<div dir="ltr">+1 for formation with that charter!</div><div class="gmail_extra"><br><div class="gmail_quote">On Mon, Mar 2, 2015 at 10:06 AM, Breno de Medeiros <span dir="ltr"><<a href="mailto:breno@google.com" target="_blank">breno@google.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr">+1 for WG formation.</div><div class="gmail_extra"><br><div class="gmail_quote">On Mon, Mar 2, 2015 at 9:11 AM, Mike Jones <span dir="ltr"><<a href="mailto:Michael.Jones@microsoft.com" target="_blank">Michael.Jones@microsoft.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">





<div lang="EN-US" link="blue" vlink="purple">
<div>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d">Per
<a href="http://openid.net/foundation/specs-council/" target="_blank">http://openid.net/foundation/specs-council/</a>, the current specs council members are:<u></u><u></u></span></p>
<p class="MsoNormal" style="margin-left:3.75pt;line-height:15.0pt">
<u></u><span style="font-size:10.0pt;font-family:Symbol;color:#5a5a5a"><span>·<span style="font:7.0pt "Times New Roman"">       
</span></span></span><u></u><span style="font-size:10.5pt;font-family:"Helvetica","sans-serif";color:#5a5a5a">John Bradley<u></u><u></u></span></p>
<p class="MsoNormal" style="margin-left:3.75pt;line-height:15.0pt">
<u></u><span style="font-size:10.0pt;font-family:Symbol;color:#5a5a5a"><span>·<span style="font:7.0pt "Times New Roman"">       
</span></span></span><u></u><span style="font-size:10.5pt;font-family:"Helvetica","sans-serif";color:#5a5a5a">Tim Bray<u></u><u></u></span></p>
<p class="MsoNormal" style="margin-left:3.75pt;line-height:15.0pt">
<u></u><span style="font-size:10.0pt;font-family:Symbol;color:#5a5a5a"><span>·<span style="font:7.0pt "Times New Roman"">       
</span></span></span><u></u><span style="font-size:10.5pt;font-family:"Helvetica","sans-serif";color:#5a5a5a">Ashish Jain<u></u><u></u></span></p>
<p class="MsoNormal" style="margin-left:3.75pt;line-height:15.0pt">
<u></u><span style="font-size:10.0pt;font-family:Symbol;color:#5a5a5a"><span>·<span style="font:7.0pt "Times New Roman"">       
</span></span></span><u></u><span style="font-size:10.5pt;font-family:"Helvetica","sans-serif";color:#5a5a5a">Mike Jones<u></u><u></u></span></p>
<p class="MsoNormal" style="margin-left:3.75pt;line-height:15.0pt">
<u></u><span style="font-size:10.0pt;font-family:Symbol;color:#5a5a5a"><span>·<span style="font:7.0pt "Times New Roman"">       
</span></span></span><u></u><span style="font-size:10.5pt;font-family:"Helvetica","sans-serif";color:#5a5a5a">Breno de Medeiros<u></u><u></u></span></p>
<p class="MsoNormal" style="margin-left:3.75pt;line-height:15.0pt">
<u></u><span style="font-size:10.0pt;font-family:Symbol;color:#5a5a5a"><span>·<span style="font:7.0pt "Times New Roman"">       
</span></span></span><u></u><span style="font-size:10.5pt;font-family:"Helvetica","sans-serif";color:#5a5a5a">Chuck Mortimore<u></u><u></u></span></p>
<p class="MsoNormal" style="margin-left:3.75pt;line-height:15.0pt">
<u></u><span style="font-size:10.0pt;font-family:Symbol;color:#5a5a5a"><span>·<span style="font:7.0pt "Times New Roman"">       
</span></span></span><u></u><span style="font-size:10.5pt;font-family:"Helvetica","sans-serif";color:#5a5a5a">Nat Sakimura<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d">At this point that leaves Tim, Breno, and Chuck left to vote.<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d"><u></u> <u></u></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d">                                                            -- Mike<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d"><u></u> <u></u></span></p>
<div>
<div style="border:none;border-top:solid #b5c4df 1.0pt;padding:3.0pt 0in 0in 0in">
<p class="MsoNormal"><b><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif"">From:</span></b><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif""> John Bradley [mailto:<a href="mailto:ve7jtb@ve7jtb.com" target="_blank">ve7jtb@ve7jtb.com</a>]
<br>
<b>Sent:</b> Monday, March 02, 2015 12:04 AM<br>
<b>To:</b> Adam Dawes<br>
<b>Cc:</b> Nat Sakimura; Ashish Jain; Mike Jones; Chuck Mortimore; John Ehrig; Andrew Nash; <a href="mailto:openid-specs-council@lists.openid.net" target="_blank">openid-specs-council@lists.openid.net</a>; <a href="mailto:aatoc@googlegroups.com" target="_blank">aatoc@googlegroups.com</a><br>
<b>Subject:</b> Re: [OIDFSC] AATOC Working Group Charter<u></u><u></u></span></p>
</div>
</div>
<p class="MsoNormal"><u></u> <u></u></p>
<p class="MsoNormal">No you have to give the other members of the specs council time to vote.<u></u><u></u></p>
<div>
<p class="MsoNormal"><u></u> <u></u></p>
</div>
<div>
<p class="MsoNormal">However I also vote to approve the creation of the working group with the charter.<u></u><u></u></p>
</div>
<div>
<p class="MsoNormal"><u></u> <u></u></p>
</div>
<div>
<p class="MsoNormal">That makes 3 yes and no opposed at this point.<u></u><u></u></p>
</div>
<div>
<p class="MsoNormal"><u></u> <u></u></p>
</div>
<div>
<p class="MsoNormal">After approval people sign the IPR to join the WG.<u></u><u></u></p>
</div>
<div>
<p class="MsoNormal">Then there is a WG founding meeting where the members vote to adopt the charter.<u></u><u></u></p>
</div>
<div>
<p class="MsoNormal"><u></u> <u></u></p>
</div>
<div>
<p class="MsoNormal">After that you are a full WG.<u></u><u></u></p>
</div>
<div>
<p class="MsoNormal"><u></u> <u></u></p>
</div>
<div>
<p class="MsoNormal">John B.<u></u><u></u></p>
</div>
<div>
<p class="MsoNormal"><u></u> <u></u></p>
</div>
<div>
<p class="MsoNormal"><u></u> <u></u></p>
<div>
<blockquote style="margin-top:5.0pt;margin-bottom:5.0pt">
<div>
<p class="MsoNormal">On Mar 2, 2015, at 8:15 AM, Adam Dawes <<a href="mailto:adawes@google.com" target="_blank">adawes@google.com</a>> wrote:<u></u><u></u></p>
</div>
<p class="MsoNormal"><u></u> <u></u></p>
<div>
<div>
<p class="MsoNormal">Does this mean that we're an official working group now?<u></u><u></u></p>
</div>
<div>
<p class="MsoNormal"><u></u> <u></u></p>
<div>
<p class="MsoNormal">On Sun, Mar 1, 2015 at 4:59 PM, Nat Sakimura <<a href="mailto:sakimura@gmail.com" target="_blank">sakimura@gmail.com</a>> wrote:<u></u><u></u></p>
<div>
<div>
<p class="MsoNormal">+1<br>
<br>
=nat via iPhone<u></u><u></u></p>
</div>
<div>
<p class="MsoNormal" style="margin-bottom:12.0pt"><br>
2015/03/02 2:33<span style="font-family:"MS Mincho"">、</span>Ashish Jain <<a href="mailto:ashishjain@vmware.com" target="_blank">ashishjain@vmware.com</a>>
<span style="font-family:"MS Mincho"">のメッセージ</span>:<u></u><u></u></p>
</div>
<blockquote style="margin-top:5.0pt;margin-bottom:5.0pt">
<div>
<div>
<p class="MsoNormal">+1<u></u><u></u></p>
</div>
<div>
<p class="MsoNormal"><u></u> <u></u></p>
</div>
<div style="border:none;border-top:solid #b5c4df 1.0pt;padding:3.0pt 0in 0in 0in">
<p class="MsoNormal"><b><span style="font-size:11.0pt;font-family:"Calibri","sans-serif"">From:
</span></b><span style="font-size:11.0pt;font-family:"Calibri","sans-serif"">Mike Jones <<a href="mailto:Michael.Jones@microsoft.com" target="_blank">Michael.Jones@microsoft.com</a>><br>
<b>Date: </b>Friday, February 27, 2015 at 4:54 PM<br>
<b>To: </b>Adam Dawes <<a href="mailto:adawes@google.com" target="_blank">adawes@google.com</a>>, John Bradley <<a href="mailto:ve7jtb@ve7jtb.com" target="_blank">ve7jtb@ve7jtb.com</a>><br>
<b>Cc: </b>Chuck Mortimore <<a href="mailto:cmortimore@salesforce.com" target="_blank">cmortimore@salesforce.com</a>>, John Ehrig <<a href="mailto:jehrig@inventures.com" target="_blank">jehrig@inventures.com</a>>, Andrew Nash <<a href="mailto:andrew@confyrm.com" target="_blank">andrew@confyrm.com</a>>,
 "<a href="mailto:openid-specs-council@lists.openid.net" target="_blank">openid-specs-council@lists.openid.net</a>" <<a href="mailto:openid-specs-council@lists.openid.net" target="_blank">openid-specs-council@lists.openid.net</a>>, Ashish Jain <<a href="mailto:ashishjain@vmware.com" target="_blank">ashishjain@vmware.com</a>>,
 Nat Sakimura <<a href="mailto:sakimura@gmail.com" target="_blank">sakimura@gmail.com</a>>, "<a href="mailto:aatoc@googlegroups.com" target="_blank">aatoc@googlegroups.com</a>" <<a href="mailto:aatoc@googlegroups.com" target="_blank">aatoc@googlegroups.com</a>><br>
<b>Subject: </b>RE: [OIDFSC] AATOC Working Group Charter<u></u><u></u></span></p>
</div>
<div>
<p class="MsoNormal"><u></u> <u></u></p>
</div>
<div>
<div>
<div>
<div>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif"">I approve of the creation of this working group with this charter.<u></u><u></u></span></p>
</div>
</div>
<div>
<div class="MsoNormal" align="center" style="text-align:center">
<hr size="3" width="100%" align="center">
</div>
<p class="MsoNormal" style="margin-bottom:12.0pt"><b><span style="font-size:11.0pt;font-family:"Calibri","sans-serif"">From:
</span></b><span style="font-size:11.0pt;font-family:"Calibri","sans-serif""><a href="mailto:adawes@google.com" target="_blank">Adam Dawes</a></span><br>
<b><span style="font-size:11.0pt;font-family:"Calibri","sans-serif"">Sent: </span>
</b><span style="font-size:11.0pt;font-family:"Calibri","sans-serif"">‎2/‎27/‎2015 11:22 AM</span><br>
<b><span style="font-size:11.0pt;font-family:"Calibri","sans-serif"">To: </span></b><span style="font-size:11.0pt;font-family:"Calibri","sans-serif""><a href="mailto:ve7jtb@ve7jtb.com" target="_blank">John Bradley</a></span><br>
<b><span style="font-size:11.0pt;font-family:"Calibri","sans-serif"">Cc: </span></b><span style="font-size:11.0pt;font-family:"Calibri","sans-serif""><a href="mailto:cmortimore@salesforce.com" target="_blank">Chuck Mortimore</a>;
<a href="mailto:Michael.Jones@microsoft.com" target="_blank">Mike Jones</a>; <a href="mailto:jehrig@inventures.com" target="_blank">
John Ehrig</a>; <a href="mailto:andrew@confyrm.com" target="_blank">Andrew Nash</a>;
<a href="mailto:openid-specs-council@lists.openid.net" target="_blank">openid-specs-council@lists.openid.net</a>;
<a href="mailto:ashishjain@vmware.com" target="_blank">Ashish Jain</a>; <a href="mailto:sakimura@gmail.com" target="_blank">
Nat Sakimura</a>; <a href="mailto:aatoc@googlegroups.com" target="_blank">aatoc@googlegroups.com</a></span><br>
<b><span style="font-size:11.0pt;font-family:"Calibri","sans-serif"">Subject: </span>
</b><span style="font-size:11.0pt;font-family:"Calibri","sans-serif"">Re: [OIDFSC] AATOC Working Group Charter</span><u></u><u></u></p>
</div>
<div>
<div>
<p class="MsoNormal">We had our weekly meeting today and everyone was okay with the Trust Framework addition. We also made an update to the language around privacy considerations. Here is the updated text:
<u></u><u></u></p>
<div>
<p class="MsoNormal"><u></u> <u></u></p>
</div>
<div>
<h2 style="margin-right:0in;margin-bottom:8.0pt;margin-left:0in">
<span style="font-size:13.0pt;font-family:"Trebuchet MS","sans-serif"">1) Working Group name:
</span><u></u><u></u></h2>
<p class="MsoNormal" style="margin-bottom:8.0pt"><span style="font-size:11.5pt;font-family:"Arial","sans-serif"">Abuse and Account Take-Over Coordination Working Group</span><u></u><u></u></p>
<h2 style="margin-right:0in;margin-bottom:8.0pt;margin-left:0in">
<span style="font-size:13.0pt;font-family:"Trebuchet MS","sans-serif"">2) Purpose</span><u></u><u></u></h2>
<div>
<p class="MsoNormal"><span style="font-size:11.5pt;font-family:"Arial","sans-serif"">The goal of AATOC is to provide data sharing schemas, privacy recommendations and protocols to:</span><u></u><u></u></p>
</div>
<p class="MsoNormal"><u></u> <u></u></p>
<div>
<ul type="disc">
<li class="MsoNormal" style="vertical-align:baseline">
<span style="font-size:11.5pt;font-family:"Arial","sans-serif"">Share information about important security events in order to thwart attackers from leveraging compromised accounts from one Service Provider to gain access to accounts on other Service Providers
 (mobile or web application developers and owners). <u></u><u></u></span></li></ul>
</div>
<div>
<ul type="disc">
<li class="MsoNormal" style="vertical-align:baseline">
<span style="font-size:11.5pt;font-family:"Arial","sans-serif"">Enable users and providers to coordinate in order to securely restore accounts following a compromise.<u></u><u></u></span></li></ul>
</div>
<p class="MsoNormal"><u></u> <u></u></p>
<div>
<p class="MsoNormal"><span style="font-size:11.5pt;font-family:"Arial","sans-serif"">Internet accounts that use email addresses or phone numbers as the primary identifier for the account will be the initial focus.
