Given that it's Friday at 8pm, I'll do my best to answer Dick's questions. Dick's assertion that the proposed Connect work group charter, "<span class="Apple-style-span" style="font-family: arial, sans-serif; font-size: 13px; border-collapse: collapse; ">is vague, wide ranging and heavily overlaps other working groups" certainly applies to the v.Next proposals as well.</span><div>
<span class="Apple-style-span" style="font-family: arial, sans-serif; font-size: 13px; border-collapse: collapse; "><br></span></div><div><span class="Apple-style-span" style="font-family: arial, sans-serif; font-size: 13px; border-collapse: collapse; ">The first sentence of the charter clearly states that the work group will be, "</span><span class="Apple-style-span" style="font-family: arial, sans-serif; font-size: 13px; border-collapse: collapse; ">complementing other active OpenID Foundation </span><span class="Apple-style-span" style="font-family: arial, sans-serif; font-size: 13px; border-collapse: collapse; ">Working Groups." If the Discovery work group becomes active and produces useful technology, it would certainly be adopted! To date no one in the OpenID Foundation has done technical work on discovery since OpenID 2.0 was finalized. It's thus reasonable for it to be in scope and later abandoned if all works out. If it is removed from the scope and the Discovery work group doesn't produce a working proposal, this work group 1) couldn't discuss discovery and 2) would have to be fully rechartered in order to work on discovery.</span></div>
<div><span class="Apple-style-span" style="font-family: arial, sans-serif; font-size: 13px; border-collapse: collapse; "><br></span></div><div><span class="Apple-style-span" style="font-family: arial, sans-serif; font-size: 13px; border-collapse: collapse; ">The goal of the charter is to help frame the problem the working group is going to solve; not answer all of the questions about how it will happen before the work group is even created.</span><div>
<font class="Apple-style-span" face="arial, sans-serif"><span class="Apple-style-span" style="border-collapse: collapse;"><br></span></font></div><div><font class="Apple-style-span" face="arial, sans-serif"><span class="Apple-style-span" style="border-collapse: collapse;">--David</span></font></div>
<div><font class="Apple-style-span" face="arial, sans-serif"><span class="Apple-style-span" style="border-collapse: collapse;"><br></span></font><br><div class="gmail_quote">On Fri, Jun 4, 2010 at 6:53 PM, Mike Jones <span dir="ltr"><<a href="mailto:Michael.Jones@microsoft.com">Michael.Jones@microsoft.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex;">
<div lang="EN-US" link="blue" vlink="purple" style="word-wrap:break-word">
<div>
<p class="MsoNormal"><span style="font-size:11.0pt;color:#1F497D">Per a thread on the specs council list, while I’m not opposed to a Connect working group, I do agree with Dick that we’d all probably be better off, if the
Connect proposers were to answer Dick’s questions intended to clarify the charter and how this work is intended to relate to other work, which he posed a while back. Could the proposers do that? It would go a long way towards keeping us all in sync.</span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;color:#1F497D"> </span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;color:#1F497D"> Thanks,</span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;color:#1F497D"> -- Mike</span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;color:#1F497D"> </span></p>
<div>
<div style="border:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt 0in 0in 0in">
<p class="MsoNormal"><b><span style="font-size:10.0pt">From:</span></b><span style="font-size:10.0pt"> <a href="mailto:openid-board-bounces@lists.openid.net" target="_blank">openid-board-bounces@lists.openid.net</a> [mailto:<a href="mailto:openid-board-bounces@lists.openid.net" target="_blank">openid-board-bounces@lists.openid.net</a>]
<b>On Behalf Of </b>Dick Hardt<br>
<b>Sent:</b> Friday, June 04, 2010 6:40 PM<br>
<b>To:</b> OpenID Board (public)<br>
<b>Subject:</b> [OpenID board] Fwd: [OIDFSC] Specs council status and work - POSSIBLE CALL TODAY</span></p>
</div>
</div><div><div></div><div class="h5">
<p class="MsoNormal"> </p>
<p class="MsoNormal">Per my reasons outlined below, I do not think the Connect Charter is appropriate for the OIDF.</p>
<div>
<p class="MsoNormal"> </p>
</div>
<div>
