Proposal to create the OpenID OAuth Hybrid Working Group

David Recordon drecordon at sixapart.com
Wed Nov 5 17:43:12 UTC 2008


I see this as being really needed and quite a bunch of work has  
already gone into the doc.  I'm wondering if it would be better to  
write a Scope which describes the work and list the current draft as  
an Anticipated Contribution rather than just saw that the Scope is to  
standardize that document.

Cheers,
--David

On Nov 3, 2008, at 2:33 AM, Yariv Adan wrote:

>  In accordance with the OpenID Foundation IPR policies and  
> procedures<http://openid.net/foundation/intellectual-property/ >  
> this note proposes the formation of a new working group chartered to  
> produce an OpenID specification.
>
> As per Section 4.1 of the Policies, the specifics of the proposed  
> working group are:
>
> Background Information:
> OpenID has always been focused on how to enable user-authentication  
> within the browser.  Over the last year, OAuth has been developed to  
> allow authorization either from within a browser, desktop software,  
> or mobile devices.  Obviously there has been interest in using  
> OpenID and OAuth together allowing a user to share their identity as  
> well as grant a Relying Party access to an OAuth protected resource  
> in a single step.  A small group of people have been working on  
> developing an extension to OpenID which makes this possible in a  
> collaborative fashion withinhttp://code.google.com/p/step2/.  This  
> small project includes a draft spec and Open Source implementations  
> which the proposers would like to finalize within the OpenID  
> Foundation.
>
>
> Working Group Name:
> OpenID OAuth Hybrid Working Group
>
>
> Purpose:
> Produce a standard OpenID extension to the OpenID Authentication  
> protocol that provides a mechanism to embed an OAuth approval  
> request into an OpenID authentication request to permit combined  
> user approval. The extension addresses the use case where the OpenID  
> Provider and OAuth Service Provider are the same service. To provide  
> good user experience, it is important to present a combined  
> authentication and authorization screen for the two protocols.
>
>
> Scope:
> Standardize the draft Hybrid Protocol (http://step2.googlecode.com/svn/spec/openid_oauth_extension/drafts/0/openid_oauth_extension.html 
> ) as an official OpenID Extension describing how to combine an  
> OpenID authentication request with the approval of an OAuth request  
> token.
>
>
> Anticipated Contributions:
> Draft specification referenced above and various text contributions  
> as more developers implement it.
>
>
> Proposed List of Specifications:
> OpenID OAuth Extension 1.0. Spec completion by Q4 2008.
>
>
> Anticipated audience or users of the work:
>  - OpenID Providers and Relying Parties
>  - OAuth Consumers and Service Providers
>  - Implementers of OpenID Providers and Relying Parties
>
>
> Language in which the WG will conduct business:
> English.
>
>
> Method of work:
> E-mail discussions on the working group mailing list and working  
> group conference calls.
>
>
> Basis for determining when the work of the WG is completed:
> The work will be completed once it is apparent that maximal  
> consensus on the protocol proposal has been achieved within the  
> working group, consistent with the purpose and scope.
>
>
> Proposers:
>  - Ben Laurie, benl at google.com, Google
>  - Breno de Medeiros, breno at google.com, Google
>  - David Recordon, drecordon at sixapart.com, Six Apart
>  - Dirk Balfanz, balfanz at google.com, Google
>  - Joseph Smarr, jsmarr at plaxo.com, Plaxo
>  - Yariv Adan, yariv at google.com, Google
>  - Allen Tom, atom at yahoo-inc.com , Yahoo
>  - Josh Hoyt, josh at janrain.com , JanRain
>
>
> Initial Editors:
>  - Dirk Balfanz, balfanz at google.com, Google
>  - Breno de Medeiros, breno at google.com, Google
>
> -- 
> Yariv Adan | Product Manager
> Google Switzerland GmbH | Identifikationsnummer: CH-020.4.028.116-1
> This e-mail is confidential. If you are not the right addressee  
> please do not forward it, please inform the sender, and please erase  
> this e-mail including any attachments. Thanks.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs/attachments/20081105/d8c2db57/attachment-0002.htm>


More information about the specs mailing list