Proposal to create the OpenID OAuth Hybrid Working Group

Yariv Adan yariv at google.com
Mon Nov 3 14:30:57 UTC 2008


 In accordance with the OpenID Foundation IPR policies and procedures<
http://openid.net/foundation/intellectual-property/ > this note proposes the
formation of a new working group chartered to produce an OpenID
specification.
As per Section 4.1 of the Policies, the specifics of the proposed working
group are:

Background Information:
OpenID has always been focused on how to enable user-authentication within
the browser.  Over the last year, OAuth has been developed to allow
authorization either from within a browser, desktop software, or mobile
devices.  Obviously there has been interest in using OpenID and OAuth
together allowing a user to share their identity as well as grant a Relying
Party access to an OAuth protected resource in a single step.  A small group
of people have been working on developing an extension to OpenID which makes
this possible in a collaborative fashion within
http://code.google.com/p/step2/.  This small project includes a draft spec
and Open Source implementations which the proposers would like to finalize
within the OpenID Foundation.


Working Group Name:
OpenID OAuth Hybrid Working Group


Purpose:
Produce a standard OpenID extension to the OpenID Authentication protocol
that provides a mechanism to embed an OAuth approval request into an OpenID
authentication request to permit combined user approval. The extension
addresses the use case where the OpenID Provider and OAuth Service Provider
are the same service. To provide good user experience, it is important to
present a combined authentication and authorization screen for the two
protocols.


Scope:
Standardize the draft Hybrid Protocol (
http://step2.googlecode.com/svn/spec/openid_oauth_extension/drafts/0/openid_oauth_extension.html)
as an official OpenID Extension describing how to combine an OpenID
authentication request with the approval of an OAuth request token.


Anticipated Contributions:
Draft specification referenced above and various text contributions as more
developers implement it.


Proposed List of Specifications:
OpenID OAuth Extension 1.0. Spec completion by Q4 2008.


Anticipated audience or users of the work:
 - OpenID Providers and Relying Parties
 - OAuth Consumers and Service Providers
 - Implementers of OpenID Providers and Relying Parties


Language in which the WG will conduct business:
English.


Method of work:
E-mail discussions on the working group mailing list and working group
conference calls.


Basis for determining when the work of the WG is completed:
The work will be completed once it is apparent that maximal consensus on the
protocol proposal has been achieved within the working group, consistent
with the purpose and scope.


Proposers:
 - Ben Laurie, benl at google.com, Google
 - Breno de Medeiros, breno at google.com, Google
 - David Recordon, drecordon at sixapart.com, Six Apart
 - Dirk Balfanz, balfanz at google.com, Google
 - Joseph Smarr, jsmarr at plaxo.com, Plaxo
 - Yariv Adan, yariv at google.com, Google  - Allen Tom, atom at yahoo-inc.com ,
Yahoo
 - Josh Hoyt, josh at janrain.com , JanRain


Initial Editors:
 - Dirk Balfanz, balfanz at google.com, Google  - Breno de Medeiros,
breno at google.com, Google


-- 
Yariv Adan | Product Manager
Google Switzerland GmbH | Identifikationsnummer: CH-020.4.028.116-1
This e-mail is confidential. If you are not the right addressee please do
not forward it, please inform the sender, and please erase this e-mail
including any attachments. Thanks.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs/attachments/20081103/21c48c00/attachment-0001.htm>


More information about the specs mailing list