</span><u></u><u></u></p>
</div>
<h2 style="margin-right:0in;margin-bottom:8.0pt;margin-left:0in">
<span style="font-size:13.0pt;font-family:"Trebuchet MS","sans-serif"">3) Scope</span><u></u><u></u></h2>
<div>
<p class="MsoNormal"><span style="font-size:11.5pt;font-family:"Arial","sans-serif"">The group will define:</span><u></u><u></u></p>
</div>
<div>
<ul type="disc">
<li class="MsoNormal" style="vertical-align:baseline">
<b><span style="font-size:11.5pt;font-family:"Arial","sans-serif"">Security events</span></b><span style="font-size:11.5pt;font-family:"Arial","sans-serif""><br>
These are events – whether directly authentication-related or occurring at another time in the user flow – that take place on one service that could also have security implications on other Service Providers. The group will develop a taxonomy of security events
 and a common set of semantics to express relevant information about a security event.<br>
<br>
<br>
<u></u><u></u></span></li></ul>
</div>
<div>
<ul type="disc">
<li class="MsoNormal" style="vertical-align:baseline">
<b><span style="font-size:11.5pt;font-family:"Arial","sans-serif"">Privacy Implications</span></b><span style="font-size:11.5pt;font-family:"Arial","sans-serif""><br>
Sharing security information amongst providers has potential privacy implications for both end users and service providers. These privacy implications must be considered against both (a) applicable regulations, policies, and the principles of user notice, choice
 and consent, and (b) the recognized benefits of protecting users’ accounts and data from abuse. The group will consider ways to address such potential privacy implications when defining mechanisms to handle the various security events and recommend best practices
 for the industry.<u></u><u></u></span></li></ul>
</div>
<p class="MsoNormal"><u></u> <u></u></p>
<div>
<ul type="disc">
<li class="MsoNormal" style="vertical-align:baseline">
<b><span style="font-size:11.5pt;font-family:"Arial","sans-serif"">Communications mechanisms</span></b><span style="font-size:11.5pt;font-family:"Arial","sans-serif""><br>
Define bindings for the use of an existing transport protocol defined elsewhere.<u></u><u></u></span></li></ul>
</div>
<p class="MsoNormal"><u></u> <u></u></p>
<div>
<ul type="disc">
<li class="MsoNormal" style="vertical-align:baseline">
<b><span style="font-size:11.5pt;font-family:"Arial","sans-serif"">Event schema</span></b><span style="font-size:11.5pt;font-family:"Arial","sans-serif""><br>
Define a schema describing relevant events and relationships to allow for dissemination between interested and authorized parties.  <br>
<br>
<br>
<u></u><u></u></span></li></ul>
</div>
<div>
<ul type="disc">
<li class="MsoNormal" style="vertical-align:baseline">
<b><span style="font-size:11.5pt;font-family:"Arial","sans-serif"">Trust Frameworks</span></b><span style="font-size:11.5pt;font-family:"Arial","sans-serif""><br>
Define at least one model for the conditions under which information would be shared.
<u></u><u></u></span></li></ul>
</div>
<p class="MsoNormal"><u></u> <u></u></p>
<div>
<ul type="disc">
<li class="MsoNormal" style="vertical-align:baseline">
<b><span style="font-size:11.5pt;font-family:"Arial","sans-serif"">Account recovery mechanisms<u></u><u></u></span></b></li></ul>
</div>
<div style="margin-left:.5in">
<p class="MsoNormal"><span style="font-size:11.5pt;font-family:"Arial","sans-serif"">Standardized mechanism(s) to allow providers to signal that a user has regained control of an account, or allow a user to explicitly restore control of a previously compromised
 account, with or without direct user involvement.</span><u></u><u></u></p>
</div>
<h2 style="margin-right:0in;margin-bottom:8.0pt;margin-left:0in">
<span style="font-size:13.0pt;font-family:"Trebuchet MS","sans-serif"">Out of scope:</span><u></u><u></u></h2>
<div>
<p class="MsoNormal"><span style="font-size:11.5pt;font-family:"Arial","sans-serif"">Determining the account quality/reputation of a user on a particular service and communicating that to others.</span><u></u><u></u></p>
</div>
<p class="MsoNormal"><u></u> <u></u></p>
<div>
<p class="MsoNormal"><span style="font-size:11.5pt;font-family:"Arial","sans-serif"">Definition of APIs and underlying mechanisms for connecting to, interacting with and operating centralized databases or intelligence clearinghouses when these are used to communicate
 security events between account providers.</span><u></u><u></u></p>
</div>
<p class="MsoNormal"><u></u> <u></u></p>
<h2 style="margin-right:0in;margin-bottom:8.0pt;margin-left:0in">
<span style="font-size:13.0pt;font-family:"Trebuchet MS","sans-serif"">4) Proposed Deliverables</span><u></u><u></u></h2>
<div>
<p class="MsoNormal"><span style="font-size:11.5pt;font-family:"Arial","sans-serif"">The group proposes the following
<b>Non-Specification</b> deliverables:</span><u></u><u></u></p>
</div>
<p class="MsoNormal"><u></u> <u></u></p>
<div style="margin-left:.5in">
<p class="MsoNormal"><b><span style="font-size:11.5pt;font-family:"Arial","sans-serif"">Security Event and Account Lifecycle Schema</span></b><u></u><u></u></p>
</div>
<div>
<p class="MsoNormal" style="margin-left:1.0in;vertical-align:baseline">
<u></u><span style="font-size:10.0pt;font-family:Symbol"><span>·<span style="font:7.0pt "Times New Roman"">       
</span></span></span><u></u><span style="font-size:11.5pt;font-family:"Arial","sans-serif"">A taxonomy of security events and a common set of semantics to express relevant information about a security event and its relationships to other relevant data, events
 or indicators. <u></u><u></u></span></p>
</div>
<p class="MsoNormal"><u></u> <u></u></p>
<div style="margin-left:.5in">
<p class="MsoNormal"><b><span style="font-size:11.5pt;font-family:"Arial","sans-serif"">Security Event Privacy Guidelines</span></b><u></u><u></u></p>
</div>
<div style="margin-left:.5in">
<p class="MsoNormal"><span style="font-size:11.5pt;font-family:"Arial","sans-serif"">A set of recommendations on how to minimize the privacy impact on users and service providers while improving security, and how to provide appropriate privacy disclosures,
 labeling and access control guidelines around information in the Security Event Schema.
</span><u></u><u></u></p>
</div>
<p class="MsoNormal"><u></u> <u></u></p>
<div style="margin-left:.5in">
<p class="MsoNormal"><b><span style="font-size:11.5pt;font-family:"Arial","sans-serif"">Trust Framework</span></b><u></u><u></u></p>
</div>
<div style="margin-left:.5in">
<p class="MsoNormal"><span style="font-size:11.5pt;font-family:"Arial","sans-serif"">A trust framework defining roles and responsibilities of parties sharing user security event information</span><u></u><u></u></p>
</div>
<p class="MsoNormal"><u></u> <u></u></p>
<div>
<p class="MsoNormal"><span style="font-size:11.5pt;font-family:"Arial","sans-serif"">The group proposes the following
<b>Specification </b>deliverables:</span><u></u><u></u></p>
</div>
<p class="MsoNormal"><u></u> <u></u></p>
<div style="margin-left:.5in">
<p class="MsoNormal"><b><span style="font-size:11.5pt;font-family:"Arial","sans-serif"">Communications Mechanisms</span></b><u></u><u></u></p>
</div>
<div style="margin-left:.5in">
<p class="MsoNormal"><span style="font-size:11.5pt;font-family:"Arial","sans-serif"">Define bindings for the event messages to an already existing transport protocol to promote interoperability of sending event information to another Service Provider. This
 will allow a Service Provider to implement a single piece of infrastructure that would be able to send or receive event information to any other service provider.
</span><u></u><u></u></p>
</div>
<p class="MsoNormal"><u></u> <u></u></p>
<div>
<p class="MsoNormal"><b><span style="font-size:11.5pt;font-family:"Arial","sans-serif"">Order of Deliverables</span></b><u></u><u></u></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:11.5pt;font-family:"Arial","sans-serif"">The group will work to produce the Security Event and Account Lifecycle Schema before beginning work on the Communications Mechanism or Trust Framework.</span><u></u><u></u></p>
</div>
<p class="MsoNormal"><u></u> <u></u></p>
<h2 style="margin-right:0in;margin-bottom:8.0pt;margin-left:0in">
<span style="font-size:13.0pt;font-family:"Trebuchet MS","sans-serif"">5) Anticipated audience or users</span><u></u><u></u></h2>
<div>
<ul type="disc">
<li class="MsoNormal" style="vertical-align:baseline">
<span style="font-size:11.5pt;font-family:"Arial","sans-serif"">Service Providers who manage their own account systems which require an email address or phone number for registration.<u></u><u></u></span></li></ul>
</div>
<div>
<ul type="disc">
<li class="MsoNormal" style="vertical-align:baseline">
<span style="font-size:11.5pt;font-family:"Arial","sans-serif"">Account and email providers that understand key security events that happen to a user’s account.<u></u><u></u></span></li></ul>
</div>
<div>
<ul type="disc">
<li class="MsoNormal" style="vertical-align:baseline">
<span style="font-size:11.5pt;font-family:"Arial","sans-serif"">Identity as a Service (IDaaS) vendors that manage account and authentication systems for their customers.<u></u><u></u></span></li></ul>
</div>
<div>
<ul type="disc">
<li class="MsoNormal" style="vertical-align:baseline">
<span style="font-size:11.5pt;font-family:"Arial","sans-serif"">Users seeking to regain control of a compromised account.<u></u><u></u></span></li></ul>
</div>
<p class="MsoNormal"><u></u> <u></u></p>
<h2 style="margin-right:0in;margin-bottom:8.0pt;margin-left:0in">
<span style="font-size:13.0pt;font-family:"Trebuchet MS","sans-serif"">6) Language</span><u></u><u></u></h2>
<div>
<p class="MsoNormal"><span style="font-size:11.5pt;font-family:"Arial","sans-serif"">English</span><u></u><u></u></p>
</div>
<p class="MsoNormal"><u></u> <u></u></p>
<h2 style="margin-right:0in;margin-bottom:8.0pt;margin-left:0in">
<span style="font-size:13.0pt;font-family:"Trebuchet MS","sans-serif"">7) Method of work:</span><u></u><u></u></h2>
<p class="MsoNormal" style="margin-bottom:8.0pt"><span style="font-size:11.5pt;font-family:"Arial","sans-serif"">E-mail discussions on the working group mailing list, working group conference calls, and face-to-face meetings from time to time.</span><u></u><u></u></p>
<p class="MsoNormal"><u></u> <u></u></p>
<h2 style="margin-right:0in;margin-bottom:8.0pt;margin-left:0in">
<span style="font-size:13.0pt;font-family:"Trebuchet MS","sans-serif"">8) Basis for determining when the work is completed:</span><u></u><u></u></h2>
<p class="MsoNormal" style="margin-bottom:8.0pt"><span style="font-size:11.5pt;font-family:"Arial","sans-serif"">Rough consensus and running code. The work will be completed once it is apparent that maximal consensus on the draft has been achieved, consistent
 with the purpose and scope.</span><u></u><u></u></p>
<p class="MsoNormal"><u></u> <u></u></p>
<h2 style="margin-right:0in;margin-bottom:8.0pt;margin-left:0in">
<span style="font-size:13.0pt;font-family:"Trebuchet MS","sans-serif"">Background information</span><u></u><u></u></h2>
<p class="MsoNormal"><u></u> <u></u></p>
<h2 style="margin-right:0in;margin-bottom:8.0pt;margin-left:0in">
<span style="font-size:13.0pt;font-family:"Trebuchet MS","sans-serif"">Related work:</span><u></u><u></u></h2>
<div>
<ul type="disc">
<li class="MsoNormal" style="vertical-align:baseline">
<span style="font-size:11.5pt;font-family:"Arial","sans-serif"">RFC6545 Real-time Inter-network Defense (RID)<u></u><u></u></span></li></ul>
</div>
<div>
<ul type="disc">
<li class="MsoNormal" style="vertical-align:baseline">
<span style="font-size:11.5pt;font-family:"Arial","sans-serif"">RFC6546 Transport of Real-time Inter-network Defense (RID) Messages over HTTP/TLS<u></u><u></u></span></li></ul>
</div>
<div>
<ul type="disc">
<li class="MsoNormal" style="vertical-align:baseline">
<span style="font-size:11.5pt;font-family:"Arial","sans-serif"">RFC6684 Guidelines and Template for Defining Extensions to the Incident Object Description Exchange Format (IODEF)<u></u><u></u></span></li></ul>
</div>
<div>
<ul type="disc">
<li class="MsoNormal" style="vertical-align:baseline">
<span style="font-size:11.5pt;font-family:"Arial","sans-serif"">draft-ietf-mile-rolie Resource-Oriented Lightweight Indicator Exchange
<u></u><u></u></span></li></ul>
</div>
<div>
<ul type="disc">
<li class="MsoNormal" style="vertical-align:baseline">
<span style="font-size:11.5pt;font-family:"Arial","sans-serif"">ISO/IEC 27002:2013  Information technology — Security techniques — Code of practice for information security controls<u></u><u></u></span></li></ul>
</div>
<div>
<ul type="disc">
<li class="MsoNormal" style="vertical-align:baseline">
<span style="font-size:11.5pt;font-family:"Arial","sans-serif"">ISO/IEC 27035:2011 Information technology — Security techniques — Information security incident management<u></u><u></u></span></li></ul>
</div>
<p class="MsoNormal" style="margin-bottom:12.0pt"><u></u> <u></u></p>
<h2 style="margin-right:0in;margin-bottom:8.0pt;margin-left:0in">
<span style="font-size:13.0pt;font-family:"Trebuchet MS","sans-serif"">Proposers</span><u></u><u></u></h2>
<div>
<ul type="disc">
<li class="MsoNormal" style="vertical-align:baseline">
<span style="font-size:11.5pt;font-family:"Arial","sans-serif"">Adam Dawes, Google
<u></u><u></u></span></li></ul>
</div>
<div>
<ul type="disc">
<li class="MsoNormal" style="vertical-align:baseline">
<span style="font-size:11.5pt;font-family:"Arial","sans-serif"">Mark Risher, Google<u></u><u></u></span></li></ul>
</div>
<div>
<ul type="disc">
<li class="MsoNormal" style="vertical-align:baseline">
<span style="font-size:11.5pt;font-family:"Arial","sans-serif"">Trent Adams, Paypal<u></u><u></u></span></li></ul>
</div>
<div>
<ul type="disc">
<li class="MsoNormal" style="vertical-align:baseline">
<span style="font-size:11.5pt;font-family:"Arial","sans-serif"">George Fletcher, AOL<u></u><u></u></span></li></ul>
</div>
<div>
<ul type="disc">
<li class="MsoNormal" style="vertical-align:baseline">
<span style="font-size:11.5pt;font-family:"Arial","sans-serif"">Andrew Nash, Confyrm<u></u><u></u></span></li></ul>
</div>
<div>
<ul type="disc">
<li class="MsoNormal" style="vertical-align:baseline">
<span style="font-size:11.5pt;font-family:"Arial","sans-serif"">Nat Sakimura, Nomura Research Institute<u></u><u></u></span></li></ul>
</div>
<div>
<ul type="disc">
<li class="MsoNormal" style="vertical-align:baseline">
<span style="font-size:11.5pt;font-family:"Arial","sans-serif"">John Bradley, Ping Identity<u></u><u></u></span></li></ul>
</div>
<ul style="margin-top:0in" type="disc">
<li class="MsoNormal" style="margin-bottom:8.0pt;vertical-align:baseline">
<span style="font-size:11.5pt;font-family:"Arial","sans-serif"">Henrik Biering, Peercraft<u></u><u></u></span></li></ul>
<h2 style="margin-right:0in;margin-bottom:8.0pt;margin-left:0in">
<span style="font-size:13.0pt;font-family:"Trebuchet MS","sans-serif"">Anticipated contributions:</span><u></u><u></u></h2>
<p class="MsoNormal"><span style="font-size:11.5pt;font-family:"Arial","sans-serif"">“Security event reporting between Service Providers 1.0” under the
</span><a href="https://urldefense.proofpoint.com/v2/url?u=http-3A__openid.net_intellectual-2Dproperty_&d=AwMF_g&c=Sqcl0Ez6M0X8aeM67LKIiDJAXVeAw-YihVMNtXt-uEs&r=PDGu4NI-duocVzLKrMLVZV9ccYh2Q-1cXto7c2DRReM&m=IR5tru86Ihv2g1IjtatpVdYMQcw52SU4UWhhLzaHxts&s=zsaUoprw8-hewGW9RwEVxCJdDksLM2tfwwQC40jny3Q&e=" target="_blank"><span style="font-size:11.5pt;font-family:"Arial","sans-serif"">OpenID
 Foundation’s IPR Policy</span></a><span style="font-size:11.5pt;font-family:"Arial","sans-serif"">.</span><u></u><u></u></p>
</div>
</div>
<div>
<p class="MsoNormal"><u></u> <u></u></p>
<div>
<p class="MsoNormal">On Thu, Feb 26, 2015 at 10:36 PM, Adam Dawes <<a href="mailto:adawes@google.com" target="_blank">adawes@google.com</a>> wrote:<u></u><u></u></p>
<div>
<p class="MsoNormal">I'm resubmitting back under the name of AATOC since Linked In has already executed an IPR with that name as well as adding the Trust Framework deliverable. 
