Proposal to create the PAPE working group
Hans Granqvist
hans at granqvist.com
Sat Apr 26 16:45:35 UTC 2008
The membership application forms seem to be missing from
http://openid.net/foundation/join/.
Can someone look into it?
Thanks,
Hans
2008/4/25 Mike Jones <Michael.Jones at microsoft.com>:
>
>
>
>
> In accordance with the OpenID Foundation IPR policies and procedures this
> note proposes the formation of a new working group chartered to produce an
> OpenID specification. As per Section 4.1 of the Policies, the specifics of
> the proposed working group are:
>
>
>
> Proposal:
>
> (a) Charter.
>
> (i) WG name: Provider Authentication Policy Extension
> (PAPE)
>
> (ii) Purpose: Produce a standard OpenID extension to the
> OpenID Authentication protocol that: provides a mechanism by which a
> Relying Party can request that particular authentication policies be applied
> by the OpenID Provider when authenticating an End User and provides a
> mechanism by which an OpenID Provider may inform a Relying Party which
> authentication policies were used. Thus a Relying Party can request that the
> End User authenticate, for example, using a phishing-resistant and/or
> multi-factor authentication method.
>
> (iii) Scope: Produce a revision of the PAPE 1.0 Draft 2
> specification that clarifies its intent, while maintaining compatibility for
> existing Draft 2 implementations. Adding any support for communicating
> requests for or the use of specific authentication methods (as opposed to
> authentication policies) is explicitly out of scope.
>
> (iv) Proposed List of Specifications: Provider
> Authentication Policy Extension 1.0, spec completion expected during May
> 2008.
>
> (v) Anticipated audience or users of the work:
> Implementers of OpenID Providers and Relying Parties – especially those
> interested in mitigating the phishing vulnerabilities of logging into OpenID
> providers with passwords.
>
> (vi) Language in which the WG will conduct business:
> English.
>
> (vii) Method of work: E-mail discussions on the working
> group mailing list, working group conference calls, and possibly a
> face-to-face meeting at the Internet Identity Workshop.
>
> (viii) Basis for determining when the work of the WG is
> completed: Proposed changes to draft 2 will be evaluated on the basis of
> whether they increase or decrease consensus within the working group. The
> work will be completed once it is apparent that maximal consensus on the
> draft has been achieved, consistent with the purpose and scope.
>
> (b) Background Information.
>
> (i) Related work being done in other WGs or organizations:
> (1) Assurance Levels as defined by the National Institute of Standards and
> Technology (NIST) in Special Publication 800-63 (Burr, W., Dodson, D., and
> W. Polk, Ed., "Electronic Authentication Guideline," April 2006.)
> [NIST_SP800‑63]. This working group is needed to enable authentication
> policy statements to be exchanged by OpenID endpoints. No coordination is
> needed with NIST, as the PAPE specification uses elements of the NIST
> specification in the intended fashion.
>
> (ii) Proposers:
>
> Michael B. Jones, mbj at microsoft.com,
> Microsoft Corporation
>
> David Recordon, drecordon at sixapart.com, Six
> Apart Corporation
>
> Ben Laurie, benl at google.com, Google
> Corporation
>
> Drummond Reed, drummond.reed at cordance.net,
> Cordance Corporation
>
> John Bradley, john.bradley at wingaa.com,
> Wingaa Corporation
>
> Johnny Bufu, johnny.bufu at gmail.com,
> Independent
>
> Editors:
>
> Michael B. Jones, mbj at microsoft.com,
> Microsoft Corporation
>
> David Recordon, drecordon at sixapart.com, Six
> Apart Corporation
>
> (iii) Anticipated Contributions: None.
>
>
>
> ====
>
>
>
> (The rest of this note is informational and not part of the proposal to
> create an OpenID working group.)
>
>
>
> Given that the OpenID specification procedures call for votes of the
> membership, this would be a good time for those wanting to influence the
> outcome of this specification to join the OpenID Foundation. You can do so
> at http://openid.net/foundation/join/. Should you wish to join the working
> group, you will also need to execute the Contribution Agreement at
> http://openid.net/foundation/intellectual-property/ once the working group
> formation has been approved by the membership. After the Specifications
> Council has responded to this request to create a working group (which must
> happen within 15 days) a separate message will be sent asking those of you
> who are OpenID members to vote on the working group creation, containing
> instructions for how to do so.
>
>
>
> -- Mike
>
>
> _______________________________________________
> specs mailing list
> specs at openid.net
> http://openid.net/mailman/listinfo/specs
>
>
More information about the specs
mailing list