PAPE Approved as an OpenID Specification
As announced on OpenID.nethttp://openid.net/2008/12/31/pape-approved-as-an-openid-specification/, PAPE has been approved by the OpenID Foundation membership as an OpenID specification. This is significant both because it completes the development of the first specification under the OpenID IPR Process and because of the security improvements that it will enable. I'd like to take this opportunity to thank my fellow working group members for getting us to this point, and especially David Recordon who got the ball rolling on PAPE last year. My personal perspectives on the promise of PAPE are at http://self-issued.info/?p=98. As I wrote there, the real value will come when PAPE is widely deployed an phishing-resistant authentication is widespread and commonplace. Let the deployments begin! -- Mike ___ specs mailing list specs@openid.net http://openid.net/mailman/listinfo/specs
RE: Request for consideration of Working Group Charter Proposal
To be clear, once this proposal has stopped changing, the proposers will need to send a version in an e-mail message to the specs list asking that the working group be created. The reason it needs to be in e-mail rather than on the wiki is that the archived version of the e-mail won't change, whereas the wiki can. Although I agree that *developing* charters on the wiki is a fine idea. Cheers, -- Mike -Original Message- From: specs-boun...@openid.net [mailto:specs-boun...@openid.net] On Behalf Of Breno de Medeiros Sent: Tuesday, December 23, 2008 12:33 PM To: Allen Tom Cc: mgra...@janrain.com; OpenID Specs Mailing List; Dick Hardt; hd...@ic-tact.co.jp Subject: Re: Request for consideration of Working Group Charter Proposal Yes, that is what I had in mind. Feel free to edit the wiki directly. On Tue, Dec 23, 2008 at 12:08 PM, Allen Tom a...@yahoo-inc.com wrote: Hi Nat - I'm not quite sure what you mean by class. Breno, Dick, Eran, and I had a conversation about AX earlier this month where discussed the ability for AX to define objects or collections of attributes, as opposed to just simple key/value pairs. Is this what you're referring to? If so, then this should be in scope. Allen Nat Sakimura wrote: +1 but where does the class in the earlier post of mine fits into in the scope? On Sat, Dec 20, 2008 at 6:16 AM, Breno de Medeiros br...@google.com wrote: siiigh. That is what senility feels like. On Fri, Dec 19, 2008 at 12:39 PM, Allen Tom a...@yahoo-inc.com wrote: +1, but I don't know who this Tom Allen is. Allen Breno de Medeiros wrote: Attribute Exchange (1.0), and Simple Registration. II. Initial Membership * Tom Allen, a...@yahoo-inc.com. Yahoo! Inc (editor) * Mike Graves, mgra...@janrain.com, JanRain, Inc. * Dick Hardt, d...@skip.com. Sxip Identity. * Breno de Medeiros, br...@google.com. Google, Inc. (editor) * Hideki Nara, hd...@ic-tact.co.jp, Tact Communications * Nat Sakimura, n-sakim...@nri.co.jp (editor) -- --Breno +1 (650) 214-1007 desk +1 (408) 212-0135 (Grand Central) MTV-41-3 : 383-A PST (GMT-8) / PDT(GMT-7) ___ specs mailing list specs@openid.net http://openid.net/mailman/listinfo/specs -- Nat Sakimura (=nat) http://www.sakimura.org/en/ -- --Breno +1 (650) 214-1007 desk +1 (408) 212-0135 (Grand Central) MTV-41-3 : 383-A PST (GMT-8) / PDT(GMT-7) ___ specs mailing list specs@openid.net http://openid.net/mailman/listinfo/specs ___ specs mailing list specs@openid.net http://openid.net/mailman/listinfo/specs
Member Vote to Approve the PAPE Specification
As announced at http://openid.net/2008/12/22/member-vote-to-approve-the-pape-specification/, the member vote to approve the PAPE specification as an OpenID standard is now under way. Visit https://openid.net/foundation/members/polls/2 to vote between now and December 29th. If approved, this will be the first specification to be completed under the IPR Policy and Procedures of the OpenID Foundation - a significant milestone for the OpenID community. -- Mike ___ specs mailing list specs@openid.net http://openid.net/mailman/listinfo/specs
Proposal to form Discovery Working Group