<u></u><u></u></p>
<div>
<p class="MsoNormal"><u></u> <u></u></p>
</div>
<div>
<h2 align="center" style="margin-right:0in;margin-bottom:8.0pt;margin-left:0in;text-align:center">
<span style="font-size:13.0pt;font-family:"Trebuchet MS","sans-serif"">AATOC Charter</span><u></u><u></u></h2>
<p class="MsoNormal"><u></u> <u></u></p>
<h2 style="margin-right:0in;margin-bottom:8.0pt;margin-left:0in">
<span style="font-size:13.0pt;font-family:"Trebuchet MS","sans-serif"">1) Working Group name:
</span><u></u><u></u></h2>
<p class="MsoNormal" style="margin-bottom:8.0pt"><span style="font-size:11.5pt;font-family:"Arial","sans-serif"">Abuse and Account Take-Over Coordination Working Group (AATOC Working Group)</span><u></u><u></u></p>
<h2 style="margin-right:0in;margin-bottom:8.0pt;margin-left:0in">
<span style="font-size:13.0pt;font-family:"Trebuchet MS","sans-serif"">2) Purpose</span><u></u><u></u></h2>
<div>
<p class="MsoNormal"><span style="font-size:11.5pt;font-family:"Arial","sans-serif"">The goal of AATOC is to provide data sharing schemas, privacy recommendations and protocols to:</span><u></u><u></u></p>
</div>
<p class="MsoNormal"><u></u> <u></u></p>
<div>
<ul type="disc">
<li class="MsoNormal" style="vertical-align:baseline">
<span style="font-size:11.5pt;font-family:"Arial","sans-serif"">Share information about important security events in order to thwart attackers from leveraging compromised accounts from one Service Provider to gain access to accounts on other Service Providers
 (mobile or web application developers and owners). <u></u><u></u></span></li></ul>
</div>
<div>
<ul type="disc">
<li class="MsoNormal" style="vertical-align:baseline">
<span style="font-size:11.5pt;font-family:"Arial","sans-serif"">Enable users and providers to coordinate in order to securely restore accounts following a compromise.<u></u><u></u></span></li></ul>
</div>
<p class="MsoNormal"><u></u> <u></u></p>
<div>
<p class="MsoNormal"><span style="font-size:11.5pt;font-family:"Arial","sans-serif"">Internet accounts that use email addresses or phone numbers as the primary identifier for the account will be the initial focus.
</span><u></u><u></u></p>
</div>
<h2 style="margin-right:0in;margin-bottom:8.0pt;margin-left:0in">
<span style="font-size:13.0pt;font-family:"Trebuchet MS","sans-serif"">3) Scope</span><u></u><u></u></h2>
<div>
<p class="MsoNormal"><span style="font-size:11.5pt;font-family:"Arial","sans-serif"">The group will define:</span><u></u><u></u></p>
</div>
<div>
<ul type="disc">
<li class="MsoNormal" style="vertical-align:baseline">
<b><span style="font-size:11.5pt;font-family:"Arial","sans-serif"">Security events</span></b><span style="font-size:11.5pt;font-family:"Arial","sans-serif""><br>
These are events – whether directly authentication-related or occurring at another time in the user flow – that take place on one service that could also have security implications on other Service Providers. The group will develop a taxonomy of security events
 and a common set of semantics to express relevant information about a security event.<br>
<br>
<br>
<u></u><u></u></span></li></ul>
</div>
<div>
<ul type="disc">
<li class="MsoNormal" style="vertical-align:baseline">
<b><span style="font-size:11.5pt;font-family:"Arial","sans-serif"">Privacy Implications</span></b><span style="font-size:11.5pt;font-family:"Arial","sans-serif""><br>
Sharing security information amongst providers has potential privacy implications for both end users and service providers. These privacy implications must be balanced against the recognized benefits of protecting users’ accounts and data from abuse.  The group
 will consider ways to optimize this balance when defining mechanisms to handle the various security events and recommend best practices for the industry.<u></u><u></u></span></li></ul>
</div>
<p class="MsoNormal"><u></u> <u></u></p>
<div>
<ul type="disc">
<li class="MsoNormal" style="vertical-align:baseline">
<b><span style="font-size:11.5pt;font-family:"Arial","sans-serif"">Communications mechanisms</span></b><span style="font-size:11.5pt;font-family:"Arial","sans-serif""><br>
Define bindings for the use of an existing transport protocol defined elsewhere.<u></u><u></u></span></li></ul>
</div>
<p class="MsoNormal"><u></u> <u></u></p>
<div>
<ul type="disc">
<li class="MsoNormal" style="vertical-align:baseline">
<b><span style="font-size:11.5pt;font-family:"Arial","sans-serif"">Event schema</span></b><span style="font-size:11.5pt;font-family:"Arial","sans-serif""><br>
Define a schema describing relevant events and relationships to allow for dissemination between interested and authorized parties.  <br>
<br>
<br>
<u></u><u></u></span></li></ul>
</div>
<div>
<ul type="disc">
<li class="MsoNormal" style="vertical-align:baseline">
<b><span style="font-size:11.5pt;font-family:"Arial","sans-serif"">Trust Frameworks</span></b><span style="font-size:11.5pt;font-family:"Arial","sans-serif""><br>
Define at least one model for the conditions under which information would be shared.
<u></u><u></u></span></li></ul>
</div>
<p class="MsoNormal"><u></u> <u></u></p>
<div>
<ul type="disc">
<li class="MsoNormal" style="vertical-align:baseline">
<b><span style="font-size:11.5pt;font-family:"Arial","sans-serif"">Account recovery mechanisms<u></u><u></u></span></b></li></ul>
</div>
<div style="margin-left:.5in">
<p class="MsoNormal"><span style="font-size:11.5pt;font-family:"Arial","sans-serif"">Standardized mechanism(s) to allow providers to signal that a user has regained control of an account, or allow a user to explicitly restore control of a previously compromised
 account, with or without direct user involvement.</span><u></u><u></u></p>
</div>
<h2 style="margin-right:0in;margin-bottom:8.0pt;margin-left:0in">
<span style="font-size:13.0pt;font-family:"Trebuchet MS","sans-serif"">Out of scope:</span><u></u><u></u></h2>
<div>
<p class="MsoNormal"><span style="font-size:11.5pt;font-family:"Arial","sans-serif"">Determining the account quality/reputation of a user on a particular service and communicating that to others.</span><u></u><u></u></p>
</div>
<p class="MsoNormal"><u></u> <u></u></p>
<div>
<p class="MsoNormal"><span style="font-size:11.5pt;font-family:"Arial","sans-serif"">Definition of APIs and underlying mechanisms for connecting to, interacting with and operating centralized databases or intelligence clearinghouses when these are used to communicate
 security events between account providers.</span><u></u><u></u></p>
</div>
<p class="MsoNormal"><u></u> <u></u></p>
<h2 style="margin-right:0in;margin-bottom:8.0pt;margin-left:0in">
<span style="font-size:13.0pt;font-family:"Trebuchet MS","sans-serif"">4) Proposed Deliverables</span><u></u><u></u></h2>
<div>
<p class="MsoNormal"><span style="font-size:11.5pt;font-family:"Arial","sans-serif"">The group proposes the following
<b>Non-Specification</b> deliverables:</span><u></u><u></u></p>
</div>
<p class="MsoNormal"><u></u> <u></u></p>
<div style="margin-left:.5in">
<p class="MsoNormal"><b><span style="font-size:11.5pt;font-family:"Arial","sans-serif"">Security Event and Account Lifecycle Schema</span></b><u></u><u></u></p>
</div>
<div>
<p class="MsoNormal" style="margin-left:1.0in;vertical-align:baseline">
<u></u><span style="font-size:10.0pt;font-family:Symbol"><span>·<span style="font:7.0pt "Times New Roman"">       
</span></span></span><u></u><span style="font-size:11.5pt;font-family:"Arial","sans-serif"">A taxonomy of security events and a common set of semantics to express relevant information about a security event and its relationships to other relevant data, events
 or indicators. <u></u><u></u></span></p>
</div>
<p class="MsoNormal"><u></u> <u></u></p>
<div style="margin-left:.5in">
<p class="MsoNormal"><b><span style="font-size:11.5pt;font-family:"Arial","sans-serif"">Security Event Privacy Guidelines</span></b><u></u><u></u></p>
</div>
<div style="margin-left:.5in">
<p class="MsoNormal"><span style="font-size:11.5pt;font-family:"Arial","sans-serif"">A set of recommendations on how to minimize the privacy impact on users and service providers while improving security, and how to provide appropriate privacy disclosures,
 labeling and access control guidelines around information in the Security Event Schema.
</span><u></u><u></u></p>
</div>
<p class="MsoNormal"><u></u> <u></u></p>
<div style="margin-left:.5in">
<p class="MsoNormal"><b><span style="font-size:11.5pt;font-family:"Arial","sans-serif"">Trust Framework</span></b><u></u><u></u></p>
</div>
<div style="margin-left:.5in">
<p class="MsoNormal"><span style="font-size:11.5pt;font-family:"Arial","sans-serif"">A trust framework defining roles and responsibilities of parties sharing user security event information</span><u></u><u></u></p>
</div>
<p class="MsoNormal"><u></u> <u></u></p>
<div>
<p class="MsoNormal"><span style="font-size:11.5pt;font-family:"Arial","sans-serif"">The group proposes the following
<b>Specification </b>deliverables:</span><u></u><u></u></p>
</div>
<p class="MsoNormal"><u></u> <u></u></p>
<div style="margin-left:.5in">
<p class="MsoNormal"><b><span style="font-size:11.5pt;font-family:"Arial","sans-serif"">Communications Mechanisms</span></b><u></u><u></u></p>
</div>
<div style="margin-left:.5in">
<p class="MsoNormal"><span style="font-size:11.5pt;font-family:"Arial","sans-serif"">Define bindings for the event messages to an already existing transport protocol to promote interoperability of sending event information to another Service Provider. This
 will allow a Service Provider to implement a single piece of infrastructure that would be able to send or receive event information to any other service provider.
