Proposal to create the PAPE working group

Hans Granqvist hans at granqvist.com
Sat Apr 26 16:45:35 UTC 2008


The membership application forms seem to be missing from
http://openid.net/foundation/join/.
Can someone look into it?

Thanks,
Hans



2008/4/25 Mike Jones <Michael.Jones at microsoft.com>:
>
>
>
>
> In accordance with the OpenID Foundation IPR policies and procedures this
> note proposes the formation of a new working group chartered to produce an
> OpenID specification.  As per Section 4.1 of the Policies, the specifics of
> the proposed working group are:
>
>
>
> Proposal:
>
> (a)  Charter.
>
>                 (i)  WG name:  Provider Authentication Policy Extension
> (PAPE)
>
>                 (ii)  Purpose:  Produce a standard OpenID extension to the
> OpenID Authentication protocol that:  provides a mechanism by which a
> Relying Party can request that particular authentication policies be applied
> by the OpenID Provider when authenticating an End User and provides a
> mechanism by which an OpenID Provider may inform a Relying Party which
> authentication policies were used. Thus a Relying Party can request that the
> End User authenticate, for example, using a phishing-resistant and/or
> multi-factor authentication method.
>
>                 (iii)  Scope:  Produce a revision of the PAPE 1.0 Draft 2
> specification that clarifies its intent, while maintaining compatibility for
> existing Draft 2 implementations.  Adding any support for communicating
> requests for or the use of specific authentication methods (as opposed to
> authentication policies) is explicitly out of scope.
>
>                 (iv)  Proposed List of Specifications:  Provider
> Authentication Policy Extension 1.0, spec completion expected during May
> 2008.
>
>                 (v)  Anticipated audience or users of the work:
> Implementers of OpenID Providers and Relying Parties – especially those
> interested in mitigating the phishing vulnerabilities of logging into OpenID
> providers with passwords.
>
>                 (vi)  Language in which the WG will conduct business:
> English.
>
>                 (vii)  Method of work:  E-mail discussions on the working
> group mailing list, working group conference calls, and possibly a
> face-to-face meeting at the Internet Identity Workshop.
>
>                 (viii)  Basis for determining when the work of the WG is
> completed:  Proposed changes to draft 2 will be evaluated on the basis of
> whether they increase or decrease consensus within the working group.  The
> work will be completed once it is apparent that maximal consensus on the
> draft has been achieved, consistent with the purpose and scope.
>
> (b)  Background Information.
>
>                 (i)  Related work being done in other WGs or organizations:
> (1) Assurance Levels as defined by the National Institute of Standards and
> Technology (NIST) in Special Publication 800-63 (Burr, W., Dodson, D., and
> W. Polk, Ed., "Electronic Authentication Guideline," April 2006.)
> [NIST_SP800‑63].  This working group is needed to enable authentication
> policy statements to be exchanged by OpenID endpoints.  No coordination is
> needed with NIST, as the PAPE specification uses elements of the NIST
> specification in the intended fashion.
>
>                 (ii)  Proposers:
>
>                                 Michael B. Jones, mbj at microsoft.com,
> Microsoft Corporation
>
>                                 David Recordon, drecordon at sixapart.com, Six
> Apart Corporation
>
>                                 Ben Laurie, benl at google.com, Google
> Corporation
>
>                                 Drummond Reed, drummond.reed at cordance.net,
> Cordance Corporation
>
>                                 John Bradley, john.bradley at wingaa.com,
> Wingaa Corporation
>
>                                 Johnny Bufu, johnny.bufu at gmail.com,
> Independent
>
> Editors:
>
>                                 Michael B. Jones, mbj at microsoft.com,
> Microsoft Corporation
>
>                                 David Recordon, drecordon at sixapart.com, Six
> Apart Corporation
>
>                 (iii)  Anticipated Contributions:  None.
>
>
>
> ====
>
>
>
> (The rest of this note is informational and not part of the proposal to
> create an OpenID working group.)
>
>
>
> Given that the OpenID specification procedures call for votes of the
> membership, this would be a good time for those wanting to influence the
> outcome of this specification to join the OpenID Foundation.  You can do so
> at http://openid.net/foundation/join/.  Should you wish to join the working
> group, you will also need to execute the Contribution Agreement at
> http://openid.net/foundation/intellectual-property/ once the working group
> formation has been approved by the membership.  After the Specifications
> Council has responded to this request to create a working group (which must
> happen within 15 days) a separate message will be sent asking those of you
> who are OpenID members to vote on the working group creation, containing
> instructions for how to do so.
>
>
>
>                                                                 -- Mike
>
>
> _______________________________________________
>  specs mailing list
>  specs at openid.net
>  http://openid.net/mailman/listinfo/specs
>
>


More information about the specs mailing list