parties
>
Language in which the WG will conduct business
English.
>
Method of work
E-mail discussions on the working group mailing list and working
group conference calls.
>
Basis for determining when the work of the WG is completed
The work will be completed once it is apparent that maximal
consensus on the protocol proposal has been achieved within the
working group, consistent with the purpose and scope.
>
Proposers
* Ben Laurie, [email protected], Google
* Breno de Medeiros, [email protected], Google
* David Recordon, [email protected], Six Apart
* Dirk Balfanz, [email protected], Google
* Joseph Smarr, [email protected], Plaxo
* Yariv Adan, [email protected], Google
* Allen Tom, [email protected] , Yahoo
* Josh Hoyt, [email protected] , JanRain
>
Initial Editors
* Dirk Balfanz, [email protected], Google
* Breno de Medeiros, [email protected], Google
>
> _______________________________________________ specs mailing list [email protected]
http://openid.net/mailman/listinfo/specs
_______________________________________________
specs mailing list
[email protected]
http://openid.net/mailman/listinfo/specs
_______________________________________________
board mailing list
[email protected]
http://openid.net/mailman/listinfo/board