</span><u></u><u></u></p>
</div>
<p class="MsoNormal"><u></u> <u></u></p>
<div>
<p class="MsoNormal"><b><span style="font-size:11.5pt;font-family:"Arial","sans-serif"">Order of Deliverables</span></b><u></u><u></u></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:11.5pt;font-family:"Arial","sans-serif"">The group will work to produce the Security Event and Account Lifecycle Schema before beginning work on the Communications Mechanism or Trust Framework.</span><u></u><u></u></p>
</div>
<div>
<div>
<p class="MsoNormal"><u></u> <u></u></p>
<h2 style="margin-right:0in;margin-bottom:8.0pt;margin-left:0in">
<span style="font-size:13.0pt;font-family:"Trebuchet MS","sans-serif"">5) Anticipated audience or users</span><u></u><u></u></h2>
<div>
<ul type="disc">
<li class="MsoNormal" style="vertical-align:baseline">
<span style="font-size:11.5pt;font-family:"Arial","sans-serif"">Service Providers who manage their own account systems which require an email address or phone number for registration.<u></u><u></u></span></li></ul>
</div>
<div>
<ul type="disc">
<li class="MsoNormal" style="vertical-align:baseline">
<span style="font-size:11.5pt;font-family:"Arial","sans-serif"">Account and email providers that understand key security events that happen to a user’s account.<u></u><u></u></span></li></ul>
</div>
<div>
<ul type="disc">
<li class="MsoNormal" style="vertical-align:baseline">
<span style="font-size:11.5pt;font-family:"Arial","sans-serif"">Identity as a Service (IDaaS) vendors that manage account and authentication systems for their customers.<u></u><u></u></span></li></ul>
</div>
<div>
<ul type="disc">
<li class="MsoNormal" style="vertical-align:baseline">
<span style="font-size:11.5pt;font-family:"Arial","sans-serif"">Users seeking to regain control of a compromised account.<u></u><u></u></span></li></ul>
</div>
<p class="MsoNormal"><u></u> <u></u></p>
<h2 style="margin-right:0in;margin-bottom:8.0pt;margin-left:0in">
<span style="font-size:13.0pt;font-family:"Trebuchet MS","sans-serif"">6) Language</span><u></u><u></u></h2>
<div>
<p class="MsoNormal"><span style="font-size:11.5pt;font-family:"Arial","sans-serif"">English</span><u></u><u></u></p>
</div>
<p class="MsoNormal"><u></u> <u></u></p>
<h2 style="margin-right:0in;margin-bottom:8.0pt;margin-left:0in">
<span style="font-size:13.0pt;font-family:"Trebuchet MS","sans-serif"">7) Method of work:</span><u></u><u></u></h2>
<p class="MsoNormal" style="margin-bottom:8.0pt"><span style="font-size:11.5pt;font-family:"Arial","sans-serif"">E-mail discussions on the working group mailing list, working group conference calls, and face-to-face meetings from time to time.</span><u></u><u></u></p>
<p class="MsoNormal"><u></u> <u></u></p>
<h2 style="margin-right:0in;margin-bottom:8.0pt;margin-left:0in">
<span style="font-size:13.0pt;font-family:"Trebuchet MS","sans-serif"">8) Basis for determining when the work is completed:</span><u></u><u></u></h2>
<p class="MsoNormal" style="margin-bottom:8.0pt"><span style="font-size:11.5pt;font-family:"Arial","sans-serif"">Rough consensus and running code. The work will be completed once it is apparent that maximal consensus on the draft has been achieved, consistent
 with the purpose and scope.</span><u></u><u></u></p>
<p class="MsoNormal"><u></u> <u></u></p>
<h2 style="margin-right:0in;margin-bottom:8.0pt;margin-left:0in">
<span style="font-size:13.0pt;font-family:"Trebuchet MS","sans-serif"">Background information</span><u></u><u></u></h2>
<p class="MsoNormal"><u></u> <u></u></p>
<h2 style="margin-right:0in;margin-bottom:8.0pt;margin-left:0in">
<span style="font-size:13.0pt;font-family:"Trebuchet MS","sans-serif"">Related work:</span><u></u><u></u></h2>
<div>
<ul type="disc">
<li class="MsoNormal" style="vertical-align:baseline">
<span style="font-size:11.5pt;font-family:"Arial","sans-serif"">RFC6545 Real-time Inter-network Defense (RID)<u></u><u></u></span></li></ul>
</div>
<div>
<ul type="disc">
<li class="MsoNormal" style="vertical-align:baseline">
<span style="font-size:11.5pt;font-family:"Arial","sans-serif"">RFC6546 Transport of Real-time Inter-network Defense (RID) Messages over HTTP/TLS<u></u><u></u></span></li></ul>
</div>
<div>
<ul type="disc">
<li class="MsoNormal" style="vertical-align:baseline">
<span style="font-size:11.5pt;font-family:"Arial","sans-serif"">RFC6684 Guidelines and Template for Defining Extensions to the Incident Object Description Exchange Format (IODEF)<u></u><u></u></span></li></ul>
</div>
<div>
<ul type="disc">
<li class="MsoNormal" style="vertical-align:baseline">
<span style="font-size:11.5pt;font-family:"Arial","sans-serif"">draft-ietf-mile-rolie Resource-Oriented Lightweight Indicator Exchange
<u></u><u></u></span></li></ul>
</div>
<div>
<ul type="disc">
<li class="MsoNormal" style="vertical-align:baseline">
<span style="font-size:11.5pt;font-family:"Arial","sans-serif"">ISO/IEC 27002:2013  Information technology — Security techniques — Code of practice for information security controls<u></u><u></u></span></li></ul>
</div>
<div>
<ul type="disc">
<li class="MsoNormal" style="vertical-align:baseline">
<span style="font-size:11.5pt;font-family:"Arial","sans-serif"">ISO/IEC 27035:2011 Information technology — Security techniques — Information security incident management<u></u><u></u></span></li></ul>
</div>
<p class="MsoNormal" style="margin-bottom:12.0pt"><u></u> <u></u></p>
<h2 style="margin-right:0in;margin-bottom:8.0pt;margin-left:0in">
<span style="font-size:13.0pt;font-family:"Trebuchet MS","sans-serif"">Proposers</span><u></u><u></u></h2>
<div>
<ul type="disc">
<li class="MsoNormal" style="vertical-align:baseline">
<span style="font-size:11.5pt;font-family:"Arial","sans-serif"">Adam Dawes, Google
<u></u><u></u></span></li></ul>
</div>
<div>
<ul type="disc">
<li class="MsoNormal" style="vertical-align:baseline">
<span style="font-size:11.5pt;font-family:"Arial","sans-serif"">Mark Risher, Google<u></u><u></u></span></li></ul>
</div>
<div>
<ul type="disc">
<li class="MsoNormal" style="vertical-align:baseline">
<span style="font-size:11.5pt;font-family:"Arial","sans-serif"">Trent Adams, Paypal<u></u><u></u></span></li></ul>
</div>
<div>
<ul type="disc">
<li class="MsoNormal" style="vertical-align:baseline">
<span style="font-size:11.5pt;font-family:"Arial","sans-serif"">George Fletcher, AOL<u></u><u></u></span></li></ul>
</div>
<div>
<ul type="disc">
<li class="MsoNormal" style="vertical-align:baseline">
<span style="font-size:11.5pt;font-family:"Arial","sans-serif"">Andrew Nash, Confyrm<u></u><u></u></span></li></ul>
</div>
<div>
<ul type="disc">
<li class="MsoNormal" style="vertical-align:baseline">
<span style="font-size:11.5pt;font-family:"Arial","sans-serif"">Nat Sakimura, Nomura Research Institute<u></u><u></u></span></li></ul>
</div>
<div>
<ul type="disc">
<li class="MsoNormal" style="vertical-align:baseline">
<span style="font-size:11.5pt;font-family:"Arial","sans-serif"">John Bradley, Ping Identity<u></u><u></u></span></li></ul>
</div>
<ul style="margin-top:0in" type="disc">
<li class="MsoNormal" style="margin-bottom:8.0pt;vertical-align:baseline">
<span style="font-size:11.5pt;font-family:"Arial","sans-serif"">Henrik Biering, Peercraft<u></u><u></u></span></li></ul>
<h2 style="margin-right:0in;margin-bottom:8.0pt;margin-left:0in">
<span style="font-size:13.0pt;font-family:"Trebuchet MS","sans-serif"">Anticipated contributions:</span><u></u><u></u></h2>
<div>
<p class="MsoNormal"><span style="font-size:11.5pt;font-family:"Arial","sans-serif"">“Security event reporting between Service Providers 1.0” under the
</span><a href="https://urldefense.proofpoint.com/v2/url?u=http-3A__openid.net_intellectual-2Dproperty_&d=AwMF_g&c=Sqcl0Ez6M0X8aeM67LKIiDJAXVeAw-YihVMNtXt-uEs&r=PDGu4NI-duocVzLKrMLVZV9ccYh2Q-1cXto7c2DRReM&m=IR5tru86Ihv2g1IjtatpVdYMQcw52SU4UWhhLzaHxts&s=zsaUoprw8-hewGW9RwEVxCJdDksLM2tfwwQC40jny3Q&e=" target="_blank"><span style="font-size:11.5pt;font-family:"Arial","sans-serif"">OpenID
 Foundation’s IPR Policy</span></a><span style="font-size:11.5pt;font-family:"Arial","sans-serif"">.</span><u></u><u></u></p>
</div>
<p class="MsoNormal"><u></u> <u></u></p>
</div>
</div>
</div>
</div>
<div>
<p class="MsoNormal"><u></u> <u></u></p>
<div>
<p class="MsoNormal">On Thu, Feb 26, 2015 at 2:06 PM, John Bradley <<a href="mailto:ve7jtb@ve7jtb.com" target="_blank">ve7jtb@ve7jtb.com</a>> wrote:<u></u><u></u></p>
<div>
<div>
<blockquote style="border:none;border-left:solid #cccccc 1.0pt;padding:0in 0in 0in 6.0pt;margin-left:4.8pt;margin-right:0in">
<div>
<div>
<p class="MsoNormal">You can start joining the Friday calls now. <u></u><u></u></p>
</div>
<div>
<p class="MsoNormal"><u></u> <u></u></p>
</div>
<div>
<p class="MsoNormal">We need to finalize the charter before people need to worry about signing the WG IPR.  <br>
<br>
Sent from my iPhone<u></u><u></u></p>
</div>
<div>
<div>
<div>
<p class="MsoNormal" style="margin-bottom:12.0pt"><br>
On Feb 26, 2015, at 4:56 PM, Chuck Mortimore <<a href="mailto:cmortimore@salesforce.com" target="_blank">cmortimore@salesforce.com</a>> wrote:<u></u><u></u></p>
</div>
<blockquote style="margin-top:5.0pt;margin-bottom:5.0pt">
<div>
<div>
<p class="MsoNormal">Our incident response team want's to participate.    Should we just wait for the mailing list, or is there a way to get working on the agreement?<u></u><u></u></p>
</div>
<div>
<p class="MsoNormal"><u></u> <u></u></p>
<div>
<p class="MsoNormal">On Thu, Feb 26, 2015 at 8:30 AM, Mike Jones <<a href="mailto:Michael.Jones@microsoft.com" target="_blank">Michael.Jones@microsoft.com</a>> wrote:<u></u><u></u></p>
<div>
<div>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d">I’d hold off posting it until the working group has been created.  Given that the intent is clear,
 I’m OK with accepting the agreement as-is, but would defer to others if they’d prefer that it be revised before being posted.</span><u></u><u></u></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d"> </span><u></u><u></u></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d">Out of curiosity, who was the agreement from?</span><u></u><u></u></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d"> </span><u></u><u></u></p>
<div>
<div style="border:none;border-top:solid #b5c4df 1.0pt;padding:3.0pt 0in 0in 0in">
<p class="MsoNormal"><b><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif"">From:</span></b><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif""> specs-council [mailto:<a href="mailto:openid-specs-council-bounces@lists.openid.net" target="_blank">openid-specs-council-bounces@lists.openid.net</a>]
<b>On Behalf Of </b>John Ehrig<br>
<b>Sent:</b> Thursday, February 26, 2015 7:00 AM<br>
<b>To:</b> Adam Dawes; Andrew Nash<br>
<b>Cc:</b> John Bradley; Nat Sakimura; Ashish Jain; <a href="mailto:openid-specs-council@lists.openid.net" target="_blank">
openid-specs-council@lists.openid.net</a>; <a href="mailto:aatoc@googlegroups.com" target="_blank">
aatoc@googlegroups.com</a><br>
<b>Subject:</b> Re: [OIDFSC] AATOC Working Group Charter</span><u></u><u></u></p>
</div>
</div>
<p class="MsoNormal"> <u></u><u></u></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d">Hi All,</span><u></u><u></u></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d"> </span><u></u><u></u></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d">I have already received a contribution agreement for this WG (under the “old” name, however) (see
 attached).  Can we accept it under the old name., should I go ahead and post it to the website now, or should I wait until the WG is actually approved?</span><u></u><u></u></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d"> </span><u></u><u></u></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d">Please let me know.</span><u></u><u></u></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d"> </span><u></u><u></u></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d">Thanks!</span><u></u><u></u></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d"> </span><u></u><u></u></p>
<p class="MsoNormal"><b><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif"">From:</span></b><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif""> specs-council [<a href="mailto:openid-specs-council-bounces@lists.openid.net" target="_blank">mailto:openid-specs-council-bounces@lists.openid.net</a>]
<b>On Behalf Of </b>Adam Dawes<br>
<b>Sent:</b> Thursday, February 26, 2015 1:06 AM<br>
<b>To:</b> Andrew Nash<br>
<b>Cc:</b> John Bradley; <a href="mailto:openid-specs-council@lists.openid.net" target="_blank">
openid-specs-council@lists.openid.net</a>; Ashish Jain; Nat Sakimura; <a href="mailto:aatoc@googlegroups.com" target="_blank">
aatoc@googlegroups.com</a><br>
<b>Subject:</b> Re: [OIDFSC] AATOC Working Group Charter</span><u></u><u></u></p>
<p class="MsoNormal"> <u></u><u></u></p>
<div>
<p class="MsoNormal">Okay, I've revised the charter, with a new name, USESC (I couldn't fathom losing the "O" in AATOC). It doesn't have quite the ring but it's a bit more general which is useful since
 I think what will be produced will have uses beyond abuse and account takeovers. I've also included a deliverable on trust frameworks.<u></u><u></u></p>
<div>
<p class="MsoNormal"> <u></u><u></u></p>
</div>
<div>
<p class="MsoNormal">Here it is:<u></u><u></u></p>
</div>
<div>
<h2 align="center" style="margin-bottom:8.0pt;text-align:center"><span style="font-size:13.0pt;font-family:"Trebuchet MS","sans-serif"">USESC Charter</span><u></u><u></u></h2>
<p class="MsoNormal"> <u></u><u></u></p>
<h2 style="margin-bottom:8.0pt"><span style="font-size:13.0pt;font-family:"Trebuchet MS","sans-serif"">1) Working Group name:
</span><u></u><u></u></h2>
<p class="MsoNormal" style="margin-bottom:8.0pt"><span style="font-size:11.5pt;font-family:"Arial","sans-serif"">User Security Event Sharing and Coordination Working Group (USESC Working Group)</span><u></u><u></u></p>
<h2 style="margin-bottom:8.0pt"><span style="font-size:13.0pt;font-family:"Trebuchet MS","sans-serif"">2) Purpose</span><u></u><u></u></h2>
<div>
<p class="MsoNormal"><span style="font-size:11.5pt;font-family:"Arial","sans-serif"">The goal of USESC is to provide data sharing schemas, privacy recommendations and protocols to:</span><u></u><u></u></p>
</div>
<p class="MsoNormal"> <u></u><u></u></p>
<p class="MsoNormal" style="margin-left:.5in;vertical-align:baseline">
<span style="font-size:10.0pt">·</span><span style="font-size:7.0pt">        </span>
<span style="font-size:11.5pt;font-family:"Arial","sans-serif"">Share information about important security events related to user accounts in order to thwart attackers from leveraging compromised accounts from one Service Provider to gain access to accounts
 on other Service Providers (mobile or web application developers and owners). </span>
<u></u><u></u></p>
<p class="MsoNormal" style="margin-left:.5in;vertical-align:baseline">
<span style="font-size:10.0pt">·</span><span style="font-size:7.0pt">        </span>
<span style="font-size:11.5pt;font-family:"Arial","sans-serif"">Enable users and providers to coordinate in order to securely restore accounts following a compromise.</span><u></u><u></u></p>
<p class="MsoNormal"> <u></u><u></u></p>
<div>
<p class="MsoNormal"><span style="font-size:11.5pt;font-family:"Arial","sans-serif"">Internet accounts that use email addresses or phone numbers as the primary identifier for the account will be the initial focus.