Can you add a clear statement to the draft charter that implementations already using Yadis will remain compatible with the output of this working group, since, as I understand it, XRDS-Simple is intended to be compatible with Yadis? Or is backwards-compatibility with existing OpenID 2.0 implementations not a goal of this work? -- Mike -Original Message- From: specs-boun...@openid.net [mailto:specs-boun...@openid.net] On Behalf Of Breno de Medeiros Sent: Thursday, December 18, 2008 6:14 PM To: OpenID Specs Mailing List Cc: David Recordon; Brian Eaton; Johannes Ernst Subject: Proposal to form Working Group I would like to submit the following proposal for a working group charter (also available at http://wiki.openid.net/Working_Groups:Discovery): Services and Metadata Discovery Coordination Working Group (Discovery) Charter Proposal In accordance with the OpenID Foundation IPR policies and procedures this note proposes the formation of a new working group chartered to produce an OpenID specification. As per Section 4.1 of the Policies, the proposed charter is below (still liable to change during this feedback period). I. Name Services and Metadata Discovery Coordination Working Group (Discovery) II. Statement of Purpose Produce a document describing the OpenID discovery workflow, updating the current mechanism to describe how to use OASIS specifications for discovery, to be drafted by the OASIS XRI TC. The intention is that the document will be incorporated as part of some future version of the OpenID Authentication spec. III. Scope Produce a document describing the use of OASIS discovery specifications as formulated by the OASIS XRI TC, for normative application by all other OpenID specifications. Produce a document describing the recommended migration of services discovery from the Yadis 1.0 specification to the discovery specifications currently being developed by the OASIS XRI TC. All types of identifiers addressed by OASIS XRI TC discovery (XRD 1.0) are within scope of this WG. Publish a list of service and resource types supported by the discovery mechanism. IV. Specifications OpenID Discovery, including a sub-spec for Trusted OpenID Discovery, and a best-practices guidance document for migration. V. Anticipated audience All those interested in the OpenID specifications. VI. Language of business English. VII. Method of work Mailing list discussion. Posting of intermediate drafts in the OpenID Wiki. Virtual conferencing on an ad-hoc basis. VIII. Basis for completion of the activity The discovery document is final and all deliverables have been incorporated into the OpenID Authentication spec, perhaps by reference. Background Information I. Related Work XRD 1.0 spec, being drafted by the OASIS XRI TC. II. Initial Membership * Brian Eaton, bea...@google.com, Google, Inc. * Johannes Ernst, jer...@netmesh.us, NetMesh. (editor) * Eran Hammer-Lahav, e...@hueniverse.com, Yahoo! Inc. * Breno de Medeiros, br...@google.com, Google, Inc. (editor) * David Recordon, da...@sixapart.com, Six Apart Ltd. * Drummond Reed, drummond.r...@cordance.net, Cordance * Nat Sakimura, n-sakim...@nri.co.jp, NRI -- --Breno +1 (650) 214-1007 desk +1 (408) 212-0135 (Grand Central) MTV-41-3 : 383-A PST (GMT-8) / PDT(GMT-7) ___ specs mailing list specs@openid.net http://openid.net/mailman/listinfo/specs ___ specs mailing list specs@openid.net http://openid.net/mailman/listinfo/specs
Request for consideration of AX 2.0 Working Group Charter Proposal
Can you add a clear statement to the draft charter that implementations already using AX 1.0 will remain compatible with the output of this working group? Or is backwards-compatibility with existing AX implementations not a goal of this work? -- Mike -Original Message- From: specs-boun...@openid.net [mailto:specs-boun...@openid.net] On Behalf Of Breno de Medeiros Sent: Thursday, December 18, 2008 6:18 PM To: OpenID Specs Mailing List Cc: d...@skip.com; hd...@ic-tact.co.jp; mgra...@janrain.com Subject: Request for consideration of Working Group Charter Proposal I would like to submit the following proposal for a new Working Group charter to your consideration, following the OpenID IPR process: The proposal charter is also available at: http://wiki.openid.net/Working_Groups:AX_2.0 OpenID Attribute Exchange 2.0 Working Group (AX 2.0) Charter Proposal In accordance with the OpenID Foundation IPR policies and procedures this note proposes the formation of a new working group chartered to produce an OpenID specification. As per Section 4.1 of the Policies, the proposed charter is below (still liable to change during this feedback period). I. Name Attribute Exchange Extension Working Group (AX) II. Statement of Purpose Produce an updated version of the Attribute Exchange Extension. III. Scope Update the Attribute Exchange Extension to include support for identified needs. Currently identified needs: * Provide mechanisms for RP to require, and the OP to assert, claims about the quality of the attributes. * Create an extensible registry of claim types, such as axschema.org for attribute types. The registry should also provide non-normative guidance on how claims can be validated, which will depend on the nature of attribute type as well as claim type. * Introduce a new request/response mode which, unlike fetch and store, allows for both transmittal of some values and request