Proposal to create the PAPE working group

Mike Jones Michael.Jones at
Thu May 22 15:25:02 PDT 2008

This message is being sent to revise the proposal to create the PAPE working group, changing only one word, so that the projected completion date is July 2008, rather than May 2008.  The complete text of the revised proposal follows.

                                                            --- Mike

In accordance with the OpenID Foundation IPR policies and procedures<> this note proposes the formation of a new working group chartered to produce an OpenID specification.  As per Section 4.1 of the Policies, the specifics of the proposed working group are:

(a)  Charter.
                (i)  WG name:  Provider Authentication Policy Extension (PAPE)
                (ii)  Purpose:  Produce a standard OpenID extension to the OpenID Authentication protocol that:  provides a mechanism by which a Relying Party can request that particular authentication policies be applied by the OpenID Provider when authenticating an End User and provides a mechanism by which an OpenID Provider may inform a Relying Party which authentication policies were used. Thus a Relying Party can request that the End User authenticate, for example, using a phishing-resistant and/or multi-factor authentication method.
                (iii)  Scope:  Produce a revision of the PAPE 1.0 Draft 2 specification that clarifies its intent, while maintaining compatibility for existing Draft 2 implementations.  Adding any support for communicating requests for or the use of specific authentication methods (as opposed to authentication policies) is explicitly out of scope.
                (iv)  Proposed List of Specifications:  Provider Authentication Policy Extension 1.0, spec completion expected during July 2008.
                (v)  Anticipated audience or users of the work:  Implementers of OpenID Providers and Relying Parties – especially those interested in mitigating the phishing vulnerabilities of logging into OpenID providers with passwords.
                (vi)  Language in which the WG will conduct business:  English.
                (vii)  Method of work:  E-mail discussions on the working group mailing list, working group conference calls, and possibly a face-to-face meeting at the Internet Identity Workshop.
                (viii)  Basis for determining when the work of the WG is completed:  Proposed changes to draft 2 will be evaluated on the basis of whether they increase or decrease consensus within the working group.  The work will be completed once it is apparent that maximal consensus on the draft has been achieved, consistent with the purpose and scope.
(b)  Background Information.
                (i)  Related work being done in other WGs or organizations:  (1) Assurance Levels as defined by the National Institute of Standards and Technology (NIST) in Special Publication 800-63 (Burr, W., Dodson, D., and W. Polk, Ed., “Electronic Authentication Guideline,” April 2006.) [NIST_SP800‑63].  This working group is needed to enable authentication policy statements to be exchanged by OpenID endpoints.  No coordination is needed with NIST, as the PAPE specification uses elements of the NIST specification in the intended fashion.
                (ii)  Proposers:
                                Michael B. Jones, mbj at<mailto:mbj at>, Microsoft Corporation
                                David Recordon, drecordon at<mailto:drecordon at>, Six Apart Corporation
                                Ben Laurie, benl at<mailto:benl at>, Google Corporation
                                Drummond Reed, drummond.reed at<mailto:drummond.reed at>, Cordance Corporation
                                John Bradley, john.bradley at<mailto:john.bradley at>, Wingaa Corporation
                                Johnny Bufu, johnny.bufu at<mailto:johnny.bufu at>, Independent
                                Dick Hardt, dick at<mailto:dick at>,  Sxip Identity Corporation
                                Michael B. Jones, mbj at<mailto:mbj at>, Microsoft Corporation
                                David Recordon, drecordon at<mailto:drecordon at>, Six Apart Corporation
                (iii)  Anticipated Contributions:  None.

-------------- next part --------------
An HTML attachment was scrubbed...

More information about the specs mailing list