[OpenID board] Two Working Group Membership Votes Needed

David Recordon david at sixapart.com
Thu Feb 26 23:58:26 UTC 2009


Hey Brett,
Sorry it took so long getting your email to the list.  Responses  
inline...

--David

On Feb 21, 2009, at 7:33 AM, Brett McDowell wrote:

> Quick process questions regarding these charters.
>
> 1) The OpenID and OAuth Hybrid Extension Working Group charter doesn't
> include the same "Related work being done by other WGs or
> organizations" section that the "Contract Exchange Extension Working
> Group" charter has.  This that an oversight or intentional?  If it's
> intentional I'd ask the Board to consider including that section as a
> requirement in all future charters to help the members understand how
> new work being proposed relates to other work that's going on
> elsewhere or even in other OIDF WG's.  For example, it would be better
> for that section to be included and simply say "no related work going
> on anywhere else that we know of" then to simply omit the section
> altogether.

I think this is more of an oversight than anything.  Background  
information does include related work and I'd ask Allen to add it for  
reference.


> 2) The OAuth Hybrid Extension Working Group charter includes a
> reference to "This small project includes [...] Open Source
> implementations which the proposers would like to finalize within the
> OpenID Foundation".  Is that an editorial error?  Is the scope of the
> charter inclusive of both the specification and the code, or just the
> spec?  I didn't realize that OIDF was also an open source foundation
> with a CLA for open source development.

No, the working groups only produce specifications.  My reading of it  
is that the proposers wanted to provide additional information as  
background that they'll also be implementing the specification  
elsewhere.


> 3) Is there a recognized method for receiving comments on proposed
> charters... or am I doing precisely what I should do if I have
> comments or questions (take them to the Board mailing list)?  It might
> be easier for the members is this ability was built into the voting
> tool.

Most proposals, including this one, are first discussed on the specs at openid.net 
  mailing list before the proposers officially submit it to the Specs  
Council for their approval.  The Specs Council then has a fourteen day  
period to discuss the proposal and make their recommendation which is  
the second opportunity for anyone to provide feedback and involve  
themselves in the discussion.  We currently then have a seven day  
notification period before the membership vote.  So, the best time is  
before the WG proposal is finalized (by monitoring the  
specs at openid.net list) and/or during the Specs Council discussion.