<p class="MsoNormal">With a narrowed scope and clearly language (which is likely what most people think it is) -- I would support this WG Charter.</p>
</div>
<div>
<p class="MsoNormal"> </p>
</div>
<div>
<p class="MsoNormal">-- Dick</p>
<div>
<p class="MsoNormal"> </p>
<div>
<p class="MsoNormal">Begin forwarded message:</p>
</div>
<p class="MsoNormal"><br>
<br>
</p>
<div>
<p class="MsoNormal"><b><span style="font-size:13.5pt">From:
</span></b><span style="font-size:13.5pt">Dick Hardt <<a href="mailto:dick.hardt@gmail.com" target="_blank">dick.hardt@gmail.com</a>></span></p>
</div>
<div>
<p class="MsoNormal"><b><span style="font-size:13.5pt">Date:
</span></b><span style="font-size:13.5pt">June 4, 2010 6:37:46 PM PDT</span></p>
</div>
<div>
<p class="MsoNormal"><b><span style="font-size:13.5pt">To:
</span></b><span style="font-size:13.5pt">Martin Atkins <<a href="mailto:mart@degeneration.co.uk" target="_blank">mart@degeneration.co.uk</a>></span></p>
</div>
<div>
<p class="MsoNormal"><b><span style="font-size:13.5pt">Cc:
</span></b><span style="font-size:13.5pt"><a href="mailto:openid-specs-council@lists.openid.net" target="_blank">openid-specs-council@lists.openid.net</a></span></p>
</div>
<div>
<p class="MsoNormal"><b><span style="font-size:13.5pt">Subject: Re: [OIDFSC] Specs council status and work - POSSIBLE CALL TODAY</span></b></p>
</div>
<p class="MsoNormal"> </p>
<div>
<p class="MsoNormal"> </p>
<div>
<div>
<p class="MsoNormal">On 2010-06-04, at 12:03 PM, Martin Atkins wrote:</p>
</div>
<p class="MsoNormal"><br>
<br>
</p>
<div>
<p class="MsoNormal">On 06/04/2010 11:52 AM, Dick Hardt wrote:<br>
<br>
</p>
<p class="MsoNormal"> </p>
<blockquote style="margin-top:5.0pt;margin-bottom:5.0pt">
<p class="MsoNormal">I asked a number of questions about Connect that I have not yet seen</p>
</blockquote>
<blockquote style="margin-top:5.0pt;margin-bottom:5.0pt">
<p class="MsoNormal">responses to. I think the issues need to be addressed or the proposal</p>
</blockquote>
<blockquote style="margin-top:5.0pt;margin-bottom:5.0pt">
<p class="MsoNormal">withdrawn.</p>
</blockquote>
<blockquote style="margin-top:5.0pt;margin-bottom:5.0pt">
<p class="MsoNormal"> </p>
</blockquote>
<p class="MsoNormal" style="margin-bottom:12.0pt"><br>
Does this mean you wish to reject the proposal on the grounds of reason (a) in the process document?:<br>
"an incomplete Proposal (i.e., failure to comply with section 4.1)"<br>
<br>
If so, it would be useful to know precisely which of the line items in section 4.1 you think are lacking so that the proposal can be revised effectively.<br>
<br>
>From some of your comments in the thread on the specs list, I guess you might instead be rejecting it on the grounds of reason (b):<br>
"a determination that the proposal contravenes the OpenID community's purpose"<br>
<br>
If that is the case, I would be interested to hear in what you believe the OpenID community's purpose to be in this context and how the Connect proposal deviates from it.</p>
</div>
<p class="MsoNormal"> </p>
</div>
<div>
<p class="MsoNormal">4.1 (a) and (b)</p>
</div>
<div>
<p class="MsoNormal"> </p>
</div>
<div>
<p class="MsoNormal">4.1(a) Incomplete: I emailed David asking for a number of clarifications on the scope and purpose. (I will forward that email to the list after I send this one for easy reference)</p>
</div>
<div>
<p class="MsoNormal"> </p>
</div>
<div>
<p class="MsoNormal">I have inserted other questions in the draft charter below.</p>
</div>
<div>
<p class="MsoNormal"> </p>
</div>
<div>
<p class="MsoNormal">4.1(b) The current mission of the OpenID Foundation as voted on two meetings ago was to solve the internet identity problem by building on top of OpenID technology. The stated purpose of Connect is "building on top of OAuth 2.0 ". While
this may be the right thing to do, it contravenes the OIDF Foundation's stated mission.</p>
</div>
<div>
<p class="MsoNormal"> </p>
</div>
<div>
<p class="MsoNormal">Additionally, the Connect WG overlaps with the Discovery, Core and User Experience WGs. It is the purpose of the Foundation to bring the community together to solve the issues together. </p>
</div>
<div>
<p class="MsoNormal"> </p>
</div>
<div>
<p class="MsoNormal">There are a number of aspects to Connect that are unique. If the scope is tightened up, the purpose clear, and it is described how this WG works with the other WGs, then we can move forward with this charter. For example, rather than doing
discovery in this WG, Connect should defer discovery to the Discovery WG.</p>
</div>
<div>
<p class="MsoNormal"> </p>
