Proposal to create the PAPE working group

Nat Sakimura sakimura at gmail.com
Fri May 23 00:55:05 UTC 2008


Perhaps you could explain to the list what the process will be after
this, such as:

1) Specification Council to approved PAPA WG.
2) Call for Participation ... etc.

IMHO, that will help the community to understand the process a lot.

By the way, I plan to respond to 2) above. I could have been a
proposer of the WG, but to debug the process, somebody has to do the
role of responder to the call for participation, so...  :-)

=nat

2008/5/23 Mike Jones <Michael.Jones at microsoft.com>:
> This message is being sent to revise the proposal to create the PAPE working
> group, changing only one word, so that the projected completion date is July
> 2008, rather than May 2008.  The complete text of the revised proposal
> follows.
>
>
>
>                                                             --- Mike
>
>
>
> In accordance with the OpenID Foundation IPR policies and procedures this
> note proposes the formation of a new working group chartered to produce an
> OpenID specification.  As per Section 4.1 of the Policies, the specifics of
> the proposed working group are:
>
>
>
> Proposal:
>
> (a)  Charter.
>
>                 (i)  WG name:  Provider Authentication Policy Extension
> (PAPE)
>
>                 (ii)  Purpose:  Produce a standard OpenID extension to the
> OpenID Authentication protocol that:  provides a mechanism by which a
> Relying Party can request that particular authentication policies be applied
> by the OpenID Provider when authenticating an End User and provides a
> mechanism by which an OpenID Provider may inform a Relying Party which
> authentication policies were used. Thus a Relying Party can request that the
> End User authenticate, for example, using a phishing-resistant and/or
> multi-factor authentication method.
>
>                 (iii)  Scope:  Produce a revision of the PAPE 1.0 Draft 2
> specification that clarifies its intent, while maintaining compatibility for
> existing Draft 2 implementations.  Adding any support for communicating
> requests for or the use of specific authentication methods (as opposed to
> authentication policies) is explicitly out of scope.
>
>                 (iv)  Proposed List of Specifications:  Provider
> Authentication Policy Extension 1.0, spec completion expected during July
> 2008.
>
>                 (v)  Anticipated audience or users of the work:
> Implementers of OpenID Providers and Relying Parties – especially those
> interested in mitigating the phishing vulnerabilities of logging into OpenID
> providers with passwords.
>
>                 (vi)  Language in which the WG will conduct business:
> English.
>
>                 (vii)  Method of work:  E-mail discussions on the working
> group mailing list, working group conference calls, and possibly a
> face-to-face meeting at the Internet Identity Workshop.
>
>                 (viii)  Basis for determining when the work of the WG is
> completed:  Proposed changes to draft 2 will be evaluated on the basis of
> whether they increase or decrease consensus within the working group.  The
> work will be completed once it is apparent that maximal consensus on the
> draft has been achieved, consistent with the purpose and scope.
>
> (b)  Background Information.
>
>                 (i)  Related work being done in other WGs or organizations:
> (1) Assurance Levels as defined by the National Institute of Standards and
> Technology (NIST) in Special Publication 800-63 (Burr, W., Dodson, D., and
> W. Polk, Ed., "Electronic Authentication Guideline," April 2006.)
> [NIST_SP800‑63].  This working group is needed to enable authentication
> policy statements to be exchanged by OpenID endpoints.  No coordination is
> needed with NIST, as the PAPE specification uses elements of the NIST
> specification in the intended fashion.
>
>                 (ii)  Proposers:
>
>                                 Michael B. Jones, mbj at microsoft.com,
> Microsoft Corporation
>
>                                 David Recordon, drecordon at sixapart.com, Six
> Apart Corporation
>
>                                 Ben Laurie, benl at google.com, Google
> Corporation
>
>                                 Drummond Reed, drummond.reed at cordance.net,
> Cordance Corporation
>
>                                 John Bradley, john.bradley at wingaa.com,
> Wingaa Corporation
>
>                                 Johnny Bufu, johnny.bufu at gmail.com,
> Independent
>
>                                 Dick Hardt, dick at sxip.com,  Sxip Identity
> Corporation
>
> Editors:
>
>                                 Michael B. Jones, mbj at microsoft.com,
> Microsoft Corporation
>
>                                 David Recordon, drecordon at sixapart.com, Six
> Apart Corporation
>
>                 (iii)  Anticipated Contributions:  None.
>
>
>
> _______________________________________________
> specs mailing list
> specs at openid.net
> http://openid.net/mailman/listinfo/specs
>
>



-- 
Nat Sakimura (=nat)
http://www.sakimura.org/en/


More information about the specs mailing list