of others. The transmittal not necessarily has the significance of a store request (could be informative, or for requesting validation). * Introduce a direct communication method in both directions (OP-RP), supported via discovery, for bulk exchange of attributes about (potentially) multiple users. IV. Specifications OpenID Attribute Exchange 2.0 V. Anticipated audience All those interested in the obtaining attributes about users authenticated via OpenID. VI. Language of business English. VII. Method of work Mailing list discussion. Posting of intermediate drafts in the OpenID Wiki. Virtual conferencing on an ad-hoc basis. VIII. Basis for completion of the activity The Attribute Exchange 2.0 spec final draft is delivered and the form of management and maintenance of the registry is established. Background Information I. Related Work Attribute Exchange (1.0), and Simple Registration. II. Initial Membership * Tom Allen, a...@yahoo-inc.com. Yahoo! Inc (editor) * Mike Graves, mgra...@janrain.com, JanRain, Inc. * Dick Hardt, d...@skip.com. Sxip Identity. * Breno de Medeiros, br...@google.com. Google, Inc. (editor) * Hideki Nara, hd...@ic-tact.co.jp, Tact Communications * Nat Sakimura, n-sakim...@nri.co.jp (editor) -- --Breno +1 (650) 214-1007 desk +1 (408) 212-0135 (Grand Central) MTV-41-3 : 383-A PST (GMT-8) / PDT(GMT-7) ___ specs mailing list specs@openid.net http://openid.net/mailman/listinfo/specs ___ specs mailing list specs@openid.net http://openid.net/mailman/listinfo/specs
RE: [OpenID board] Please process the WG proposals on the table (WAS The Specs Council and Process)
I have to agree with Nat. The real problem here, as I see it, is that the current specs council members appear to be reluctant to actually fulfill their duties for timely review of specification proposals. David or Scott, can you please create the (publicly readable) specs-coun...@openid.netmailto:specs-coun...@openid.net list so we can get on with this discussion and unblock the process? If we're going to change the process at all, in my view, it would be to make it clear that if the specs council hasn't acted within N days of a formal proposal, that the proposal can proceed to a membership vote without the specs council having rendered an opinion. I would suggest that the new board take up a proposal along those lines. The specs council held up creation of the PAPE working group by multiple months earlier this year. It's doing the same thing with the current proposals. As I see it, the specs council members should either commit to timely fulfillment of their duties, or resign, allowing members to be appointed who will respond in a timely fashion. The current specs council members are listed at http://wiki.openid.net/OpenID_Foundation/SC and are Johnny Bufu, Brad Fitzpatrick, Dick Hardt, Josh Hoyt, David Recordon, Allen Tom, and myself. Thanks, -- Mike From: board-boun...@openid.net [mailto:board-boun...@openid.net] On Behalf Of Nat Sakimura Sent: Wednesday, December 17, 2008 4:46 PM To: da...@sixapart.com; OpenID Specs Mailing List; Dick Hardt; Allen Tom; Josh Hoyt Cc: bo...@openid.net Subject: [OpenID board] Please process the WG proposals on the table (WAS The Specs Council and Process) Well. Very good discussion. I am glad that I started the original thread. At the same time, I would like the spec council to issue overdue recommendations, especially for Contract Exchange. It has been sitting there for a long time now. (By now, the actual works should have started.) As I believe, though the scope may seems a bit wide, the WG scope being wider than what it really needs to is not a bad thing. WG can always narrow the scope without any IPR consideration, but it is virtually impossible to widen the scope afterwards. =nat -- Nat Sakimura (=nat) http://www.sakimura.org/en/ ___ specs mailing list specs@openid.net http://openid.net/mailman/listinfo/specs
Notice of vote on the proposal to create the PAPE working group
In accordance with the OpenID Foundation IPR policies and procedureshttp://openid.net/foundation/intellectual-property/, this message notifies OpenID Foundation members that a vote that will be held on the creation of the PAPE working group between noon Friday, June 6th US Pacific Time and noon Friday, June 13th US Pacific Time. The proposal to create the working group is available at http://openid.net/pipermail/specs/2008-May/002323.html. The specifications council report on the creation of the working group is available at http://openid.net/pipermail/specs/2008-May/002326.html. Members of the Foundation can vote during that time interval by sending a message to [EMAIL PROTECTED]mailto:[EMAIL PROTECTED] with the subject line PAPE Vote and one of the sentences