Proposal to create the TX working group

Nat Sakimura n-sakimura at nri.co.jp
Fri Oct 31 11:21:19 UTC 2008


Dear Specification Council members:

In accordance with the OpenID Foundation IPR policies and procedures
<http://openid.net/foundation/intellectual-property/> this note proposes
the formation of a new working group chartered to produce an OpenID
specification. As per Section 4.1 of the Policies, the specifics of the
proposed working group are:
**



      *Trust Exchange (TX) Extension WG Charter*

In accordance with the OpenID Foundation IPR policies and procedures
this note proposes the formation of a new working group chartered to
produce an OpenID specification. As per Section 4.1 of the Policies, the
specifics of the proposed working group are:


Proposal:

(a) Charter.

(i) WG name: Trust Exchange Extension (TX)

(ii) Purpose: The purpose of this WG is to produce a standard OpenID
extension to the OpenID Authentication protocol that enables arbitrary
parties to create and exchange a mutually-digitally-signed legally
binding "contract". This protocol extension aims to be both broadband
and mobile friendly by definingappropriatebindings for each use case.

Although this specification defines one default protocol for transfering
data based on the contract, the data transfer portion is intended to be
pluggable so that other protocols may also be used for this purpose.

The extension is not intended to be a general method for defining
attributes; the scope is limited to a specific set of attributes
necessary for contract semantics. The extension will also define a
contract signature based on public key cryptography. When used with a
digital certificate signed by a third party, the contract and signature
can be used as an assertion of conformance to an applicable assurance
program.

(iii) Scope:

Scope of the work

    * Development of the specification including:

          o An extensible tag-value contract format
          o Public Key Cryptography based digital signature method
            applied to the above contract format
          o Query/response communication protocols for establishing the
            contract
          o Default data transfer protocol based on the contract
          o Conformance requirements for other data transfer protocol
            bindings

    * Security, threats and Risk analysis

          o Perform Security Risk analysis and profiles for best practice

Out of scope

    * Term negotiation: Actual negotiation of the terms of a contract
      should be dealt with out-of-band or by other specifications.
    * General purpose data type identifiers: this should be determined
      on a per-community bases using other specifications such as OpenID
      Attribute Exchange.
    * Assurance programs or other identity governance frameworks.
    * It is the intent that this specification be usable by any trust
      community, whether it uses conventional PKI hierarchies,
      peer-to-peer trust mechanisms, reputation systems, or other forms
      of trust assurance. The specification of any particular trust
      root, trust hierarchy, or trust policy is explicitly out of scope.


(iv) Proposed List of Specifications: TX 1.0, spec completion expected
in January 2009.

(v) Anticipated audience or users of the work: Implementers of OpenID
Providers and Relying Parties, especially those who require security and
accountability features to exchange sensitive customer information (e.g.
personally identifiable information and credit card numbers) responsibly
among trusted parties.

(vi) Language in which the WG will conduct business: English.

(vii) Method of work: E-mail discussions on the working group mailing
list, working group conference calls, and possibly face-to-face meetings
at conferences.

(viii) Basis for determining when the work of the WG is completed: Draft
1 will be evaluated on the basis of whether they increase or decrease
consensus within the working group. The work will be completed once it
is apparent that maximal consensus on the draft has been achieved,
consistent with the purpose and scope.

(b) Background Information.

(i) Related work being done by other WGs or organizations:

    * LIberty Alliance Identity Governance Framework (IGF) 1.0 Draft
      <http://www.projectliberty.org/liberty/content/download/4329/28939/file/liberty-igf-draft-1.0-2008-06-21.zip>

    * XML Advanced Electronic Signatures (XAdES)
      <http://www.w3.org/TR/XAdES/>


(ii) Proposers:

Drummond Reed, drummond.reed at parity.com
<mailto:drummond.reed at parity.com>, Cordance/Parity/OASIS (U.S.A)
Henrik Biering, hb at netamia.com <mailto:hb at netamia.com>, Netamia (Denmark)
Hideki Nara, hdknr at ic-tact.co.jp <mailto:hdknr at ic-tact.co.jp>, Tact
Communications (Japan)
John Bradeley, jbradley at mac.com, OASIS IDTrust Member Section (Canada)
Mike Graves, mgraves at janrain.com <mailto:mgraves at janrain.com>, JanRain,
Inc. (U.S.A.)
Nat Sakimura, n-sakimura at nri.co.jp <mailto:n-sakimura at nri.co.jp>, Nomura
Research Institute, Ltd.(Japan)
Robert Ott, robert.ott at clavid.com <mailto:robert.ott at clavid.com>, Clavid
(Switzerland)
Tatsuki Sakushima, tatsuki at nri.com <mailto:tatsuki at nri.com>, NRI
America, Ltd. (U.S.A.)
Toru Yamaguchi, trymch at gmail.com <mailto:trymch at gmail.com>, Cyboze Lab
(Japan)


Editors:

Nat Sakimura, n-sakimura at nri.co.jp <mailto:n-sakimura at nri.co.jp>, Nomura
Research Institute, Ltd.

(iii) Anticipated Contributions:
(1) Sakimura, N., et. al "OpenID Trusted data eXchange Extention
Specification (draft)", Oct. 2008. [TX2008]
<http://svn.sourceforge.jp/cgi-bin/viewcvs.cgi/*checkout*/spec/openid-trust-exchange-1_0.html?root=openidtx>.



-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs/attachments/20081031/9d8126da/attachment-0002.htm>


More information about the specs mailing list