Proposal to create the PAPE working group

Mike Jones Michael.Jones at microsoft.com
Sat Apr 26 23:20:36 UTC 2008


I'm pleased to report that Dick Hardt has also added his name to the list of proposers for this working group.  The list is now:
                                Michael B. Jones, mbj at microsoft.com<mailto:mbj at microsoft.com>, Microsoft Corporation
                                David Recordon, drecordon at sixapart.com<mailto:drecordon at sixapart.com>, Six Apart Corporation
                                Ben Laurie, benl at google.com<mailto:benl at google.com>, Google Corporation
                                Drummond Reed, drummond.reed at cordance.net<mailto:drummond.reed at cordance.net>, Cordance Corporation
                                John Bradley, john.bradley at wingaa.com<mailto:john.bradley at wingaa.com>, Wingaa Corporation
                                Johnny Bufu, johnny.bufu at gmail.com<mailto:johnny.bufu at gmail.com>, Independent
                                Dick Hardt, dick at sxip.com<mailto:dick at sxip.com>,  Sxip Identity Corporation

                                                -- Mike

________________________________
From: Mike Jones
Sent: Friday, April 25, 2008 1:36 PM
To: specs at openid.net
Cc: David Recordon; Ben Laurie; Drummond Reed; John Bradley; Johnny Bufu
Subject: Proposal to create the PAPE working group

In accordance with the OpenID Foundation IPR policies and procedures<http://openid.net/foundation/intellectual-property/> this note proposes the formation of a new working group chartered to produce an OpenID specification.  As per Section 4.1 of the Policies, the specifics of the proposed working group are:

Proposal:
(a)  Charter.
                (i)  WG name:  Provider Authentication Policy Extension (PAPE)
                (ii)  Purpose:  Produce a standard OpenID extension to the OpenID Authentication protocol that:  provides a mechanism by which a Relying Party can request that particular authentication policies be applied by the OpenID Provider when authenticating an End User and provides a mechanism by which an OpenID Provider may inform a Relying Party which authentication policies were used. Thus a Relying Party can request that the End User authenticate, for example, using a phishing-resistant and/or multi-factor authentication method.
                (iii)  Scope:  Produce a revision of the PAPE 1.0 Draft 2 specification that clarifies its intent, while maintaining compatibility for existing Draft 2 implementations.  Adding any support for communicating requests for or the use of specific authentication methods (as opposed to authentication policies) is explicitly out of scope.
                (iv)  Proposed List of Specifications:  Provider Authentication Policy Extension 1.0, spec completion expected during May 2008.
                (v)  Anticipated audience or users of the work:  Implementers of OpenID Providers and Relying Parties – especially those interested in mitigating the phishing vulnerabilities of logging into OpenID providers with passwords.
                (vi)  Language in which the WG will conduct business:  English.
                (vii)  Method of work:  E-mail discussions on the working group mailing list, working group conference calls, and possibly a face-to-face meeting at the Internet Identity Workshop.
                (viii)  Basis for determining when the work of the WG is completed:  Proposed changes to draft 2 will be evaluated on the basis of whether they increase or decrease consensus within the working group.  The work will be completed once it is apparent that maximal consensus on the draft has been achieved, consistent with the purpose and scope.
(b)  Background Information.
                (i)  Related work being done in other WGs or organizations:  (1) Assurance Levels as defined by the National Institute of Standards and Technology (NIST) in Special Publication 800-63 (Burr, W., Dodson, D., and W. Polk, Ed., “Electronic Authentication Guideline,” April 2006.) [NIST_SP800‑63].  This working group is needed to enable authentication policy statements to be exchanged by OpenID endpoints.  No coordination is needed with NIST, as the PAPE specification uses elements of the NIST specification in the intended fashion.
                (ii)  Proposers:
                                Michael B. Jones, mbj at microsoft.com<mailto:mbj at microsoft.com>, Microsoft Corporation
                                David Recordon, drecordon at sixapart.com<mailto:drecordon at sixapart.com>, Six Apart Corporation
                                Ben Laurie, benl at google.com<mailto:benl at google.com>, Google Corporation
                                Drummond Reed, drummond.reed at cordance.net<mailto:drummond.reed at cordance.net>, Cordance Corporation
                                John Bradley, john.bradley at wingaa.com<mailto:john.bradley at wingaa.com>, Wingaa Corporation
                                Johnny Bufu, johnny.bufu at gmail.com<mailto:johnny.bufu at gmail.com>, Independent
Editors:
                                Michael B. Jones, mbj at microsoft.com<mailto:mbj at microsoft.com>, Microsoft Corporation
                                David Recordon, drecordon at sixapart.com<mailto:drecordon at sixapart.com>, Six Apart Corporation
                (iii)  Anticipated Contributions:  None.

====

(The rest of this note is informational and not part of the proposal to create an OpenID working group.)

Given that the OpenID specification procedures call for votes of the membership, this would be a good time for those wanting to influence the outcome of this specification to join the OpenID Foundation.  You can do so at http://openid.net/foundation/join/.  Should you wish to join the working group, you will also need to execute the Contribution Agreement at http://openid.net/foundation/intellectual-property/ once the working group formation has been approved by the membership.  After the Specifications Council has responded to this request to create a working group (which must happen within 15 days) a separate message will be sent asking those of you who are OpenID members to vote on the working group creation, containing instructions for how to do so.

                                                                -- Mike

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs/attachments/20080426/bb1d4354/attachment-0002.htm>


More information about the specs mailing list