I vote for the creation of the PAPE working group, I vote against the creation of the PAPE working group, or I abstain in the vote about the creation of the PAPE working group in the body of the message. (The [EMAIL PROTECTED]mailto:[EMAIL PROTECTED] list is for voting only and can not be used for asking questions or discussion. Discussion can occur on the [EMAIL PROTECTED]mailto:[EMAIL PROTECTED] list.) (The rest of this note is informational and not part of the notification of the vote to create the PAPE working group.) Given that the OpenID specification procedures call for votes of the membership, this would be a good time for those wanting to influence the outcome of this specification to join the OpenID Foundation. You can do so at http://openid.net/foundation/join/. Should you wish to join the working group, you will also need to execute the Contribution Agreement at http://openid.net/foundation/intellectual-property/ once the working group formation has been approved by the membership. -- Mike ___ specs mailing list specs@openid.net http://openid.net/mailman/listinfo/specs
RE: Proposal to create the PAPE working group
This message is being sent to revise the proposal to create the PAPE working group, changing only one word, so that the projected completion date is July 2008, rather than May 2008. The complete text of the revised proposal follows. --- Mike In accordance with the OpenID Foundation IPR policies and procedureshttp://openid.net/foundation/intellectual-property/ this note proposes the formation of a new working group chartered to produce an OpenID specification. As per Section 4.1 of the Policies, the specifics of the proposed working group are: Proposal: (a) Charter. (i) WG name: Provider Authentication Policy Extension (PAPE) (ii) Purpose: Produce a standard OpenID extension to the OpenID Authentication protocol that: provides a mechanism by which a Relying Party can request that particular authentication policies be applied by the OpenID Provider when authenticating an End User and provides a mechanism by which an OpenID Provider may inform a Relying Party which authentication policies were used. Thus a Relying Party can request that the End User authenticate, for example, using a phishing-resistant and/or multi-factor authentication method. (iii) Scope: Produce a revision of the PAPE 1.0 Draft 2 specification that clarifies its intent, while maintaining compatibility for existing Draft 2 implementations. Adding any support for communicating requests for or the use of specific authentication methods (as opposed to authentication policies) is explicitly out of scope. (iv) Proposed List of Specifications: Provider Authentication Policy Extension 1.0, spec completion expected during July 2008. (v) Anticipated audience or users of the work: Implementers of OpenID Providers and Relying Parties – especially those interested in mitigating the phishing vulnerabilities of logging into OpenID providers with passwords. (vi) Language in which the WG will conduct business: English. (vii) Method of work: E-mail discussions on the working group mailing list, working group conference calls, and possibly a face-to-face meeting at the Internet Identity Workshop. (viii) Basis for determining when the work of the WG is completed: Proposed changes to draft 2 will be evaluated on the basis of whether they increase or decrease consensus within the working group. The work will be completed once it is apparent that maximal consensus on the draft has been achieved, consistent with the purpose and scope. (b) Background Information. (i) Related work being done in other WGs or organizations: (1) Assurance Levels as defined by the National Institute of Standards and Technology (NIST) in Special Publication 800-63 (Burr, W., Dodson, D., and W. Polk, Ed., “Electronic Authentication Guideline,” April 2006.) [NIST_SP800‑63]. This working group is needed to enable authentication policy statements to be exchanged by OpenID endpoints. No coordination is needed with NIST, as the PAPE specification uses elements of the NIST specification in the intended fashion. (ii) Proposers: Michael B. Jones, [EMAIL PROTECTED]mailto:[EMAIL PROTECTED], Microsoft Corporation David Recordon, [EMAIL PROTECTED]mailto:[EMAIL PROTECTED], Six Apart Corporation Ben Laurie, [EMAIL PROTECTED]mailto:[EMAIL PROTECTED], Google Corporation Drummond Reed, [EMAIL PROTECTED]mailto:[EMAIL PROTECTED], Cordance Corporation John Bradley, [EMAIL PROTECTED]mailto:[EMAIL PROTECTED], Wingaa Corporation Johnny Bufu, [EMAIL PROTECTED]mailto:[EMAIL PROTECTED], Independent Dick Hardt, [EMAIL PROTECTED]mailto:[EMAIL PROTECTED], Sxip Identity Corporation Editors: Michael B. Jones, [EMAIL PROTECTED]mailto:[EMAIL PROTECTED], Microsoft Corporation David Recordon, [EMAIL PROTECTED]mailto:[EMAIL PROTECTED], Six Apart Corporation (iii) Anticipated Contributions: None. ___ specs mailing list specs@openid.net http://openid.net/mailman/listinfo/specs