</span><u></u><u></u></p>
</div>
<h2 style="margin-bottom:8.0pt"><span style="font-size:13.0pt;font-family:"Trebuchet MS","sans-serif"">3) Scope</span><u></u><u></u></h2>
<div>
<p class="MsoNormal"><span style="font-size:11.5pt;font-family:"Arial","sans-serif"">The group will define:</span><u></u><u></u></p>
</div>
<p class="MsoNormal" style="margin-bottom:12.0pt;margin-left:.5in;vertical-align:baseline">
<span style="font-size:10.0pt">·</span><span style="font-size:7.0pt">        </span>
<b><span style="font-size:11.5pt;font-family:"Arial","sans-serif"">Security events</span></b><span style="font-size:11.5pt;font-family:"Arial","sans-serif""><br>
These are events – whether directly authentication-related or occurring at another time in the user flow – that take place on one service that could also have security implications on other Service Providers. The group will develop a taxonomy of security events
 and a common set of semantics to express relevant information about a security event.</span><u></u><u></u></p>
<p class="MsoNormal" style="margin-left:.5in;vertical-align:baseline">
<span style="font-size:10.0pt">·</span><span style="font-size:7.0pt">        </span>
<b><span style="font-size:11.5pt;font-family:"Arial","sans-serif"">Privacy Implications</span></b><span style="font-size:11.5pt;font-family:"Arial","sans-serif""><br>
Sharing security information amongst providers has potential privacy implications for both end users and service providers. These privacy implications must be balanced against the recognized benefits of protecting users’ accounts and data from abuse.  The group
 will consider ways to optimize this balance when defining mechanisms to handle the various security events and recommend best practices for the industry.</span><u></u><u></u></p>
<p class="MsoNormal"> <u></u><u></u></p>
<p class="MsoNormal" style="margin-left:.5in;vertical-align:baseline">
<span style="font-size:10.0pt">·</span><span style="font-size:7.0pt">        </span>
<b><span style="font-size:11.5pt;font-family:"Arial","sans-serif"">Communications mechanisms</span></b><span style="font-size:11.5pt;font-family:"Arial","sans-serif""><br>
Define bindings for the use of an existing transport protocol defined elsewhere.</span><u></u><u></u></p>
<p class="MsoNormal"> <u></u><u></u></p>
<p class="MsoNormal" style="margin-bottom:12.0pt;margin-left:.5in;vertical-align:baseline">
<span style="font-size:10.0pt">·</span><span style="font-size:7.0pt">        </span>
<b><span style="font-size:11.5pt;font-family:"Arial","sans-serif"">Event schema</span></b><span style="font-size:11.5pt;font-family:"Arial","sans-serif""><br>
Define a schema describing relevant events and relationships to allow for dissemination between interested and authorized parties.  </span><u></u><u></u></p>
<p class="MsoNormal" style="margin-left:.5in;vertical-align:baseline">
<span style="font-size:10.0pt">·</span><span style="font-size:7.0pt">        </span>
<b><span style="font-size:11.5pt;font-family:"Arial","sans-serif"">Trust Frameworks</span></b><span style="font-size:11.5pt;font-family:"Arial","sans-serif""><br>
Define at least one model for the conditions under which information would be shared.
</span><u></u><u></u></p>
<p class="MsoNormal"> <u></u><u></u></p>
<p class="MsoNormal" style="margin-left:.5in;vertical-align:baseline">
<span style="font-size:10.0pt">·</span><span style="font-size:7.0pt">        </span>
<b><span style="font-size:11.5pt;font-family:"Arial","sans-serif"">Account recovery mechanisms</span></b><u></u><u></u></p>
<p class="MsoNormal" style="margin-left:.5in"><span style="font-size:11.5pt;font-family:"Arial","sans-serif"">Standardized mechanism(s) to allow providers to signal that a user has regained control of an account, or allow a user to explicitly
 restore control of a previously compromised account, with or without direct user involvement.</span><u></u><u></u></p>
<h2 style="margin-bottom:8.0pt"><span style="font-size:13.0pt;font-family:"Trebuchet MS","sans-serif"">Out of scope:</span><u></u><u></u></h2>
<div>
<p class="MsoNormal"><span style="font-size:11.5pt;font-family:"Arial","sans-serif"">Determining the account quality/reputation of a user on a particular service and communicating that to others.</span><u></u><u></u></p>
</div>
<p class="MsoNormal"> <u></u><u></u></p>
<div>
<p class="MsoNormal"><span style="font-size:11.5pt;font-family:"Arial","sans-serif"">Definition of APIs and underlying mechanisms for connecting to, interacting with and operating centralized databases or intelligence clearinghouses when these are used to communicate
 security events between account providers.</span><u></u><u></u></p>
</div>
<p class="MsoNormal"> <u></u><u></u></p>
<h2 style="margin-bottom:8.0pt"><span style="font-size:13.0pt;font-family:"Trebuchet MS","sans-serif"">4) Proposed Deliverables</span><u></u><u></u></h2>
<div>
<p class="MsoNormal"><span style="font-size:11.5pt;font-family:"Arial","sans-serif"">The group proposes the following
<b>Non-Specification</b> deliverables:</span><u></u><u></u></p>
</div>
<p class="MsoNormal"> <u></u><u></u></p>
<div>
<p class="MsoNormal"><b><span style="font-size:11.5pt;font-family:"Arial","sans-serif"">Security Event and Account Lifecycle Schema</span></b><u></u><u></u></p>
</div>
<p class="MsoNormal" style="margin-left:.5in;vertical-align:baseline">
<span style="font-size:10.0pt">·</span><span style="font-size:7.0pt">        </span>
<span style="font-size:11.5pt;font-family:"Arial","sans-serif"">A taxonomy of security events and a common set of semantics to express relevant information about a security event and its relationships to other relevant data, events or indicators.
</span><u></u><u></u></p>
<p class="MsoNormal"> <u></u><u></u></p>
<div>
<p class="MsoNormal"><b><span style="font-size:11.5pt;font-family:"Arial","sans-serif"">Security Event Privacy Guidelines</span></b><u></u><u></u></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:11.5pt;font-family:"Arial","sans-serif"">A set of recommendations on how to minimize the privacy impact on users and service providers while improving security, and how to provide appropriate privacy disclosures,
 labeling and access control guidelines around information in the Security Event Schema.
</span><u></u><u></u></p>
</div>
<p class="MsoNormal"> <u></u><u></u></p>
<div>
<p class="MsoNormal"><span style="font-size:11.5pt;font-family:"Arial","sans-serif"">The group proposes the following
<b>Specification </b>deliverables:</span><u></u><u></u></p>
</div>
<p class="MsoNormal"> <u></u><u></u></p>
<div>
<p class="MsoNormal"><b><span style="font-size:11.5pt;font-family:"Arial","sans-serif"">Communications Mechanisms</span></b><u></u><u></u></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:11.5pt;font-family:"Arial","sans-serif"">Define bindings for the event messages to an already existing transport protocol to promote interoperability of sending event information to another Service Provider. This
 will allow a Service Provider to implement a single piece of infrastructure that would be able to send or receive event information to any other service provider.
</span><u></u><u></u></p>
</div>
<p class="MsoNormal"> <u></u><u></u></p>
<div>
<p class="MsoNormal"><b><span style="font-size:11.5pt;font-family:"Arial","sans-serif"">Order of Deliverables</span></b><u></u><u></u></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:11.5pt;font-family:"Arial","sans-serif"">The group will work to produce the Security Event and Account Lifecycle Schema before beginning work on the Communications Mechanism.</span><u></u><u></u></p>
</div>
<p class="MsoNormal"> <u></u><u></u></p>
<h2 style="margin-bottom:8.0pt"><span style="font-size:13.0pt;font-family:"Trebuchet MS","sans-serif"">5) Anticipated audience or users</span><u></u><u></u></h2>
<p class="MsoNormal" style="margin-left:.5in;vertical-align:baseline">
<span style="font-size:10.0pt">·</span><span style="font-size:7.0pt">        </span>
<span style="font-size:11.5pt;font-family:"Arial","sans-serif"">Service Providers who manage their own account systems which require an email address or phone number for registration.</span><u></u><u></u></p>
<p class="MsoNormal" style="margin-left:.5in;vertical-align:baseline">
<span style="font-size:10.0pt">·</span><span style="font-size:7.0pt">        </span>
<span style="font-size:11.5pt;font-family:"Arial","sans-serif"">Account and email providers that understand key security events that happen to a user’s account.</span><u></u><u></u></p>
<p class="MsoNormal" style="margin-left:.5in;vertical-align:baseline">
<span style="font-size:10.0pt">·</span><span style="font-size:7.0pt">        </span>
<span style="font-size:11.5pt;font-family:"Arial","sans-serif"">Identity as a Service (IDaaS) vendors that manage account and authentication systems for their customers.</span><u></u><u></u></p>
<p class="MsoNormal" style="margin-left:.5in;vertical-align:baseline">
<span style="font-size:10.0pt">·</span><span style="font-size:7.0pt">        </span>
<span style="font-size:11.5pt;font-family:"Arial","sans-serif"">Users seeking to regain control of a compromised account.</span><u></u><u></u></p>
<p class="MsoNormal"> <u></u><u></u></p>
<h2 style="margin-bottom:8.0pt"><span style="font-size:13.0pt;font-family:"Trebuchet MS","sans-serif"">6) Language</span><u></u><u></u></h2>
<div>
<p class="MsoNormal"><span style="font-size:11.5pt;font-family:"Arial","sans-serif"">English</span><u></u><u></u></p>
</div>
<p class="MsoNormal"> <u></u><u></u></p>
<h2 style="margin-bottom:8.0pt"><span style="font-size:13.0pt;font-family:"Trebuchet MS","sans-serif"">7) Method of work:</span><u></u><u></u></h2>
<p class="MsoNormal" style="margin-bottom:8.0pt"><span style="font-size:11.5pt;font-family:"Arial","sans-serif"">E-mail discussions on the working group mailing list, working group conference calls, and face-to-face meetings from time
 to time.</span><u></u><u></u></p>
<p class="MsoNormal"> <u></u><u></u></p>
<h2 style="margin-bottom:8.0pt"><span style="font-size:13.0pt;font-family:"Trebuchet MS","sans-serif"">8) Basis for determining when the work is completed:</span><u></u><u></u></h2>
<p class="MsoNormal" style="margin-bottom:8.0pt"><span style="font-size:11.5pt;font-family:"Arial","sans-serif"">Rough consensus and running code. The work will be completed once it is apparent that maximal consensus on the draft has
 been achieved, consistent with the purpose and scope.</span><u></u><u></u></p>
<p class="MsoNormal"> <u></u><u></u></p>
<h2 style="margin-bottom:8.0pt"><span style="font-size:13.0pt;font-family:"Trebuchet MS","sans-serif"">Background information</span><u></u><u></u></h2>
<p class="MsoNormal"> <u></u><u></u></p>
<h2 style="margin-bottom:8.0pt"><span style="font-size:13.0pt;font-family:"Trebuchet MS","sans-serif"">Related work:</span><u></u><u></u></h2>
<p class="MsoNormal" style="margin-left:.5in;vertical-align:baseline">
<span style="font-size:10.0pt">·</span><span style="font-size:7.0pt">        </span>
<span style="font-size:11.5pt;font-family:"Arial","sans-serif"">RFC6545 Real-time Inter-network Defense (RID)</span><u></u><u></u></p>
<p class="MsoNormal" style="margin-left:.5in;vertical-align:baseline">
<span style="font-size:10.0pt">·</span><span style="font-size:7.0pt">        </span>
<span style="font-size:11.5pt;font-family:"Arial","sans-serif"">RFC6546 Transport of Real-time Inter-network Defense (RID) Messages over HTTP/TLS</span><u></u><u></u></p>
<p class="MsoNormal" style="margin-left:.5in;vertical-align:baseline">
<span style="font-size:10.0pt">·</span><span style="font-size:7.0pt">        </span>
<span style="font-size:11.5pt;font-family:"Arial","sans-serif"">RFC6684 Guidelines and Template for Defining Extensions to the Incident Object Description Exchange Format (IODEF)</span><u></u><u></u></p>
<p class="MsoNormal" style="margin-left:.5in;vertical-align:baseline">
<span style="font-size:10.0pt">·</span><span style="font-size:7.0pt">        </span>
<span style="font-size:11.5pt;font-family:"Arial","sans-serif"">draft-ietf-mile-rolie Resource-Oriented Lightweight Indicator Exchange
</span><u></u><u></u></p>
<p class="MsoNormal" style="margin-left:.5in;vertical-align:baseline">
<span style="font-size:10.0pt">·</span><span style="font-size:7.0pt">        </span>
<span style="font-size:11.5pt;font-family:"Arial","sans-serif"">ISO/IEC 27002:2013  Information technology — Security techniques — Code of practice for information security controls</span><u></u><u></u></p>
<p class="MsoNormal" style="margin-left:.5in;vertical-align:baseline">
<span style="font-size:10.0pt">·</span><span style="font-size:7.0pt">        </span>
<span style="font-size:11.5pt;font-family:"Arial","sans-serif"">ISO/IEC 27035:2011 Information technology — Security techniques — Information security incident management</span><u></u><u></u></p>
