Proposal to create the PAPE working group
Mike Jones
Michael.Jones at microsoft.com
Thu May 22 21:43:02 PDT 2008
The next steps will be:
- notification of an upcoming vote by the membership on the creation of the working group
- assuming that vote passes, the working group is created
- OIDF members can join the working group by signing the IPR contribution document specifying that group
- The working group does its work
- The working group recommends a draft to the membership for approval as an implementer's draft or final specification
- The members vote
- If the vote passes, the implementers draft or specification is approved
Voting instructions are planned to go out tomorrow.
-- Mike
-----Original Message-----
From: Nat Sakimura [mailto:sakimura at gmail.com]
Sent: Thursday, May 22, 2008 5:55 PM
To: Mike Jones
Cc: specs at openid.net
Subject: Re: Proposal to create the PAPE working group
Perhaps you could explain to the list what the process will be after
this, such as:
1) Specification Council to approved PAPA WG.
2) Call for Participation ... etc.
IMHO, that will help the community to understand the process a lot.
By the way, I plan to respond to 2) above. I could have been a
proposer of the WG, but to debug the process, somebody has to do the
role of responder to the call for participation, so... :-)
=nat
2008/5/23 Mike Jones <Michael.Jones at microsoft.com>:
> This message is being sent to revise the proposal to create the PAPE working
> group, changing only one word, so that the projected completion date is July
> 2008, rather than May 2008. The complete text of the revised proposal
> follows.
>
>
>
> --- Mike
>
>
>
> In accordance with the OpenID Foundation IPR policies and procedures this
> note proposes the formation of a new working group chartered to produce an
> OpenID specification. As per Section 4.1 of the Policies, the specifics of
> the proposed working group are:
>
>
>
> Proposal:
>
> (a) Charter.
>
> (i) WG name: Provider Authentication Policy Extension
> (PAPE)
>
> (ii) Purpose: Produce a standard OpenID extension to the
> OpenID Authentication protocol that: provides a mechanism by which a
> Relying Party can request that particular authentication policies be applied
> by the OpenID Provider when authenticating an End User and provides a
> mechanism by which an OpenID Provider may inform a Relying Party which
> authentication policies were used. Thus a Relying Party can request that the
> End User authenticate, for example, using a phishing-resistant and/or
> multi-factor authentication method.
>
> (iii) Scope: Produce a revision of the PAPE 1.0 Draft 2
> specification that clarifies its intent, while maintaining compatibility for
> existing Draft 2 implementations. Adding any support for communicating
> requests for or the use of specific authentication methods (as opposed to
> authentication policies) is explicitly out of scope.
>
> (iv) Proposed List of Specifications: Provider
> Authentication Policy Extension 1.0, spec completion expected during July
> 2008.
>
> (v) Anticipated audience or users of the work:
> Implementers of OpenID Providers and Relying Parties – especially those
> interested in mitigating the phishing vulnerabilities of logging into OpenID
> providers with passwords.
>
> (vi) Language in which the WG will conduct business:
> English.
>
> (vii) Method of work: E-mail discussions on the working
> group mailing list, working group conference calls, and possibly a
> face-to-face meeting at the Internet Identity Workshop.
>
> (viii) Basis for determining when the work of the WG is
> completed: Proposed changes to draft 2 will be evaluated on the basis of
> whether they increase or decrease consensus within the working group. The
> work will be completed once it is apparent that maximal consensus on the
> draft has been achieved, consistent with the purpose and scope.
>
> (b) Background Information.
>
> (i) Related work being done in other WGs or organizations:
> (1) Assurance Levels as defined by the National Institute of Standards and
> Technology (NIST) in Special Publication 800-63 (Burr, W., Dodson, D., and
> W. Polk, Ed., "Electronic Authentication Guideline," April 2006.)
> [NIST_SP800‑63]. This working group is needed to enable authentication
> policy statements to be exchanged by OpenID endpoints. No coordination is
> needed with NIST, as the PAPE specification uses elements of the NIST
> specification in the intended fashion.
>
> (ii) Proposers:
>
> Michael B. Jones, mbj at microsoft.com,
> Microsoft Corporation
>
> David Recordon, drecordon at sixapart.com, Six
> Apart Corporation
>
> Ben Laurie, benl at google.com, Google
> Corporation
>
> Drummond Reed, drummond.reed at cordance.net,
> Cordance Corporation
>
> John Bradley, john.bradley at wingaa.com,
> Wingaa Corporation
>
> Johnny Bufu, johnny.bufu at gmail.com,
> Independent
>
> Dick Hardt, dick at sxip.com, Sxip Identity
> Corporation
>
> Editors:
>
> Michael B. Jones, mbj at microsoft.com,
> Microsoft Corporation
>
> David Recordon, drecordon at sixapart.com, Six
> Apart Corporation
>
> (iii) Anticipated Contributions: None.
>
>
>
> _______________________________________________
> specs mailing list
> specs at openid.net
> http://openid.net/mailman/listinfo/specs
>
>
--
Nat Sakimura (=nat)
http://www.sakimura.org/en/
More information about the specs
mailing list