>
> Thank you for your consideration of my process questions regarding the
> two proposed charters.
>
>
> Brett McDowell | +1.413.652.1248 | http://info.brettmcdowell.com
>
>
> On Fri, Feb 20, 2009 at 5:51 AM, Nat Sakimura <sakimura at gmail.com>  
> wrote:
>>
>> Thanks David!
>>
>> On 2/20/09, David Recordon <david at sixapart.com> wrote:
>>> I've just created these two membership votes.
>>>
>>> --David
>>>
>>> On Feb 16, 2009, at 5:52 PM, David Recordon wrote:
>>>
>>>> Brian,
>>>> Can you please setup the two following votes for the membership?
>>>>
>>>> Thanks,
>>>> --David
>>>>
>>>> Begin forwarded message:
>>>>
>>>>> From: David Recordon <david at sixapart.com>
>>>>> Date: February 1, 2009 11:02:15 AM GMT+13:00
>>>>> To: specs at openid.net
>>>>> Subject: RECOMMENDED: Proposal to create the Contract Exchange
>>>>> Extension working group
>>>>>
>>>>> The Specifications Council recommends that the Foundation members
>>>>> approve the creation of the Contract Exchange Extension working
>>>>> group (http://openid.net/pipermail/specs-council/2009-January/000110.html
>>>>>
>>>>> ), as proposed below and found at
>>>>> http://wiki.openid.net/Working_Groups%3AContract_Exchange_1
>>>>> .
>>>>>
>>>>> If you are a member of the OpenID Foundation, you'll be able to
>>>>> login and vote on the creation of this new working group after  
>>>>> this
>>>>> 14-day notice period.  The vote thus will be from Wednesday
>>>>> Saturday 14th through Saturday February 21st.  All votes are held
>>>>> in US Pacific Time.
>>>>>
>>>>> --David
>>>>> _______________________________________________
>>>>> specs mailing list
>>>>> specs at openid.net
>>>>> http://openid.net/mailman/listinfo/specs
>>>>
>>>> Begin forwarded message:
>>>>
>>>>> From: David Recordon <david at sixapart.com>
>>>>> Date: February 1, 2009 11:03:02 AM GMT+13:00
>>>>> To: OpenID Specs Mailing List <specs at openid.net>
>>>>> Subject: Re: RECOMMENDED: Proposal to create the OpenID and OAuth
>>>>> Hybrid Extension working group
>>>>>
>>>>> Unless there are any objections, I will change this voting period
>>>>> to match that of the CX working group where the vote will open
>>>>> Saturday February 14th.
>>>>>
>>>>> --David
>>>>>
>>>>> ----- "David Recordon" <david at sixapart.com> wrote:
>>>>>> The Specifications Council recommends that the Foundation members
>>>>> approve the creation of the OpenID and OAuth Hybrid Extension
>>>>> working group
>>>>> (http://openid.net/pipermail/specs-council/2009-January/ 
>>>>> 000099.html
>>>>> ), as proposed below and found at
>>>>> http://wiki.openid.net/OpenID-and-OAuth-Hybrid-Extension
>>>>> .
>>>>>>
>>>>>>
>>>>> If you are a member of the OpenID Foundation, you'll be able to
>>>>> login and vote on the creation of this new working group after  
>>>>> this
>>>>> 14-day notice period.  The vote thus will be from Wednesday
>>>>> February 11th through Wednesday February 18th.  All votes are held
>>>>> in US Pacific Time.
>>>>>
>>>>>>
>>>>> --David
>>>>>
>>>>>>
>>>>>
>>>>>>
>>>>> Background Information
>>>>> OpenID has always been focused on how to enable user- 
>>>>> authentication
>>>>> within the browser.  Over the last year, OAuth has been developed
>>>>> to allow authorization either from within a browser, desktop
>>>>> software, or mobile devices. Obviously there has been interest in
>>>>> using OpenID and OAuth together allowing a user to share their
>>>>> identity as well as grant a Relying Party access to an OAuth
>>>>> protected resource in a single step. A small group of people have
>>>>> been working on developing an extension to OpenID which makes this
>>>>> possible in a collaborative fashion within
>>>>> http://code.google.com/p/step2/
>>>>> . This small project includes a draft spec and Open Source
>>>>> implementations which the proposers would like to finalize within
>>>>> the OpenID Foundation.
>>>>>
>>>>>>
>>>>> Working Group Name
>>>>> OpenID OAuth Hybrid Working Group
>>>>>
>>>>>>
>>>>> Purpose
>>>>> Produce a standard OpenID extension to the OpenID Authentication
>>>>> protocol that provides a mechanism to embed an OAuth approval
>>>>> request into an OpenID authentication request to permit combined
>>>>> user approval. The extension addresses the use case where the
>>>>> OpenID Provider and OAuth Service Provider are the same service.  
>>>>> To
>>>>> provide good user experience, it is important to present a  
>>>>> combined
>>>>> authentication and authorization screen for the two protocols.
>>>>>
>>>>>>
>>>>> Scope
>>>>> The proposed work is as follows:
>>>>>
>>>>>>
>>>>>   * Extend the OpenID authentication request/response and the
>>>>> assertion verification mechanism, to embed an OAuth approval
>>>>> request into an OpenID authentication request. Assuming  the  
>>>>> OpenID
>>>>> Provider and OAuth Service Provider are the same service.
>>>>>   * Insulation of each protocol from the other, both for backwards
>>>>> compatibility as well as to enable OpenID and OAuth to evolve and
>>>>> incorporate additional features without requiring reviews of the
>>>>> combined usage. Especially, to allow future support for
>>>>> unregistered OAuth consumers.
>>>>>   * Security analysis and best practices
>>>>>
>>>>>>
>>>>> Out of scope
>>>>>
>>>>>>
>>>>>   * The OpenID extension does not define an unregistered OAuth
>>>>> consumers mode, but instead ensures that such support would be
>>>>> possible by protocol insulation. The unregistered consumers mode
>>>>> should be defined separately in the OAuth specifications.
>>>>>
>>>>>>
>>>>> Anticipated Contributions
>>>>> Finalize the OpenID OAuth Extension spec
>>>>> (http://step2.googlecode.com/svn/spec/openid_oauth_extension/drafts/0/openid_oauth_extension.html
>>>>>
>>>>> ) as an official OpenID Extension.
>>>>>
>>>>>>
>>>>> Proposed List of Specifications
>>>>> OpenID OAuth Extension 1.0. Specification completion by Q1 2009.
>>>>>
>>>>>>
>>>>> Anticipated audience or users of the work
>>>>>   * OpenID Providers and Relying Parties
>>>>>   * OAuth Consumers and Service Providers
>>>>>   * Implementers of OpenID Providers and Relying Parties
>>>>>
>>>>>>
>>>>> Language in which the WG will conduct business
>>>>> English.
>>>>>
>>>>>>
>>>>> Method of work
>>>>> E-mail discussions on the working group mailing list and working
>>>>> group conference calls.
>>>>>
>>>>>>
>>>>> Basis for determining when the work of the WG is completed
>>>>> The work will be completed once it is apparent that maximal
>>>>> consensus on the protocol proposal has been achieved within the
>>>>> working group, consistent with the purpose and scope.
>>>>>
>>>>>>
>>>>> Proposers
>>>>>   * Ben Laurie, benl at google.com, Google
>>>>>   * Breno de Medeiros, breno at google.com, Google
>>>>>   * David Recordon, drecordon at sixapart.com, Six Apart
>>>>>   * Dirk Balfanz, balfanz at google.com, Google
>>>>>   * Joseph Smarr, jsmarr at plaxo.com, Plaxo
>>>>>   * Yariv Adan, yariv at google.com, Google
>>>>>   * Allen Tom, atom at yahoo-inc.com , Yahoo
>>>>>   * Josh Hoyt, josh at janrain.com , JanRain
>>>>>
>>>>>>
>>>>> Initial Editors
>>>>>   * Dirk Balfanz, balfanz at google.com, Google
>>>>>   * Breno de Medeiros, breno at google.com, Google
>>>>>
>>>>>>
>>>>>
>>>>>> _______________________________________________ specs mailing
>>>>> list specs at openid.net http://openid.net/mailman/listinfo/specs
>>>>> _______________________________________________
>>>>> specs mailing list
>>>>> specs at openid.net
>>>>> http://openid.net/mailman/listinfo/specs
>>>>
>>>> _______________________________________________
>>>> board mailing list
>>>> board at openid.net
>>>> http://openid.net/mailman/listinfo/board
>>>
>>> _______________________________________________
>>> board mailing list
>>> board at openid.net
>>> http://openid.net/mailman/listinfo/board
>>>
>>
>>
>> --
>> Nat Sakimura (=nat)
>> http://www.sakimura.org/en/
>> _______________________________________________
>> board mailing list
>> board at openid.net
>> http://openid.net/mailman/listinfo/board
> _______________________________________________
> board mailing list
> board at openid.net
> http://openid.net/mailman/listinfo/board




More information about the board mailing list