<p class="MsoNormal" style="margin-bottom:12.0pt"> <u></u><u></u></p>
<h2 style="margin-bottom:8.0pt"><span style="font-size:13.0pt;font-family:"Trebuchet MS","sans-serif"">Proposers</span><u></u><u></u></h2>
<p class="MsoNormal" style="margin-left:.5in;vertical-align:baseline">
<span style="font-size:10.0pt">·</span><span style="font-size:7.0pt">        </span>
<span style="font-size:11.5pt;font-family:"Arial","sans-serif"">Adam Dawes, Google
</span><u></u><u></u></p>
<p class="MsoNormal" style="margin-left:.5in;vertical-align:baseline">
<span style="font-size:10.0pt">·</span><span style="font-size:7.0pt">        </span>
<span style="font-size:11.5pt;font-family:"Arial","sans-serif"">Mark Risher, Google</span><u></u><u></u></p>
<p class="MsoNormal" style="margin-left:.5in;vertical-align:baseline">
<span style="font-size:10.0pt">·</span><span style="font-size:7.0pt">        </span>
<span style="font-size:11.5pt;font-family:"Arial","sans-serif"">Trent Adams, Paypal</span><u></u><u></u></p>
<p class="MsoNormal" style="margin-left:.5in;vertical-align:baseline">
<span style="font-size:10.0pt">·</span><span style="font-size:7.0pt">        </span>
<span style="font-size:11.5pt;font-family:"Arial","sans-serif"">George Fletcher, AOL</span><u></u><u></u></p>
<p class="MsoNormal" style="margin-left:.5in;vertical-align:baseline">
<span style="font-size:10.0pt">·</span><span style="font-size:7.0pt">        </span>
<span style="font-size:11.5pt;font-family:"Arial","sans-serif"">Andrew Nash, Confyrm</span><u></u><u></u></p>
<p class="MsoNormal" style="margin-left:.5in;vertical-align:baseline">
<span style="font-size:10.0pt">·</span><span style="font-size:7.0pt">        </span>
<span style="font-size:11.5pt;font-family:"Arial","sans-serif"">Nat Sakimura, Nomura Research Institute</span><u></u><u></u></p>
<p class="MsoNormal" style="margin-left:.5in;vertical-align:baseline">
<span style="font-size:10.0pt">·</span><span style="font-size:7.0pt">        </span>
<span style="font-size:11.5pt;font-family:"Arial","sans-serif"">John Bradley, Ping Identity</span><u></u><u></u></p>
<p class="MsoNormal" style="margin-bottom:8.0pt;margin-left:.5in;vertical-align:baseline">
<span style="font-size:10.0pt">·</span><span style="font-size:7.0pt">        </span>
<span style="font-size:11.5pt;font-family:"Arial","sans-serif"">Henrik Biering, Peercraft</span><u></u><u></u></p>
<h2 style="margin-bottom:8.0pt"><span style="font-size:13.0pt;font-family:"Trebuchet MS","sans-serif"">Anticipated contributions:</span><u></u><u></u></h2>
<div>
<p class="MsoNormal"><span style="font-size:11.5pt;font-family:"Arial","sans-serif"">“Security event reporting between Service Providers 1.0” under the
</span><a href="https://urldefense.proofpoint.com/v2/url?u=http-3A__openid.net_intellectual-2Dproperty_&d=AwMF_g&c=Sqcl0Ez6M0X8aeM67LKIiDJAXVeAw-YihVMNtXt-uEs&r=PDGu4NI-duocVzLKrMLVZV9ccYh2Q-1cXto7c2DRReM&m=IR5tru86Ihv2g1IjtatpVdYMQcw52SU4UWhhLzaHxts&s=zsaUoprw8-hewGW9RwEVxCJdDksLM2tfwwQC40jny3Q&e=" target="_blank"><span style="font-size:11.5pt;font-family:"Arial","sans-serif"">OpenID
 Foundation’s IPR Policy</span></a><span style="font-size:11.5pt;font-family:"Arial","sans-serif"">.</span><u></u><u></u></p>
</div>
<p class="MsoNormal"> <u></u><u></u></p>
</div>
</div>
<div>
<p class="MsoNormal"> <u></u><u></u></p>
<div>
<p class="MsoNormal">On Wed, Feb 25, 2015 at 5:37 PM, Andrew Nash <<a href="mailto:andrew@confyrm.com" target="_blank">andrew@confyrm.com</a>> wrote:<u></u><u></u></p>
<div>
<p class="MsoNormal">Trent,<u></u><u></u></p>
<div>
<p class="MsoNormal"> <u></u><u></u></p>
</div>
<div>
<p class="MsoNormal">we (Confyrm) have started work on a number of aspects of a trust framework in conjunction with Tom Smedinghoff  as part of the work we did with the Uk Govt and the NSTIC pilot -
 still early but hopefully will bootstrap some of the work here <u></u><u></u></p>
</div>
<div>
<p class="MsoNormal"><span style="color:#888888"> </span><u></u><u></u></p>
</div>
<div>
<p class="MsoNormal"><span style="color:#888888">--Andrew</span><u></u><u></u></p>
</div>
</div>
<div>
<p class="MsoNormal"> <u></u><u></u></p>
<div>
<div>
<div>
<p class="MsoNormal">On Tue, Feb 24, 2015 at 11:00 PM, 'Adam Dawes' via Abuse and ATO Coordination <<a href="mailto:aatoc@googlegroups.com" target="_blank">aatoc@googlegroups.com</a>> wrote:<u></u><u></u></p>
</div>
</div>
<blockquote style="border:none;border-left:solid #cccccc 1.0pt;padding:0in 0in 0in 6.0pt;margin-left:4.8pt;margin-top:5.0pt;margin-right:0in;margin-bottom:5.0pt">
<div>
<div>
<div>
<div>
<p class="MsoNormal">+aatoc-list<u></u><u></u></p>
</div>
<div>
<p class="MsoNormal"> <u></u><u></u></p>
</div>
<p class="MsoNormal">For name, I agree with Nat's suggestion of 'Abuse and Account Take Over Coordination Work Group (AATOC Work Group)'. This just prevents a name change for everyone as well as the
 mailing list mechanics. <u></u><u></u></p>
<div>
<p class="MsoNormal"> <u></u><u></u></p>
</div>
<div>
<p class="MsoNormal">@mike, I think your suggestions about defining trust frameworks also make sense. Do you have any good examples of where this has been done? Will need to discuss this with the rest
 of the group but in our discussion of transport, there have been some implicit trust framework concepts at play. In the end, I think there may be different models about with whom info is shared. This will depend on the specific data we define, the quality
 of data that service providers can share, and the relevant privacy policies of those providers. <u></u><u></u></p>
</div>
<div>
<p class="MsoNormal"> <u></u><u></u></p>
</div>
<div>
<p class="MsoNormal">thanks,<u></u><u></u></p>
</div>
<div>
<p class="MsoNormal">AD<u></u><u></u></p>
</div>
</div>
<div>
<p class="MsoNormal"> <u></u><u></u></p>
<div>
<p class="MsoNormal">On Tue, Feb 24, 2015 at 7:13 PM, Nat Sakimura <<a href="mailto:sakimura@gmail.com" target="_blank">sakimura@gmail.com</a>> wrote:<u></u><u></u></p>
<p class="MsoNormal">While we are in the title, in view of the recent executive order
<a href="https://urldefense.proofpoint.com/v2/url?u=http-3A__m.whitehouse.gov_the-2Dpress-2Doffice_2015_02_13_executive-2Dorder-2Dpromoting-2Dprivate-2Dsector-2Dcybersecurity-2Dinformation-2Dshari&d=AwMF_g&c=Sqcl0Ez6M0X8aeM67LKIiDJAXVeAw-YihVMNtXt-uEs&r=PDGu4NI-duocVzLKrMLVZV9ccYh2Q-1cXto7c2DRReM&m=IR5tru86Ihv2g1IjtatpVdYMQcw52SU4UWhhLzaHxts&s=Ymz_Lkzf4BW4FvJ38IDtvVKeQPQkd2kDaKuoWlotzrs&e=" target="_blank">
http://m.whitehouse.gov/the-press-office/2015/02/13/executive-order-promoting-private-sector-cybersecurity-information-shari</a>, we might suggest including the name "Information Sharing and analysis", e.g., AATISAC.
<u></u><u></u></p>
<div>
<p class="MsoNormal">2015<span style="font-family:"MS Gothic"">年</span>2<span style="font-family:"MS Gothic"">月</span>25<span style="font-family:"MS Gothic"">日</span>(<span style="font-family:"MS Gothic"">水</span>)<span style="font-family:"MS Gothic"">、</span>11:59
 John Bradley <<a href="mailto:ve7jtb@ve7jtb.com" target="_blank">ve7jtb@ve7jtb.com</a>>:<u></u><u></u></p>
<div>
<div>
<blockquote style="border:none;border-left:solid #cccccc 1.0pt;padding:0in 0in 0in 6.0pt;margin-left:4.8pt;margin-top:5.0pt;margin-right:0in;margin-bottom:5.0pt">
<p class="MsoNormal"> <u></u><u></u></p>
<div>
<p class="MsoNormal">That is a different WG outside of the OIDF;)<u></u><u></u></p>
</div>
<div>
<div>
<p class="MsoNormal"> <u></u><u></u></p>
<div>
<blockquote style="margin-top:5.0pt;margin-bottom:5.0pt">
<div>
<p class="MsoNormal">On Feb 24, 2015, at 9:40 PM, Nat Sakimura <<a href="mailto:sakimura@gmail.com" target="_blank">sakimura@gmail.com</a>> wrote:<u></u><u></u></p>
</div>
<p class="MsoNormal"> <u></u><u></u></p>
<div>
<div>
<p class="MsoNormal">Simplicity wins, but does not it sound like the WG is creating a protocol to take over accounts ;-) ? <u></u><u></u></p>
</div>
<div>
<p class="MsoNormal"> <u></u><u></u></p>
<div>
<p class="MsoNormal">2015-02-25 11:25 GMT+09:00 Ashish Jain <<a href="mailto:ashishjain@vmware.com" target="_blank">ashishjain@vmware.com</a>>:<u></u><u></u></p>
<div>
<div>
<p class="MsoNormal"><span style="font-size:10.5pt;font-family:"Calibri","sans-serif"">I’m not objecting…merely suggesting that referring it as Account Takeover WG is simpler </span><u></u><u></u></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:10.5pt;font-family:"Calibri","sans-serif""> </span><u></u><u></u></p>
</div>
<div style="border:none;border-top:solid #b5c4df 1.0pt;padding:3.0pt 0in 0in 0in">
<p class="MsoNormal"><b><span style="font-size:11.0pt;font-family:"Calibri","sans-serif"">From:
</span></b><span style="font-size:11.0pt;font-family:"Calibri","sans-serif"">Nat Sakimura <<a href="mailto:sakimura@gmail.com" target="_blank">sakimura@gmail.com</a>><br>
<b>Date: </b>Tuesday, February 24, 2015 at 6:09 PM<br>
<b>To: </b>Ashish Jain <<a href="mailto:ashishjain@vmware.com" target="_blank">ashishjain@vmware.com</a>><br>
<b>Cc: </b>Adam Dawes <<a href="mailto:adawes@google.com" target="_blank">adawes@google.com</a>>, "<a href="mailto:openid-specs-council@lists.openid.net" target="_blank">openid-specs-council@lists.openid.net</a>" <<a href="mailto:openid-specs-council@lists.openid.net" target="_blank">openid-specs-council@lists.openid.net</a>></span><u></u><u></u></p>
<div>
<div>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif""><br>
<b>Subject: </b>Re: [OIDFSC] AATOC Working Group Charter</span><u></u><u></u></p>
</div>
</div>
</div>
<div>
<div>
<div>
<p class="MsoNormal"><span style="font-size:10.5pt;font-family:"Calibri","sans-serif""> </span><u></u><u></u></p>
</div>
<div>
<div>
<div>
<p class="MsoNormal"><span style="font-size:10.5pt;font-family:"Calibri","sans-serif"">I am fine with ATO WG as well. My objection was that the name had the Group in it, which is not a defined word
 in OpenID Process, so the WG name would become AATOC Group WG, which is repeating "Group" and awkward. It is just an editorial stuff. 
</span><u></u><u></u></p>
<div>
<p class="MsoNormal"><span style="font-size:10.5pt;font-family:"Calibri","sans-serif""> </span><u></u><u></u></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:10.5pt;font-family:"Calibri","sans-serif"">Are you objecting to the first A and the last C of AATOC? </span><u></u><u></u></p>
<div>
<div>
<p class="MsoNormal"><span style="font-size:10.5pt;font-family:"Calibri","sans-serif""> </span><u></u><u></u></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:10.5pt;font-family:"Calibri","sans-serif""> </span><u></u><u></u></p>
</div>
</div>
</div>
</div>
<div>
<p class="MsoNormal"><span style="font-size:10.5pt;font-family:"Calibri","sans-serif""> </span><u></u><u></u></p>
<div>
<p class="MsoNormal"><span style="font-size:10.5pt;font-family:"Calibri","sans-serif"">2015-02-25 10:59 GMT+09:00 Ashish Jain <<a href="mailto:ashishjain@vmware.com" target="_blank">ashishjain@vmware.com</a>>:</span><u></u><u></u></p>
<div>
<div>
<p class="MsoNormal"><span style="font-size:10.5pt;font-family:"Calibri","sans-serif"">I understand the need to be precise but ATO WG can probably convey the same message.</span><u></u><u></u></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:10.5pt;font-family:"Calibri","sans-serif""> </span><u></u><u></u></p>
</div>
<div style="border:none;border-top:solid #b5c4df 1.0pt;padding:3.0pt 0in 0in 0in">
<p class="MsoNormal"><b><span style="font-size:11.0pt;font-family:"Calibri","sans-serif"">From:
</span></b><span style="font-size:11.0pt;font-family:"Calibri","sans-serif"">Nat Sakimura <<a href="mailto:sakimura@gmail.com" target="_blank">sakimura@gmail.com</a>><br>
<b>Date: </b>Tuesday, February 24, 2015 at 4:56 PM<br>
<b>To: </b>Adam Dawes <<a href="mailto:adawes@google.com" target="_blank">adawes@google.com</a>><br>
<b>Cc: </b>"<a href="mailto:openid-specs-council@lists.openid.net" target="_blank">openid-specs-council@lists.openid.net</a>" <<a href="mailto:openid-specs-council@lists.openid.net" target="_blank">openid-specs-council@lists.openid.net</a>><br>
<b>Subject: </b>Re: [OIDFSC] AATOC Working Group Charter</span><u></u><u></u></p>
</div>
<div>
<div>
<div>
<p class="MsoNormal"><span style="font-size:10.5pt;font-family:"Calibri","sans-serif""> </span><u></u><u></u></p>
</div>
<div>
<div>
<div>
<p class="MsoNormal"><span style="font-size:10.5pt;font-family:"Calibri","sans-serif"">Dear Specs Council members,
<br>
<br>
It looks generally fine, with one friendly amendment: <br>
<br>
Change the title of the working group from: <br>
Abuse and Account Takeover Coordination Group<br>
<br>
to:<br>
Abuse and Account Takeover Coordination Working Group<br>
<br>
as "Abuse and Account Takeover Coordination Group Working Group" is a bit awkward. 