RE: Proposal to create the PAPE working group
The next steps will be: - notification of an upcoming vote by the membership on the creation of the working group - assuming that vote passes, the working group is created - OIDF members can join the working group by signing the IPR contribution document specifying that group - The working group does its work - The working group recommends a draft to the membership for approval as an implementer's draft or final specification - The members vote - If the vote passes, the implementers draft or specification is approved Voting instructions are planned to go out tomorrow. -- Mike -Original Message- From: Nat Sakimura [mailto:[EMAIL PROTECTED] Sent: Thursday, May 22, 2008 5:55 PM To: Mike Jones Cc: specs@openid.net Subject: Re: Proposal to create the PAPE working group Perhaps you could explain to the list what the process will be after this, such as: 1) Specification Council to approved PAPA WG. 2) Call for Participation ... etc. IMHO, that will help the community to understand the process a lot. By the way, I plan to respond to 2) above. I could have been a proposer of the WG, but to debug the process, somebody has to do the role of responder to the call for participation, so... :-) =nat 2008/5/23 Mike Jones [EMAIL PROTECTED]: This message is being sent to revise the proposal to create the PAPE working group, changing only one word, so that the projected completion date is July 2008, rather than May 2008. The complete text of the revised proposal follows. --- Mike In accordance with the OpenID Foundation IPR policies and procedures this note proposes the formation of a new working group chartered to produce an OpenID specification. As per Section 4.1 of the Policies, the specifics of the proposed working group are: Proposal: (a) Charter. (i) WG name: Provider Authentication Policy Extension (PAPE) (ii) Purpose: Produce a standard OpenID extension to the OpenID Authentication protocol that: provides a mechanism by which a Relying Party can request that particular authentication policies be applied by the OpenID Provider when authenticating an End User and provides a mechanism by which an OpenID Provider may inform a Relying Party which authentication policies were used. Thus a Relying Party can request that the End User authenticate, for example, using a phishing-resistant and/or multi-factor authentication method. (iii) Scope: Produce a revision of the PAPE 1.0 Draft 2 specification that clarifies its intent, while maintaining compatibility for existing Draft 2 implementations. Adding any support for communicating requests for or the use of specific authentication methods (as opposed to authentication policies) is explicitly out of scope. (iv) Proposed List of Specifications: Provider Authentication Policy Extension 1.0, spec completion expected during July 2008. (v) Anticipated audience or users of the work: Implementers of OpenID Providers and Relying Parties – especially those interested in mitigating the phishing vulnerabilities of logging into OpenID providers with passwords. (vi) Language in which the WG will conduct business: English. (vii) Method of work: E-mail discussions on the working group mailing list, working group conference calls, and possibly a face-to-face meeting at the Internet Identity Workshop. (viii) Basis for determining when the work of the WG is completed: Proposed changes to draft 2 will be evaluated on the basis of whether they increase or decrease consensus within the working group. The work will be completed once it is apparent that maximal consensus on the draft has been achieved, consistent with the purpose and scope. (b) Background Information. (i) Related work being done in other WGs or organizations: (1) Assurance Levels as defined by the National Institute of Standards and Technology (NIST) in Special Publication 800-63 (Burr, W., Dodson, D., and W. Polk, Ed., Electronic Authentication Guideline, April 2006.) [NIST_SP800‑63]. This working group is needed to enable authentication policy statements to be exchanged by OpenID endpoints. No coordination is needed with NIST, as the PAPE specification uses elements of the NIST specification in the intended fashion. (ii) Proposers: Michael B. Jones, [EMAIL PROTECTED], Microsoft Corporation David Recordon, [EMAIL PROTECTED], Six Apart Corporation Ben Laurie, [EMAIL PROTECTED], Google Corporation Drummond Reed, [EMAIL PROTECTED], Cordance Corporation John Bradley, [EMAIL PROTECTED