</div>
<div>
<p class="MsoNormal">As it is, this charter is vague, wide ranging and heavily overlaps other working groups.</p>
</div>
<div>
<p class="MsoNormal"> </p>
</div>
<div>
<p class="MsoNormal">-- Dick</p>
</div>
<div>
<p class="MsoNormal"> </p>
</div>
<div>
<p class="MsoNormal"> </p>
</div>
<blockquote style="margin-top:5.0pt;margin-bottom:5.0pt">
<div>
<blockquote style="margin-top:5.0pt;margin-bottom:5.0pt">
<p class="MsoNormal">1) Working Group name: Connect</p>
</blockquote>
<blockquote style="margin-top:5.0pt;margin-bottom:5.0pt">
<p class="MsoNormal"> </p>
</blockquote>
<blockquote style="margin-top:5.0pt;margin-bottom:5.0pt">
<p class="MsoNormal">2) Purpose: Develop a version of the OpenID protocol optimized for use</p>
</blockquote>
<blockquote style="margin-top:5.0pt;margin-bottom:5.0pt">
<p class="MsoNormal">on the web by building on top of OAuth 2.0 and discovery technologies</p>
</blockquote>
<blockquote style="margin-top:5.0pt;margin-bottom:5.0pt">
<p class="MsoNormal">such as host-meta while complementing other active OpenID Foundation</p>
</blockquote>
<blockquote style="margin-top:5.0pt;margin-bottom:5.0pt">
<p class="MsoNormal">Working Groups.</p>
</blockquote>
</div>
</blockquote>
<div>
<p class="MsoNormal"> </p>
</div>
<div>
<p class="MsoNormal">What will the protocol do? Will it do everything that OpenID 2.0 does? Is is a replacement for OpenID 2.0?</p>
</div>
<p class="MsoNormal"><br>
<br>
</p>
<div>
<blockquote style="margin-top:5.0pt;margin-bottom:5.0pt">
<p class="MsoNormal"> </p>
</blockquote>
<blockquote style="margin-top:5.0pt;margin-bottom:5.0pt">
<p class="MsoNormal">3) Scope:</p>
</blockquote>
<blockquote style="margin-top:5.0pt;margin-bottom:5.0pt">
<p class="MsoNormal">- Explore building on top of OAuth 2.0</p>
</blockquote>
<blockquote style="margin-top:5.0pt;margin-bottom:5.0pt">
<p class="MsoNormal">(<a href="http://wiki.oauth.net/OAuth-2.0" target="_blank">http://wiki.oauth.net/OAuth-2.0</a>) from the IETF for the user</p>
</blockquote>
<blockquote style="margin-top:5.0pt;margin-bottom:5.0pt">
<p class="MsoNormal">authorization flows and extension mechanism</p>
</blockquote>
</div>
<div>
<p class="MsoNormal"> </p>
</div>
<div>
<p class="MsoNormal">Is the WG going to explore OAuth 2.0 or build on top of it per the pupose?</p>
</div>
<p class="MsoNormal"><br>
<br>
</p>
<div>
<blockquote style="margin-top:5.0pt;margin-bottom:5.0pt">
<p class="MsoNormal">- Explore using the Web Host Metadata specification</p>
</blockquote>
<blockquote style="margin-top:5.0pt;margin-bottom:5.0pt">
<p class="MsoNormal">(<a href="http://tools.ietf.org/html/draft-hammer-hostmeta" target="_blank">http://tools.ietf.org/html/draft-hammer-hostmeta</a>) and Well Known URIs</p>
</blockquote>
<blockquote style="margin-top:5.0pt;margin-bottom:5.0pt">
<p class="MsoNormal">(<a href="http://tools.ietf.org/html/rfc5785" target="_blank">http://tools.ietf.org/html/rfc5785</a>) via SSL for discovery</p>
</blockquote>
</div>
<div>
<p class="MsoNormal"> </p>
</div>
<div>
<p class="MsoNormal">discovery of what? this is vague -- see explicit discovery capabilities in the Discovery WG. Why is this done in Connect and not just use the output of the Discovery WG?</p>
</div>
<p class="MsoNormal"><br>
<br>
</p>
<div>
<blockquote style="margin-top:5.0pt;margin-bottom:5.0pt">
<p class="MsoNormal">- Explore the ability for a rich client (such as a browser) to</p>
</blockquote>
<blockquote style="margin-top:5.0pt;margin-bottom:5.0pt">
<p class="MsoNormal">discover and interact with the website on the user's behalf</p>
</blockquote>
</div>
<div>
<p class="MsoNormal"> </p>
</div>
<div>
<p class="MsoNormal">I don't know what this means specifically. Is that not what a browser does today? It looks at the website, discovers things and interacts with it.</p>
</div>
<p class="MsoNormal"><br>
<br>
</p>
<div>
<blockquote style="margin-top:5.0pt;margin-bottom:5.0pt">
<p class="MsoNormal">- Explore making user identifiers OAuth 2.0 protected resources which</p>
</blockquote>
<blockquote style="margin-top:5.0pt;margin-bottom:5.0pt">
<p class="MsoNormal">return profile information and links to other API endpoints possibly</p>
</blockquote>
<blockquote style="margin-top:5.0pt;margin-bottom:5.0pt">
<p class="MsoNormal">using JRD (<a href="http://hueniverse.com/2010/05/jrd-the-other-resource-descriptor/" target="_blank">http://hueniverse.com/2010/05/jrd-the-other-resource-descriptor/</a>)</p>
</blockquote>
<blockquote style="margin-top:5.0pt;margin-bottom:5.0pt">