</span><u></u><u></u></p>
<div>
<p class="MsoNormal"><span style="font-size:10.5pt;font-family:"Calibri","sans-serif"">I am fine with putting it as just "Abuse and Account Takeover Coordination" as well, since there is a precedence
 for it. <br>
<br>
Could any specs council member respond early in this thread if you have any objection or friendly amendment. We have been a bit slack lately that we have been relying on two weeks limit to execute a charter, but we should be able to act more quickly.<br>
<br>
Cheers,  </span><u></u><u></u></p>
<div>
<p class="MsoNormal"><span style="font-size:10.5pt;font-family:"Calibri","sans-serif""><br>
Nat</span><u></u><u></u></p>
<div>
<p class="MsoNormal"><span style="font-size:10.5pt;font-family:"Calibri","sans-serif""> </span><u></u><u></u></p>
</div>
</div>
</div>
</div>
<div>
<p class="MsoNormal"><span style="font-size:10.5pt;font-family:"Calibri","sans-serif""> </span><u></u><u></u></p>
<div>
<p class="MsoNormal"><span style="font-size:10.5pt;font-family:"Calibri","sans-serif"">2015-02-24 19:02 GMT+09:00 Adam Dawes <<a href="mailto:adawes@google.com" target="_blank">adawes@google.com</a>>:</span><u></u><u></u></p>
<div>
<div>
<p class="MsoNormal"><span style="font-size:9.5pt;font-family:"Calibri","sans-serif"">I would like to form a new work group, AATOC. Here is our proposed charter:</span><u></u><u></u></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:9.5pt;font-family:"Calibri","sans-serif""> </span><u></u><u></u></p>
</div>
<div>
<h2 align="center" style="margin-bottom:8.0pt;text-align:center"><span style="font-size:13.0pt;font-family:"Trebuchet MS","sans-serif"">AATOC Charter</span><u></u><u></u></h2>
<p class="MsoNormal"><span style="font-size:9.5pt;font-family:"Calibri","sans-serif""> </span><u></u><u></u></p>
<h2 style="margin-bottom:8.0pt"><span style="font-size:13.0pt;font-family:"Trebuchet MS","sans-serif"">1) Working Group name:
</span><u></u><u></u></h2>
<p class="MsoNormal" style="margin-bottom:8.0pt"><span style="font-size:11.5pt;font-family:"Arial","sans-serif"">Abuse and Account Takeover Coordination Group (AATOC)</span><u></u><u></u></p>
<p class="MsoNormal"><span style="font-size:9.5pt;font-family:"Calibri","sans-serif""> </span><u></u><u></u></p>
<h2 style="margin-bottom:8.0pt"><span style="font-size:13.0pt;font-family:"Trebuchet MS","sans-serif"">2) Purpose</span><u></u><u></u></h2>
<div>
<p class="MsoNormal"><span style="font-size:11.5pt;font-family:"Arial","sans-serif"">The goal of AATOC is to provide data sharing schemas, privacy recommendations and protocols to:</span><u></u><u></u></p>
</div>
<p class="MsoNormal"><span style="font-size:9.5pt;font-family:"Calibri","sans-serif""> </span><u></u><u></u></p>
<div>
<p class="MsoNormal" style="margin-left:47.25pt;vertical-align:baseline">
<span style="font-size:10.0pt">·</span><span style="font-size:7.0pt">        </span>
<span style="font-size:11.5pt;font-family:"Arial","sans-serif"">Share information about important security events in order to thwart attackers from leveraging compromised accounts from one Service Provider to gain access to accounts on other Service Providers
 (mobile or web application developers and owners). </span><u></u><u></u></p>
</div>
<div>
<p class="MsoNormal" style="margin-left:47.25pt;vertical-align:baseline">
<span style="font-size:10.0pt">·</span><span style="font-size:7.0pt">        </span>
<span style="font-size:11.5pt;font-family:"Arial","sans-serif"">Enable users and providers to coordinate in order to securely restore accounts following a compromise.</span><u></u><u></u></p>
</div>
<p class="MsoNormal"><span style="font-size:9.5pt;font-family:"Calibri","sans-serif""> </span><u></u><u></u></p>
<div>
<p class="MsoNormal"><span style="font-size:11.5pt;font-family:"Arial","sans-serif"">Internet accounts that use email addresses or phone numbers as the primary identifier for the account will be the
 initial focus. </span><u></u><u></u></p>
</div>
<h2 style="margin-bottom:8.0pt"><span style="font-size:13.0pt;font-family:"Trebuchet MS","sans-serif"">2) Scope</span><u></u><u></u></h2>
<div>
<p class="MsoNormal"><span style="font-size:11.5pt;font-family:"Arial","sans-serif"">The group will define:</span><u></u><u></u></p>
</div>
<div>
<p class="MsoNormal" style="margin-bottom:12.0pt;margin-left:47.25pt;vertical-align:baseline">
<span style="font-size:10.0pt">·</span><span style="font-size:7.0pt">        </span>
<b><span style="font-size:11.5pt;font-family:"Arial","sans-serif"">Security events</span></b><span style="font-size:11.5pt;font-family:"Arial","sans-serif""><br>
These are events – whether directly authentication-related or occurring at another time in the user flow – that take place on one service that could also have security implications on other Service Providers. The group will develop a taxonomy of security events
 and a common set of semantics to express relevant information about a security event.</span><u></u><u></u></p>
</div>
<div>
<p class="MsoNormal" style="margin-left:47.25pt;vertical-align:baseline">
<span style="font-size:10.0pt">·</span><span style="font-size:7.0pt">        </span>
<b><span style="font-size:11.5pt;font-family:"Arial","sans-serif"">Privacy Implications</span></b><span style="font-size:11.5pt;font-family:"Arial","sans-serif""><br>
Sharing security information amongst providers has potential privacy implications for both end users and service providers. These privacy implications must be balanced against the recognized benefits of protecting users’ accounts and data from abuse.  The group
 will consider ways to optimize this balance when defining mechanisms to handle the various security events and recommend best practices for the industry.</span><u></u><u></u></p>
</div>
<p class="MsoNormal"><span style="font-size:9.5pt;font-family:"Calibri","sans-serif""> </span><u></u><u></u></p>
<div>
<p class="MsoNormal" style="margin-left:47.25pt;vertical-align:baseline">
<span style="font-size:10.0pt">·</span><span style="font-size:7.0pt">        </span>
<b><span style="font-size:11.5pt;font-family:"Arial","sans-serif"">Communications mechanisms</span></b><span style="font-size:11.5pt;font-family:"Arial","sans-serif""><br>
Define bindings for the use of an existing transport protocol defined elsewhere.</span><u></u><u></u></p>
</div>
<p class="MsoNormal"><span style="font-size:9.5pt;font-family:"Calibri","sans-serif""> </span><u></u><u></u></p>
<div>
<p class="MsoNormal" style="margin-left:47.25pt;vertical-align:baseline">
<span style="font-size:10.0pt">·</span><span style="font-size:7.0pt">        </span>
<b><span style="font-size:11.5pt;font-family:"Arial","sans-serif"">Event schema</span></b><span style="font-size:11.5pt;font-family:"Arial","sans-serif""><br>
Define a schema describing relevant events and relationships to allow for dissemination between interested and authorized parties.  </span><u></u><u></u></p>
</div>
<p class="MsoNormal"><span style="font-size:9.5pt;font-family:"Calibri","sans-serif""> </span><u></u><u></u></p>
<div>
<p class="MsoNormal" style="margin-left:47.25pt;vertical-align:baseline">
<span style="font-size:10.0pt">·</span><span style="font-size:7.0pt">        </span>
<b><span style="font-size:11.5pt;font-family:"Arial","sans-serif"">Account recovery mechanisms</span></b><u></u><u></u></p>
</div>
<div style="margin-left:.5in">
<p class="MsoNormal"><span style="font-size:11.5pt;font-family:"Arial","sans-serif"">Standardized mechanism(s) to allow providers to signal that a user has regained control of an account, or allow a
 user to explicitly restore control of a previously compromised account, with or without direct user involvement.</span><u></u><u></u></p>
</div>
<h2 style="margin-bottom:8.0pt"><span style="font-size:13.0pt;font-family:"Trebuchet MS","sans-serif"">Out of scope:</span><u></u><u></u></h2>
<div>
<p class="MsoNormal"><span style="font-size:11.5pt;font-family:"Arial","sans-serif"">Determining the account quality/reputation of a user on a particular service and communicating that to others.</span><u></u><u></u></p>
</div>
<p class="MsoNormal"><span style="font-size:9.5pt;font-family:"Calibri","sans-serif""> </span><u></u><u></u></p>
<div>
<p class="MsoNormal"><span style="font-size:11.5pt;font-family:"Arial","sans-serif"">Definition of APIs and underlying mechanisms for connecting to, interacting with and operating centralized databases
 or intelligence clearinghouses when these are used to communicate security events between account providers.</span><u></u><u></u></p>
</div>
<p class="MsoNormal"><span style="font-size:9.5pt;font-family:"Calibri","sans-serif""> </span><u></u><u></u></p>
<h2 style="margin-bottom:8.0pt"><span style="font-size:13.0pt;font-family:"Trebuchet MS","sans-serif"">4) Proposed Deliverables</span><u></u><u></u></h2>
<div>
<p class="MsoNormal"><span style="font-size:11.5pt;font-family:"Arial","sans-serif"">The group proposes the following
<b>Non-Specification</b> deliverables:</span><u></u><u></u></p>
</div>
<p class="MsoNormal"><span style="font-size:9.5pt;font-family:"Calibri","sans-serif""> </span><u></u><u></u></p>
<div>
<p class="MsoNormal"><b><span style="font-size:11.5pt;font-family:"Arial","sans-serif"">Security Event and Account Lifecycle Schema</span></b><u></u><u></u></p>
</div>
<div>
<p class="MsoNormal" style="margin-left:47.25pt;vertical-align:baseline">
<span style="font-size:10.0pt">·</span><span style="font-size:7.0pt">        </span>
<span style="font-size:11.5pt;font-family:"Arial","sans-serif"">A taxonomy of security events and a common set of semantics to express relevant information about a security event and its relationships to other relevant data, events or indicators.
</span><u></u><u></u></p>
</div>
<div>
<p class="MsoNormal"><b><span style="font-size:11.5pt;font-family:"Arial","sans-serif"">Security Event Privacy Guidelines</span></b><u></u><u></u></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:11.5pt;font-family:"Arial","sans-serif"">A set of recommendations on how to minimize the privacy impact on users and service providers while improving security,
 and how to provide appropriate privacy disclosures, labeling and access control guidelines around information in the Security Event Schema.
</span><u></u><u></u></p>
</div>
<p class="MsoNormal"><span style="font-size:9.5pt;font-family:"Calibri","sans-serif""> </span><u></u><u></u></p>
<div>
<p class="MsoNormal"><span style="font-size:11.5pt;font-family:"Arial","sans-serif"">The group proposes the following
<b>Specification </b>deliverables:</span><u></u><u></u></p>
</div>
<p class="MsoNormal"><span style="font-size:9.5pt;font-family:"Calibri","sans-serif""> </span><u></u><u></u></p>
<div>
<p class="MsoNormal"><b><span style="font-size:11.5pt;font-family:"Arial","sans-serif"">Communications Mechanisms</span></b><u></u><u></u></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:11.5pt;font-family:"Arial","sans-serif"">Define bindings for the event messages to an already existing transport protocol to promote interoperability of sending
 event information to another Service Provider. This will allow a Service Provider to implement a single piece of infrastructure that would be able to send or receive event information to any other service provider.
</span><u></u><u></u></p>
</div>
<p class="MsoNormal"><span style="font-size:9.5pt;font-family:"Calibri","sans-serif""> </span><u></u><u></u></p>
<div>
<p class="MsoNormal"><b><span style="font-size:11.5pt;font-family:"Arial","sans-serif"">Order of Deliverables</span></b><u></u><u></u></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:11.5pt;font-family:"Arial","sans-serif"">The group will work to produce the Security Event and Account Lifecycle Schema before beginning work on the Communications
 Mechanism.</span><u></u><u></u></p>
</div>
<p class="MsoNormal"><span style="font-size:9.5pt;font-family:"Calibri","sans-serif""> </span><u></u><u></u></p>
<h2 style="margin-bottom:8.0pt"><span style="font-size:13.0pt;font-family:"Trebuchet MS","sans-serif"">5) Anticipated audience or users</span><u></u><u></u></h2>
<div>
<p class="MsoNormal" style="margin-left:47.25pt;vertical-align:baseline">
<span style="font-size:10.0pt">·</span><span style="font-size:7.0pt">        </span>
<span style="font-size:11.5pt;font-family:"Arial","sans-serif"">Service Providers who manage their own account systems which require an email address or phone number for registration.</span><u></u><u></u></p>
</div>
<div>
<p class="MsoNormal" style="margin-left:47.25pt;vertical-align:baseline">
<span style="font-size:10.0pt">·</span><span style="font-size:7.0pt">        </span>
<span style="font-size:11.5pt;font-family:"Arial","sans-serif"">Account and email providers that understand key security events that happen to a user’s account.</span><u></u><u></u></p>
</div>
<div>
<p class="MsoNormal" style="margin-left:47.25pt;vertical-align:baseline">
<span style="font-size:10.0pt">·</span><span style="font-size:7.0pt">        </span>
<span style="font-size:11.5pt;font-family:"Arial","sans-serif"">Identity as a Service (IDaaS) vendors that manage account and authentication systems for their customers.</span><u></u><u></u></p>
</div>
<div>
<p class="MsoNormal" style="margin-left:47.25pt;vertical-align:baseline">
<span style="font-size:10.0pt">·</span><span style="font-size:7.0pt">        </span>
