[OpenID] [OIDFSC] FW: Proposal to create the TX working group

Nat Sakimura n-sakimura at nri.co.jp
Wed Dec 24 08:37:42 UTC 2008


Hi Mike,

At the same time, please revisit the comment that I have made.

It is not XML that I am proposing to sign. It is a collection of
tag-value pairs so XML DSig does not apply.

If you have additional concerns, please let me know.
The only one that I am aware of is whether to split it into two.

=nat

Mike Jones wrote:
>
> Thus far I believe that only David and I have weighed in on this.
> Before I jump in again, I¡¯d be interested in knowing the views of
> Johnny, Brad, Dick, Josh, and Allen.
>
> What do the other 5 of you have to say about this proposal?
>
> Thanks,
>
> -- Mike
>
> *From:* Sakimura Nat [mailto:n-sakimura at nri.co.jp]
> *Sent:* Tuesday, December 23, 2008 4:29 PM
> *To:* Sakimura Nat; David Recordon; Mike Jones
> *Cc:* general at openid.net; specs-council at openid.net
> *Subject:* RE: Re: [OIDFSC] FW: Proposal to create the TX working group
>
> P.S. Below, I used the word "Algorithm" but it is not referring to
> something akin to RSA-SHA1 etc. Rather, it is the method to create a
> signature base string from a subset of the tag-values in OpenID
> message. Word such as "scheme" may be more appropriate.
>
> Nat Sakimura (=nat)
>
> ------------------------------------------------------------------------
>
> *²î³öÈË**:* specs-council-bounces at openid.net
> [specs-council-bounces at openid.net] ¤Ï Sakimura Nat
> [n-sakimura at nri.co.jp] ¤Î´úÀí
> *ËÍÐÅÈÕ•r**:* 2008Äê12ÔÂ24ÈÕ 9:10
> *ÍðÏÈ**:* David Recordon; Mike Jones
> *CC:* general at openid.net; specs-council at openid.net
> *¼þÃû**:* Re: [OIDFSC] FW: Proposal to create the TX working group
>
> Thanks.
>
> I did not know that specs-council list is actually subscribable.
>
> I now have subscribed to it.
>
> From what I see from the archive, the biggest objection seems to be
> the signature.
>
> > "A Public Key Cryptography based digital signature method", but isn't
> it already
>
> > defined how to sign chunks of XML? Why would the working group be
> developing
>
> > a new signature mechanism?
>
> Let me explain on it.
>
> CX is not XML based. It is tag-value based. I do not think there is
> any generalized public key based signature algorithm that enables one
> to sign tag-value based on name spaces. What is defined in OAuth comes
> close, but it needs generalization as it is specific to OAuth. If
> there s a generalized such method, please point it to me. I understand
> that AuthN 2.1 would be looking at doing it. However, it is not there
> yet so it cannot be cited. Once it gets citable, I envision that it
> will be citing it instead of incorporating it into the CX spec.
>
> For other points, it would be appreciated very much if you could
> explicitly state the points. Then, I would be replying to them.
>
> By the way, from the process point, I believe that the specs council
> needs to be stating one of the reason stated in "4.2 Review". It needs
> to be one of
>
> (a) an incomplete Proposal (i.e., failure to comply with ¡ì4.1);
>
> (b) a determination that the proposal contravenes the OpenID
> community's purpose;
>
> (c) a determination that the proposed WG does not have sufficient
> support to succeed
>
> or to deliver proposed deliverables within projected completion dates; or
>
> (d) a determination that the proposal is likely to cause legal
> liability for the OIDF or others.
>
> On what point the current proposal falls into?
>
> Regards,
>
> =nat
>
> ------------------------------------------------------------------------
>
> *²î³öÈË**:* David Recordon [recordond at gmail.com]
> *ËÍÐÅÈÕ•r**:* 2008Äê12ÔÂ24ÈÕ 2:54
> *ÍðÏÈ**:* Mike Jones
> *CC:* Sakimura Nat; specs-council at openid.net
> *¼þÃû**:* Re: [OIDFSC] FW: Proposal to create the TX working group
>
> I think that's a reasonable recommendation, though would like to first
> approach Nat to see if the charter can be made to address these
> concerns and then resubmitted for review.
>
> --David
>
> On Mon, Dec 22, 2008 at 9:20 PM, Mike Jones
> <Michael.Jones at microsoft.com <mailto:Michael.Jones at microsoft.com>> wrote:
>
> I have to agree with David that this charter is far from minimal or
> specific in many respects. One of my concerns is the same as David's
> below ¨C when XMLDSIG and other signature algorithms already exist, it
> is incumbent upon the proposers to justify the creation of yet
> another, incompatible signature algorithm.
>
> It is therefore my recommendation that the specifications council
> communicate something like this position to the membership to guide
> their vote about this working group:
>
> The OpenID Specifications Council recommends that members reject this
> proposal to create a working group because the charter is excessively
> broad, it seems to propose the creation of new mechanisms that
> unnecessarily create new ways to do accomplish existing tasks, such as
> digital signatures, and it the proposal is not sufficiently clear on
> whether it builds upon existing mechanisms such as AX 1.0 in a
> compatible manner, or whether it requires breaking changes to these
> underlying protocols.
>
> We, as a specs council, have an obligation to promptly produce a
> recommendation prior to the membership vote. My stab at our
> recommendation is above. Wordsmithing welcome. If you disagree, please
> supply alternate wording that you think we should use instead.
>
> -- Mike
>
> *From:* David Recordon [mailto:recordond at gmail.com
> <mailto:recordond at gmail.com>]
>
> *Sent:* Monday, December 22, 2008 10:20 AM
> *To:* Nat Sakimura
> *Cc:* Mike Jones; specs-council at openid.net
> <mailto:specs-council at openid.net>
>
> *Subject:* Re: [OIDFSC] FW: Proposal to create the TX working group
>
> To update Nat's note, the proposal is actually at
> http://wiki.openid.net/Working_Groups%3AContract_Exchange_1 (the wiki
> doesn't like periods in URLs).
>
> While the number of specifications listed has been reduced, it still
> feels nebulous in terms of what will be produced as laid out by the
> purpose and scope. For example, the scope says that the working group
> will develop "A Public Key Cryptography based digital signature
> method", but isn't it already defined how to sign chunks of XML? Why
> would the working group be developing a new signature mechanism?
>
> --David
>
> On Thu, Dec 18, 2008 at 9:09 PM, Nat Sakimura <n-sakimura at nri.co.jp
> <mailto:n-sakimura at nri.co.jp>> wrote:
>
> The most current version is here:
> http://wiki.openid.net/Working_Groups:Contract_Exchange_1.0
>
> Since AX 2.0 WG is spinning up, I have removed it from the possible
> output of this WG.
>
> =nat
>
> Mike Jones wrote:
>
>
> Forwarding this note to the list to kick off the actual specs council
> work on this spec¡­
>
> [Deleted the rest of the thread to bring the message below the current
> 40K list size limit]
>



More information about the general mailing list