<p class="MsoNormal">assuming it is submitted to the IETF</p>
</blockquote>
</div>
<div>
<p class="MsoNormal"> </p>
</div>
<div>
<p class="MsoNormal">Why do you want to explore this?</p>
</div>
<div>
<p class="MsoNormal">What is the objective?</p>
</div>
<div>
<p class="MsoNormal">What is the JRD reference for?</p>
</div>
<p class="MsoNormal"><br>
<br>
</p>
<div>
<blockquote style="margin-top:5.0pt;margin-bottom:5.0pt">
<p class="MsoNormal">- Explore the optimal migration path for implementors of OpenID 2.0</p>
</blockquote>
</div>
<div>
<p class="MsoNormal"> </p>
</div>
<div>
<p class="MsoNormal">Explore or develop? Why the "optimal" adjective? Would this be in a spec? Documented in anyway? Is this a recommendation?</p>
</div>
<p class="MsoNormal"><br>
<br>
</p>
<div>
<blockquote style="margin-top:5.0pt;margin-bottom:5.0pt">
<p class="MsoNormal">- Explore how the functionality provided by existing OpenID 2.0</p>
</blockquote>
<blockquote style="margin-top:5.0pt;margin-bottom:5.0pt">
<p class="MsoNormal">extensions could be re-imagined on top of OpenID Connect</p>
</blockquote>
</div>
<div>
<p class="MsoNormal"> </p>
</div>
<div>
<p class="MsoNormal">All extensions? This seems very broad. What would be the output?</p>
</div>
<p class="MsoNormal"><br>
<br>
</p>
<div>
<blockquote style="margin-top:5.0pt;margin-bottom:5.0pt">
<p class="MsoNormal">- Explore how the concept of delegation should evolve</p>
</blockquote>
</div>
<div>
<p class="MsoNormal"> </p>
</div>
<div>
<p class="MsoNormal">delegation of what? what do you mean by evolve? where do you want it to do?</p>
</div>
<div>
<p class="MsoNormal"> </p>
</div>
<div>
<p class="MsoNormal">With all these explorations, this seems more like a research project than a standardization effort.</p>
</div>
<p class="MsoNormal"><br>
<br>
</p>
<div>
<blockquote style="margin-top:5.0pt;margin-bottom:5.0pt">
<p class="MsoNormal"> </p>
</blockquote>
<blockquote style="margin-top:5.0pt;margin-bottom:5.0pt">
<p class="MsoNormal">- Support for simultaneously authenticating the user while also</p>
</blockquote>
<blockquote style="margin-top:5.0pt;margin-bottom:5.0pt">
<p class="MsoNormal">authorizing other OAuth 2.0 protected resources that the server is</p>
</blockquote>
<blockquote style="margin-top:5.0pt;margin-bottom:5.0pt">
<p class="MsoNormal">able to issue access tokens for</p>
</blockquote>
</div>
<div>
<p class="MsoNormal"> </p>
</div>
<div>
<p class="MsoNormal">which server? I think I know what you mean, but it is not clear.</p>
</div>
<p class="MsoNormal"><br>
<br>
</p>
<div>
<blockquote style="margin-top:5.0pt;margin-bottom:5.0pt">
<p class="MsoNormal">- Support users explicitly choosing a server or typing in a variety</p>
</blockquote>
<blockquote style="margin-top:5.0pt;margin-bottom:5.0pt">
<p class="MsoNormal">of URLs and email addresses for discovery</p>
</blockquote>
</div>
<div>
<p class="MsoNormal"> </p>
</div>
<p class="MsoNormal">user typing in where? discovery of what? </p>
<div>
<p class="MsoNormal">what are you trying to solve. This again seems prescriptive of how it will work rather than describing scope. Is it a goal? </p>
</div>
<div>
<p class="MsoNormal"><br>
<br>
</p>
<div>
<blockquote style="margin-top:5.0pt;margin-bottom:5.0pt">
<p class="MsoNormal">- Separate the user identifier from the user's human consumable</p>
</blockquote>
<blockquote style="margin-top:5.0pt;margin-bottom:5.0pt">
<p class="MsoNormal">profile URL such that it is hosted via HTTPS, globally unique, and</p>
</blockquote>
<blockquote style="margin-top:5.0pt;margin-bottom:5.0pt">
<p class="MsoNormal">never reassigned</p>
</blockquote>
</div>
<div>
<p class="MsoNormal"> </p>
</div>
<div>
<p class="MsoNormal">why is this here? Is this a goal?</p>
</div>
<p class="MsoNormal"><br>
<br>
</p>
<div>
<blockquote style="margin-top:5.0pt;margin-bottom:5.0pt">
<p class="MsoNormal">- Drastically reduce the complexity of discovery</p>
</blockquote>
</div>
<div>
<p class="MsoNormal"> </p>
</div>
<div>
<p class="MsoNormal">sounds like a goal rather than scope. </p>
</div>
<p class="MsoNormal"><br>
<br>
</p>
<div>
<blockquote style="margin-top:5.0pt;margin-bottom:5.0pt">
<p class="MsoNormal">- Reduce the complexity of the verification processes possibly by</p>
</blockquote>
<blockquote style="margin-top:5.0pt;margin-bottom:5.0pt">
<p class="MsoNormal">comparing the subdomain of the user identifier and token endpoint</p>
</blockquote>
</div>
<div>
<p class="MsoNormal"> </p>
</div>
<div>