<span style="font-size:11.5pt;font-family:"Arial","sans-serif"">Users seeking to regain control of a compromised account.</span><u></u><u></u></p>
</div>
<p class="MsoNormal"><span style="font-size:9.5pt;font-family:"Calibri","sans-serif""> </span><u></u><u></u></p>
<h2 style="margin-bottom:8.0pt"><span style="font-size:13.0pt;font-family:"Trebuchet MS","sans-serif"">6) Language</span><u></u><u></u></h2>
<div>
<p class="MsoNormal"><span style="font-size:11.5pt;font-family:"Arial","sans-serif"">English</span><u></u><u></u></p>
</div>
<p class="MsoNormal"><span style="font-size:9.5pt;font-family:"Calibri","sans-serif""> </span><u></u><u></u></p>
<h2 style="margin-bottom:8.0pt"><span style="font-size:13.0pt;font-family:"Trebuchet MS","sans-serif"">7) Method of work:</span><u></u><u></u></h2>
<p class="MsoNormal" style="margin-bottom:8.0pt"><span style="font-size:11.5pt;font-family:"Arial","sans-serif"">E-mail discussions on the working group mailing list, working group conference calls, and face-to-face meetings from time
 to time.</span><u></u><u></u></p>
<p class="MsoNormal"><span style="font-size:9.5pt;font-family:"Calibri","sans-serif""> </span><u></u><u></u></p>
<h2 style="margin-bottom:8.0pt"><span style="font-size:13.0pt;font-family:"Trebuchet MS","sans-serif"">8) Basis for determining when the work is completed:</span><u></u><u></u></h2>
<p class="MsoNormal" style="margin-bottom:8.0pt"><span style="font-size:11.5pt;font-family:"Arial","sans-serif"">Rough consensus and running code. The work will be completed once it is apparent that maximal consensus on the draft has
 been achieved, consistent with the purpose and scope.</span><u></u><u></u></p>
<p class="MsoNormal"><span style="font-size:9.5pt;font-family:"Calibri","sans-serif""> </span><u></u><u></u></p>
<h2 style="margin-bottom:8.0pt"><span style="font-size:13.0pt;font-family:"Trebuchet MS","sans-serif"">Background information</span><u></u><u></u></h2>
<p class="MsoNormal"><span style="font-size:9.5pt;font-family:"Calibri","sans-serif""> </span><u></u><u></u></p>
<h2 style="margin-bottom:8.0pt"><span style="font-size:13.0pt;font-family:"Trebuchet MS","sans-serif"">Related work:</span><u></u><u></u></h2>
<div>
<p class="MsoNormal" style="margin-left:47.25pt;vertical-align:baseline">
<span style="font-size:10.0pt">·</span><span style="font-size:7.0pt">        </span>
<span style="font-size:11.5pt;font-family:"Arial","sans-serif"">RFC6545 Real-time Inter-network Defense (RID)</span><u></u><u></u></p>
</div>
<div>
<p class="MsoNormal" style="margin-left:47.25pt;vertical-align:baseline">
<span style="font-size:10.0pt">·</span><span style="font-size:7.0pt">        </span>
<span style="font-size:11.5pt;font-family:"Arial","sans-serif"">RFC6546 Transport of Real-time Inter-network Defense (RID) Messages over HTTP/TLS</span><u></u><u></u></p>
</div>
<div>
<p class="MsoNormal" style="margin-left:47.25pt;vertical-align:baseline">
<span style="font-size:10.0pt">·</span><span style="font-size:7.0pt">        </span>
<span style="font-size:11.5pt;font-family:"Arial","sans-serif"">RFC6684 Guidelines and Template for Defining Extensions to the Incident Object Description Exchange Format (IODEF)</span><u></u><u></u></p>
</div>
<div>
<p class="MsoNormal" style="margin-left:47.25pt;vertical-align:baseline">
<span style="font-size:10.0pt">·</span><span style="font-size:7.0pt">        </span>
<span style="font-size:11.5pt;font-family:"Arial","sans-serif"">draft-ietf-mile-rolie Resource-Oriented Lightweight Indicator Exchange
</span><u></u><u></u></p>
</div>
<div>
<p class="MsoNormal" style="margin-left:47.25pt;vertical-align:baseline">
<span style="font-size:10.0pt">·</span><span style="font-size:7.0pt">        </span>
<span style="font-size:11.5pt;font-family:"Arial","sans-serif"">ISO/IEC 27002:2013  Information technology — Security techniques — Code of practice for information security controls</span><u></u><u></u></p>
</div>
<div>
<p class="MsoNormal" style="margin-left:47.25pt;vertical-align:baseline">
<span style="font-size:10.0pt">·</span><span style="font-size:7.0pt">        </span>
<span style="font-size:11.5pt;font-family:"Arial","sans-serif"">ISO/IEC 27035:2011 Information technology — Security techniques — Information security incident management</span><u></u><u></u></p>
</div>
<p class="MsoNormal" style="margin-bottom:12.0pt"><span style="font-size:9.5pt;font-family:"Calibri","sans-serif""> </span><u></u><u></u></p>
<h2 style="margin-bottom:8.0pt"><span style="font-size:13.0pt;font-family:"Trebuchet MS","sans-serif"">Proposers</span><u></u><u></u></h2>
<div>
<p class="MsoNormal" style="margin-left:47.25pt;vertical-align:baseline">
<span style="font-size:10.0pt">·</span><span style="font-size:7.0pt">        </span>
<span style="font-size:11.5pt;font-family:"Arial","sans-serif"">Adam Dawes, Google
</span><u></u><u></u></p>
</div>
<div>
<p class="MsoNormal" style="margin-left:47.25pt;vertical-align:baseline">
<span style="font-size:10.0pt">·</span><span style="font-size:7.0pt">        </span>
<span style="font-size:11.5pt;font-family:"Arial","sans-serif"">Mark Risher, Google</span><u></u><u></u></p>
</div>
<div>
<p class="MsoNormal" style="margin-left:47.25pt;vertical-align:baseline">
<span style="font-size:10.0pt">·</span><span style="font-size:7.0pt">        </span>
<span style="font-size:11.5pt;font-family:"Arial","sans-serif"">Trent Adams, Paypal</span><u></u><u></u></p>
</div>
<div>
<p class="MsoNormal" style="margin-left:47.25pt;vertical-align:baseline">
<span style="font-size:10.0pt">·</span><span style="font-size:7.0pt">        </span>
<span style="font-size:11.5pt;font-family:"Arial","sans-serif"">George Fletcher, AOL</span><u></u><u></u></p>
</div>
<div>
<p class="MsoNormal" style="margin-left:47.25pt;vertical-align:baseline">
<span style="font-size:10.0pt">·</span><span style="font-size:7.0pt">        </span>
<span style="font-size:11.5pt;font-family:"Arial","sans-serif"">Andrew Nash, Confyrm</span><u></u><u></u></p>
</div>
<div>
<p class="MsoNormal" style="margin-left:47.25pt;vertical-align:baseline">
<span style="font-size:10.0pt">·</span><span style="font-size:7.0pt">        </span>
<span style="font-size:11.5pt;font-family:"Arial","sans-serif"">Nat Sakimura, Nomura Research Institute</span><u></u><u></u></p>
</div>
<div>
<p class="MsoNormal" style="margin-left:47.25pt;vertical-align:baseline">
<span style="font-size:10.0pt">·</span><span style="font-size:7.0pt">        </span>
<span style="font-size:11.5pt;font-family:"Arial","sans-serif"">John Bradley, Ping Identity</span><u></u><u></u></p>
</div>
<p class="MsoNormal" style="margin-bottom:8.0pt;margin-left:47.25pt;vertical-align:baseline">
<span style="font-size:10.0pt">·</span><span style="font-size:7.0pt">        </span>
<span style="font-size:11.5pt;font-family:"Arial","sans-serif"">Henrik Biering, Peercraft</span><u></u><u></u></p>
<h2 style="margin-bottom:8.0pt"><span style="font-size:13.0pt;font-family:"Trebuchet MS","sans-serif"">Anticipated contributions:</span><u></u><u></u></h2>
<div>
<p class="MsoNormal"><span style="font-size:11.5pt;font-family:"Arial","sans-serif"">“Security event reporting between Service Providers 1.0” under the
</span><span style="font-size:9.5pt;font-family:"Calibri","sans-serif""><a href="https://urldefense.proofpoint.com/v2/url?u=http-3A__openid.net_intellectual-2Dproperty_&d=AwMFaQ&c=Sqcl0Ez6M0X8aeM67LKIiDJAXVeAw-YihVMNtXt-uEs&r=PDGu4NI-duocVzLKrMLVZV9ccYh2Q-1cXto7c2DRReM&m=his8oMG2sVamzBa3dQLPovSTmI9fUVGF3mbIZ4ZzISQ&s=yV7iQ-h1QNIAyTmfXm6S6vIszebI2q_snUSkFyjxlkg&e=" target="_blank"><span style="font-size:11.5pt;font-family:"Arial","sans-serif"">OpenID
 Foundation’s IPR Policy</span></a></span><span style="font-size:11.5pt;font-family:"Arial","sans-serif"">.</span><u></u><u></u></p>
</div>
</div>
</div>
</div>
<p class="MsoNormal"><span style="font-size:10.5pt;font-family:"Calibri","sans-serif""><br>
<br clear="all">
</span><u></u><u></u></p>
<div>
<p class="MsoNormal"><span style="font-size:10.5pt;font-family:"Calibri","sans-serif""> </span><u></u><u></u></p>
</div>
<p class="MsoNormal"><span style="font-size:10.5pt;font-family:"Calibri","sans-serif"">--
</span><u></u><u></u></p>
<div>
<p class="MsoNormal"><span style="font-size:10.5pt;font-family:"Calibri","sans-serif"">Nat Sakimura (=nat)
</span><u></u><u></u></p>
<div>
<p class="MsoNormal"><span style="font-size:10.5pt;font-family:"Calibri","sans-serif"">Chairman, OpenID Foundation<br>
<a href="https://urldefense.proofpoint.com/v2/url?u=http-3A__nat.sakimura.org_&d=AwMFaQ&c=Sqcl0Ez6M0X8aeM67LKIiDJAXVeAw-YihVMNtXt-uEs&r=PDGu4NI-duocVzLKrMLVZV9ccYh2Q-1cXto7c2DRReM&m=his8oMG2sVamzBa3dQLPovSTmI9fUVGF3mbIZ4ZzISQ&s=jmKQL3OD_c7eJXduzdJt5OJefY8ZjNiYCoAm8g-7oOA&e=" target="_blank">http://nat.sakimura.org/</a><br>
@_nat_en</span><u></u><u></u></p>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
<p class="MsoNormal"><span style="font-size:10.5pt;font-family:"Calibri","sans-serif""><br>
<br clear="all">
</span><u></u><u></u></p>
<div>
<p class="MsoNormal"><span style="font-size:10.5pt;font-family:"Calibri","sans-serif""> </span><u></u><u></u></p>
</div>
<p class="MsoNormal"><span style="font-size:10.5pt;font-family:"Calibri","sans-serif"">--
</span><u></u><u></u></p>
<div>
<p class="MsoNormal"><span style="font-size:10.5pt;font-family:"Calibri","sans-serif"">Nat Sakimura (=nat)
</span><u></u><u></u></p>
<div>
<p class="MsoNormal"><span style="font-size:10.5pt;font-family:"Calibri","sans-serif"">Chairman, OpenID Foundation<br>
<a href="https://urldefense.proofpoint.com/v2/url?u=http-3A__nat.sakimura.org_&d=AwMFaQ&c=Sqcl0Ez6M0X8aeM67LKIiDJAXVeAw-YihVMNtXt-uEs&r=PDGu4NI-duocVzLKrMLVZV9ccYh2Q-1cXto7c2DRReM&m=dibzrL00q20lgLcDv94EYh8Ums_bAaYivHuqDQgNfSI&s=jq4oX-tF55oVVtUOW6sW0RsihIhuUzSlJVyRWCVyAhQ&e=" target="_blank">http://nat.sakimura.org/</a><br>
@_nat_en</span><u></u><u></u></p>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
<p class="MsoNormal"><br>
<br clear="all">
<u></u><u></u></p>
<div>
<p class="MsoNormal"><span style="color:#888888"> </span><u></u><u></u></p>
</div>
<p class="MsoNormal"><span style="color:#888888">--
<u></u><u></u></span></p>
<div>
<p class="MsoNormal"><span style="color:#888888">Nat Sakimura (=nat)<u></u><u></u></span></p>
<div>
<p class="MsoNormal"><span style="color:#888888">Chairman, OpenID Foundation<br>
<a href="https://urldefense.proofpoint.com/v2/url?u=http-3A__nat.sakimura.org_&d=AwMF_g&c=Sqcl0Ez6M0X8aeM67LKIiDJAXVeAw-YihVMNtXt-uEs&r=PDGu4NI-duocVzLKrMLVZV9ccYh2Q-1cXto7c2DRReM&m=IR5tru86Ihv2g1IjtatpVdYMQcw52SU4UWhhLzaHxts&s=ZBjiNJFuAuQhY9EfZmff4-R5LvM5fz_i_xoQXnZzNBg&e=" target="_blank">http://nat.sakimura.org/</a><br>
@_nat_en<u></u><u></u></span></p>
</div>
</div>
</div>
</div>
</blockquote>
</div>
<p class="MsoNormal"><span style="color:#888888"> <u></u><u></u></span></p>
</div>
</div>
</blockquote>
</div>
</div>
</div>
</div>
<p class="MsoNormal"><span style="color:#888888"> <u></u><u></u></span></p>
</div>
</div>
</div>
<p class="MsoNormal"><span style="color:#888888">--
<br>
You received this message because you are subscribed to the Google Groups "Abuse and ATO Coordination" group.<br>
To unsubscribe from this group and stop receiving emails from it, send an email to
<a href="mailto:aatoc+unsubscribe@googlegroups.com" target="_blank">aatoc+unsubscribe@googlegroups.com</a>.<br>
To post to this group, send email to <a href="mailto:aatoc@googlegroups.com" target="_blank">
aatoc@googlegroups.com</a>.<br>
To view this discussion on the web visit <a href="https://urldefense.proofpoint.com/v2/url?u=https-3A__groups.google.com_d_msgid_aatoc_CAOJhRMYKX6O8LVPzCf8x-252BFDnmuMuLDH8RdssTXqZ1YeU54bLNA-2540mail.gmail.com-3Futm-5Fmedium-3Demail-26utm-5Fsource-3Dfooter&d=AwMF_g&c=Sqcl0Ez6M0X8aeM67LKIiDJAXVeAw-YihVMNtXt-uEs&r=PDGu4NI-duocVzLKrMLVZV9ccYh2Q-1cXto7c2DRReM&m=IR5tru86Ihv2g1IjtatpVdYMQcw52SU4UWhhLzaHxts&s=5lX731FD9xPT7XHaq_TymfCgMB4LpcDi1T_6AH4z2UE&e=" target="_blank">
https://groups.google.com/d/msgid/aatoc/CAOJhRMYKX6O8LVPzCf8x%2BFDnmuMuLDH8RdssTXqZ1YeU54bLNA%40mail.gmail.com</a>.<br>
For more options, visit <a href="https://urldefense.proofpoint.com/v2/url?u=https-3A__groups.google.com_d_optout&d=AwMF_g&c=Sqcl0Ez6M0X8aeM67LKIiDJAXVeAw-YihVMNtXt-uEs&r=PDGu4NI-duocVzLKrMLVZV9ccYh2Q-1cXto7c2DRReM&m=IR5tru86Ihv2g1IjtatpVdYMQcw52SU4UWhhLzaHxts&s=_ArfcCFBHUilGTdBgpsiBBSJ1Yqz0rX_H5s7Jfmkq-o&e=" target="_blank">
https://groups.google.com/d/optout</a>.<u></u><u></u></span></p>
</blockquote>
</div>
<p class="MsoNormal"> <u></u><u></u></p>
</div>
</div>
<p class="MsoNormal"> <u></u><u></u></p>
</div>
</div>
</div>
</div>
<p class="MsoNormal"><u></u> <u></u></p>
</div>
</div>
</blockquote>
</div>
</div>
</div>
</blockquote>
</div>
</div>
</div>
<p class="MsoNormal"><u></u> <u></u></p>
</div>
</div>
<p class="MsoNormal"><u></u> <u></u></p>
</div>
</div>
</div>
</div>
</div>
</blockquote>
</div>
</div>
<p class="MsoNormal"><u></u> <u></u></p>
</div>
</div>
</blockquote>
</div>
<p class="MsoNormal"><u></u> <span class="HOEnZb"><font color="#888888"><u></u></font></span></p><span class="HOEnZb"><font color="#888888">
</font></span></div><span class="HOEnZb"><font color="#888888">
</font></span></div><span class="HOEnZb"><font color="#888888">
</font></span></div><span class="HOEnZb"><font color="#888888">

</font></span></blockquote></div><span class="HOEnZb"><font color="#888888"><br><br clear="all"><div><br></div>-- <br><div>--Breno<br></div>
</font></span></div>
</blockquote></div><br></div>