<p class="MsoNormal">verification of what? sounds very prescriptive rather than part of scope</p>
</div>
<p class="MsoNormal"><br>
<br>
</p>
<div>
<blockquote style="margin-top:5.0pt;margin-bottom:5.0pt">
<p class="MsoNormal">- Support optional static verification of the token response via a</p>
</blockquote>
<blockquote style="margin-top:5.0pt;margin-bottom:5.0pt">
<p class="MsoNormal">signature using symmetric keys</p>
</blockquote>
</div>
<div>
<p class="MsoNormal"> </p>
</div>
<div>
<p class="MsoNormal">which verification? which token?</p>
</div>
<p class="MsoNormal"><br>
<br>
</p>
<div>
<blockquote style="margin-top:5.0pt;margin-bottom:5.0pt">
<p class="MsoNormal">- Support user interfaces optimized for a variety of screen sizes,</p>
</blockquote>
<blockquote style="margin-top:5.0pt;margin-bottom:5.0pt">
<p class="MsoNormal">devices, and languages by learning from the OpenID User Experience</p>
</blockquote>
<blockquote style="margin-top:5.0pt;margin-bottom:5.0pt">
<p class="MsoNormal">extension</p>
</blockquote>
</div>
<div>
<p class="MsoNormal"> </p>
</div>
<div>
<p class="MsoNormal">How does this relate to the User Experience WG?</p>
</div>
<p class="MsoNormal"><br>
<br>
</p>
<div>
<blockquote style="margin-top:5.0pt;margin-bottom:5.0pt">
<p class="MsoNormal">- Support the ability to login to non-web browser applications such</p>
</blockquote>
<blockquote style="margin-top:5.0pt;margin-bottom:5.0pt">
<p class="MsoNormal">as desktop applications</p>
</blockquote>
</div>
<div>
<p class="MsoNormal"> </p>
</div>
<div>
<p class="MsoNormal">login is vague -- authenticate? Are there other examples? Would the spec cover how these applications interact with the user?</p>
</div>
<p class="MsoNormal"><br>
<br>
</p>
<div>
<blockquote style="margin-top:5.0pt;margin-bottom:5.0pt">
<p class="MsoNormal">- Support dynamic registration of clients</p>
</blockquote>
</div>
<div>
<p class="MsoNormal"> </p>
</div>
<div>
<p class="MsoNormal">registration of what? what is a client in this context? </p>
</div>
<p class="MsoNormal"><br>
<br>
</p>
<div>
<blockquote style="margin-top:5.0pt;margin-bottom:5.0pt">
<p class="MsoNormal">- Define a standard mechanism and basic set of attributes for servers</p>
</blockquote>
<blockquote style="margin-top:5.0pt;margin-bottom:5.0pt">
<p class="MsoNormal">to share basic user profile data with clients</p>
</blockquote>
</div>
<div>
<p class="MsoNormal"> </p>
</div>
<div>
<p class="MsoNormal">Wow. You are going to decide what the basic set of attributes are that are needed by all servers? Pretty broad scope!</p>
</div>
<div>
<p class="MsoNormal"> </p>
</div>
<p class="MsoNormal"><br>
<br>
</p>
<div>
<blockquote style="margin-top:5.0pt;margin-bottom:5.0pt">
<p class="MsoNormal"> </p>
</blockquote>
<blockquote style="margin-top:5.0pt;margin-bottom:5.0pt">
<p class="MsoNormal">- Do not prevent the use of asymmetric keys throughout the protocol</p>
</blockquote>
<blockquote style="margin-top:5.0pt;margin-bottom:5.0pt">
<p class="MsoNormal">such that it may scale into more security conscious use cases</p>
</blockquote>
</div>
<div>
<p class="MsoNormal"> </p>
</div>
<div>
<p class="MsoNormal">rephrase to explain what is in scope -- ie., ensure that asymmetric keys can be used in the protocol</p>
</div>
<div>
<p class="MsoNormal"> </p>
</div>
<div>
<div>
<p class="MsoNormal"> </p>
</div>
<div>
<blockquote style="margin-top:5.0pt;margin-bottom:5.0pt">
<p style="margin-right:0in;margin-bottom:1.2pt;margin-left:.4in">
<b><span style="font-size:8.0pt">WG name:</span></b><span style="font-size:8.0pt"> User Experience.</span></p>
<p style="margin-right:0in;margin-bottom:1.2pt;margin-left:.4in">
<b><span style="font-size:8.0pt">(ii)</span></b><span style="font-size:8.0pt"> <b>Purpose:</b> Produce a user experience specification or family of specifications for OpenID 2.x that address
the limitations and drawbacks present in the OpenID 2.0 that limit OpenID’s applicability, adoption, usability, privacy, and security. Specific goals are:</span></p>
<p style="margin-right:0in;margin-bottom:1.2pt;margin-left:.5in">
<span style="font-size:8.0pt;font-family:"Lucida Grande","serif"">·</span><span style="font-size:5.5pt"> </span><span style="font-size:8.0pt">produce user experience guidelines for less intrusive authentication user experiences
than full-page browser redirect,</span></p>
<p style="margin-right:0in;margin-bottom:1.2pt;margin-left:.5in">
<span style="font-size:8.0pt;font-family:"Lucida Grande","serif"">·</span><span style="font-size:5.5pt"> </span><span style="font-size:8.0pt">produce user experience guidelines for controlled and uncontrolled release
of attributes,</span></p>
<p style="margin-right:0in;margin-bottom:1.2pt;margin-left:.5in">
<span style="font-size:8.0pt;font-family:"Lucida Grande","serif"">·</span><span style="font-size:5.5pt"> </span><span style="font-size:8.0pt">produce user experience guidelines for use of identities and attributes by
non-browser applications,</span></p>
<p style="margin-right:0in;margin-bottom:1.2pt;margin-left:.5in">
<span style="font-size:8.0pt;font-family:"Lucida Grande","serif"">·</span><span style="font-size:5.5pt"> </span><span style="font-size:8.0pt">produce user experience guidelines for optimized protocol flows combining authentication,
attribute release, and resource authorization,</span></p>
<p style="margin-right:0in;margin-bottom:1.2pt;margin-left:.5in">
<span style="font-size:8.0pt;font-family:"Lucida Grande","serif"">·</span><span style="font-size:5.5pt"> </span><span style="font-size:8.0pt">produce user experience guidelines for use of OpenID on mobile devices,</span></p>
<p style="margin-right:0in;margin-bottom:1.2pt;margin-left:.5in">
<span style="font-size:8.0pt;font-family:"Lucida Grande","serif"">·</span><span style="font-size:5.5pt"> </span><span style="font-size:8.0pt">seamlessly integrate with and complement the other OpenID 2.x specifications.</span></p>
<p style="margin-right:0in;margin-bottom:1.2pt;margin-left:.4in;min-height:15px">
<span style="font-size:8.0pt"> </span></p>
<p style="margin-right:0in;margin-bottom:1.2pt;margin-left:.4in">
<span style="font-size:8.0pt">Compatibility with OpenID 2.x is an explicit goal for this work.</span></p>
<p style="margin-right:0in;margin-bottom:1.2pt;margin-left:.4in;min-height:15px">
<span style="font-size:8.0pt"> </span></p>
<p style="margin-right:0in;margin-bottom:1.2pt;margin-left:.4in">
<b><span style="font-size:8.0pt">(iii)</span></b><span style="font-size:8.0pt"> <b>Scope:</b> Produce a current generation OpenID user experience specification or specifications, consistent
with the purpose statement.</span></p>
</blockquote>
</div>
<div>
<p class="MsoNormal"> </p>
</div>
<div>
<p class="MsoNormal"> </p>
</div>
<div>
<p class="MsoNormal"> </p>
</div>
<div>
<blockquote style="margin-top:5.0pt;margin-bottom:5.0pt">
<p class="MsoNormal"><b><span style="font-size:11.0pt">(i)</span></b><span style="font-size:11.0pt"> <b>WG name:</b> v.Next Discovery.<br>
<b>(ii)</b> <b>Purpose:</b> Produce a discovery specification or family of discovery specifications for OpenID v.Next that address the limitations and drawbacks present in the OpenID 2.0 discovery facilities that limit OpenID’s applicability, adoption,
usability, privacy, and security. Specific goals are:<br>
</span><span style="font-size:11.0pt;font-family:Symbol">·</span><span style="font-size:11.0pt"> </span><span style="font-size:11.0pt"> </span><span style="font-size:11.0pt">enable discovery for and normalization of OpenID
identifiers, including those utilizing e-mail address syntax and those that are URLs,<br>
<br>
</span><span style="font-size:11.0pt;font-family:Symbol">·</span><span style="font-size:11.0pt"> </span><span style="font-size:11.0pt"> </span><span style="font-size:11.0pt">enable discovery of features supported by OpenID
v.Next OpenID Providers and Relying Parties,<br>
<br>
</span><span style="font-size:11.0pt;font-family:Symbol">·</span><span style="font-size:11.0pt"> </span><span style="font-size:11.0pt"> </span><span style="font-size:11.0pt">enable discovery of attributes about OpenID v.Next
OPs and RPs, including, but not limited to visual logos and human-readable site names,<br>
<br>
</span><span style="font-size:11.0pt;font-family:Symbol">·</span><span style="font-size:11.0pt"> </span><span style="font-size:11.0pt"> </span><span style="font-size:11.0pt">enable discovery supporting a spectrum of clients,
including passive clients per current usage, thin active clients, and active clients with OP functionality,<br>
<br>
</span><span style="font-size:11.0pt;font-family:Symbol">·</span><span style="font-size:11.0pt"> </span><span style="font-size:11.0pt"> </span><span style="font-size:11.0pt">enable discovery supporting authentication to
and use of attributes by non-browser applications,<br>
<br>
</span><span style="font-size:11.0pt;font-family:Symbol">·</span><span style="font-size:11.0pt"> </span><span style="font-size:11.0pt"> </span><span style="font-size:11.0pt">enable discovery of public keys,<br>
<br>
</span><span style="font-size:11.0pt;font-family:Symbol">·</span><span style="font-size:11.0pt"> </span><span style="font-size:11.0pt"> </span><span style="font-size:11.0pt">enable potential mechanisms for discovering context-relevant
OpenID providers,<br>
<br>
</span><span style="font-size:11.0pt;font-family:Symbol">·</span><span style="font-size:11.0pt"> </span><span style="font-size:11.0pt"> </span><span style="font-size:11.0pt">seamlessly integrate with and complement the
other OpenID v.Next specifications.<br>
<br>
Compatibility with OpenID 2.0 is an explicit non-goal for this work.<br>
<b>(iii)</b> <b>Scope:</b> Produce a next generation OpenID discovery specification or specifications, consistent with the purpose statement.</span></p>
</blockquote>
<div>
<p class="MsoNormal"> </p>
</div>
<div>
<p class="MsoNormal"> </p>
</div>
<div>
<p class="MsoNormal"> </p>
</div>
<div>
<blockquote style="margin-top:5.0pt;margin-bottom:5.0pt">
<p class="MsoNormal">(i) <b>WG name:</b> Core Protocol.</p>
</blockquote>
<blockquote style="margin-top:5.0pt;margin-bottom:5.0pt">
<p class="MsoNormal"> </p>
</blockquote>
<blockquote style="margin-top:5.0pt;margin-bottom:5.0pt">
<p class="MsoNormal">(ii) <b>Purpose</b>: Produce a core protocol specification or</p>
</blockquote>
<blockquote style="margin-top:5.0pt;margin-bottom:5.0pt">
<p class="MsoNormal">family of specifications for OpenID v.Next that address the limitations and</p>
</blockquote>
<blockquote style="margin-top:5.0pt;margin-bottom:5.0pt">
<p class="MsoNormal">drawbacks present in OpenID 2.0 that limit OpenID’s applicability, adoption,</p>
</blockquote>
<blockquote style="margin-top:5.0pt;margin-bottom:5.0pt">
<p class="MsoNormal">usability, privacy, and security. Specific goals are:</p>
</blockquote>
<blockquote style="margin-top:5.0pt;margin-bottom:5.0pt">
<p class="MsoNormal"> </p>
</blockquote>
<blockquote style="margin-top:5.0pt;margin-bottom:5.0pt">
<p class="MsoNormal">· define core message flows and verification methods,</p>
</blockquote>
<blockquote style="margin-top:5.0pt;margin-bottom:5.0pt">
<p class="MsoNormal"> </p>
</blockquote>
<blockquote style="margin-top:5.0pt;margin-bottom:5.0pt">
<p class="MsoNormal">· enable support for controlled release of attributes,</p>
</blockquote>
<blockquote style="margin-top:5.0pt;margin-bottom:5.0pt">
<p class="MsoNormal"> </p>
</blockquote>
<blockquote style="margin-top:5.0pt;margin-bottom:5.0pt">
<p class="MsoNormal">· enable aggregation of attributes from multiple attribute sources,</p>
</blockquote>
<blockquote style="margin-top:5.0pt;margin-bottom:5.0pt">
<p class="MsoNormal"> </p>
</blockquote>
<blockquote style="margin-top:5.0pt;margin-bottom:5.0pt">
<p class="MsoNormal">· enable attribute sources to provide verified attributes,</p>
</blockquote>
<blockquote style="margin-top:5.0pt;margin-bottom:5.0pt">
<p class="MsoNormal"> </p>
</blockquote>
<blockquote style="margin-top:5.0pt;margin-bottom:5.0pt">
<p class="MsoNormal">· enable the sources of attributes to be verified,</p>
</blockquote>
<blockquote style="margin-top:5.0pt;margin-bottom:5.0pt">
<p class="MsoNormal"> </p>
</blockquote>
<blockquote style="margin-top:5.0pt;margin-bottom:5.0pt">
<p class="MsoNormal">· enable support for a spectrum of clients, including passive clients</p>
</blockquote>
<blockquote style="margin-top:5.0pt;margin-bottom:5.0pt">
<p class="MsoNormal">per current usage, thin active clients, and active clients with OP</p>
</blockquote>
<blockquote style="margin-top:5.0pt;margin-bottom:5.0pt">
<p class="MsoNormal">functionality,</p>
</blockquote>
<blockquote style="margin-top:5.0pt;margin-bottom:5.0pt">
<p class="MsoNormal"> </p>
</blockquote>
<blockquote style="margin-top:5.0pt;margin-bottom:5.0pt">
<p class="MsoNormal">· enable authentication to and use of attributes by non-browser</p>
</blockquote>
<blockquote style="margin-top:5.0pt;margin-bottom:5.0pt">
<p class="MsoNormal">applications,</p>
</blockquote>
<blockquote style="margin-top:5.0pt;margin-bottom:5.0pt">
<p class="MsoNormal"> </p>
</blockquote>
<blockquote style="margin-top:5.0pt;margin-bottom:5.0pt">
<p class="MsoNormal">· enable optimized protocol flows combining authentication, attribute</p>
</blockquote>
<blockquote style="margin-top:5.0pt;margin-bottom:5.0pt">
<p class="MsoNormal">release, and resource authorization,</p>
</blockquote>
<blockquote style="margin-top:5.0pt;margin-bottom:5.0pt">
<p class="MsoNormal"> </p>
</blockquote>
<blockquote style="margin-top:5.0pt;margin-bottom:5.0pt">
<p class="MsoNormal">· define profiles and support features intended to enable OpenID to be</p>
</blockquote>
<blockquote style="margin-top:5.0pt;margin-bottom:5.0pt">
<p class="MsoNormal">used at levels of assurance higher than NIST SP800-63 v2 level 1 ,</p>
</blockquote>
<blockquote style="margin-top:5.0pt;margin-bottom:5.0pt">
<p class="MsoNormal"> </p>
</blockquote>
<blockquote style="margin-top:5.0pt;margin-bottom:5.0pt">
<p class="MsoNormal">· ensure the use of OpenID on mobile and other emerging devices,</p>
</blockquote>
<blockquote style="margin-top:5.0pt;margin-bottom:5.0pt">
<p class="MsoNormal"> </p>
</blockquote>
<blockquote style="margin-top:5.0pt;margin-bottom:5.0pt">
<p class="MsoNormal">· ensure the use of OpenID on existing browsers with URL length</p>
</blockquote>
<blockquote style="margin-top:5.0pt;margin-bottom:5.0pt">
<p class="MsoNormal">restrictions,</p>
</blockquote>
<blockquote style="margin-top:5.0pt;margin-bottom:5.0pt">
<p class="MsoNormal"> </p>
</blockquote>
<blockquote style="margin-top:5.0pt;margin-bottom:5.0pt">
<p class="MsoNormal">· define an extension mechanism for identified capabilities that are</p>
</blockquote>
<blockquote style="margin-top:5.0pt;margin-bottom:5.0pt">
<p class="MsoNormal">not in the core specification</p>
</blockquote>
<blockquote style="margin-top:5.0pt;margin-bottom:5.0pt">
<p class="MsoNormal"> </p>
</blockquote>
<blockquote style="margin-top:5.0pt;margin-bottom:5.0pt">
<p class="MsoNormal"> · evaluate the use of public key technology to enhance, security,</p>
</blockquote>
<blockquote style="margin-top:5.0pt;margin-bottom:5.0pt">
<p class="MsoNormal">scalability and performance,</p>
</blockquote>
<blockquote style="margin-top:5.0pt;margin-bottom:5.0pt">
<p class="MsoNormal"> </p>
</blockquote>
<blockquote style="margin-top:5.0pt;margin-bottom:5.0pt">
<p class="MsoNormal">· evaluate inclusion of single sign out</p>
</blockquote>
<blockquote style="margin-top:5.0pt;margin-bottom:5.0pt">
<p class="MsoNormal"> </p>
</blockquote>
<blockquote style="margin-top:5.0pt;margin-bottom:5.0pt">
<p class="MsoNormal">· evaluate mechanisms for providing redundancy</p>
</blockquote>
<blockquote style="margin-top:5.0pt;margin-bottom:5.0pt">
<p class="MsoNormal"> </p>
</blockquote>
<blockquote style="margin-top:5.0pt;margin-bottom:5.0pt">
<p class="MsoNormal">· complement OAuth 2.0</p>
</blockquote>
<blockquote style="margin-top:5.0pt;margin-bottom:5.0pt">
<p class="MsoNormal"> </p>
</blockquote>
<blockquote style="margin-top:5.0pt;margin-bottom:5.0pt">
<p class="MsoNormal">· minimize migration effort from OpenID 2.0</p>
</blockquote>
<blockquote style="margin-top:5.0pt;margin-bottom:5.0pt">
<p class="MsoNormal"> </p>
</blockquote>
<blockquote style="margin-top:5.0pt;margin-bottom:5.0pt">
<p class="MsoNormal">· seamlessly integrate with and complement the other OpenID v.Next</p>
</blockquote>
<blockquote style="margin-top:5.0pt;margin-bottom:5.0pt">
<p class="MsoNormal">specifications.</p>
</blockquote>
<blockquote style="margin-top:5.0pt;margin-bottom:5.0pt">
<p class="MsoNormal"> </p>
</blockquote>
<blockquote style="margin-top:5.0pt;margin-bottom:5.0pt">
<p class="MsoNormal">· depreciate redundant or unused mechanisms</p>
</blockquote>
<blockquote style="margin-top:5.0pt;margin-bottom:5.0pt">
<p class="MsoNormal"> </p>
</blockquote>
<blockquote style="margin-top:5.0pt;margin-bottom:5.0pt">
<p class="MsoNormal"> Compatibility with OpenID 2.0 is an explicit non-goal for this work.</p>
</blockquote>
<blockquote style="margin-top:5.0pt;margin-bottom:5.0pt">
<p class="MsoNormal"> </p>
</blockquote>
<blockquote style="margin-top:5.0pt;margin-bottom:5.0pt">
<p class="MsoNormal">(iii) Scope: Produce a next generation OpenID core</p>
</blockquote>
<blockquote style="margin-top:5.0pt;margin-bottom:5.0pt">
<p class="MsoNormal">protocol specification or specifications, consistent with the purpose</p>
</blockquote>
<blockquote style="margin-top:5.0pt;margin-bottom:5.0pt">
<p class="MsoNormal">statement.</p>
</blockquote>
<div>
<p class="MsoNormal"> </p>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
<p class="MsoNormal"> </p>
</div>
</div></div></div>
</div>
<br>_______________________________________________<br>
board mailing list<br>
<a href="mailto:board@lists.openid.net">board@lists.openid.net</a><br>
<a href="http://lists.openid.net/mailman/listinfo/openid-board" target="_blank">http://lists.openid.net/mailman/listinfo/openid-board</a><br>
<br></blockquote></div><br></div></div>