CX proposal update

Fri Jan 23 02:57:39 UTC 2009

What entails the "reasonable UI/UX" probably depends on the jurisdiction, so
we let the implimentation decide it. For example, it seems in the U.S., the
agreement shown by clicking the link is acceptable while in Japan, it is not
according to the METI guideline, etc.

Workflow is separate from the UI. Whatever is the appropriate UI in the
jurisdiction, the proof of the consent and the wrokflow (such as, if proxy
signing is done, the proxy agreement must precedes the signing etc.) will
probably stay the same most of the time.

=nat

On Fri, Jan 23, 2009 at 11:03 AM, Allen Tom <atom at yahoo-inc.com> wrote:

>  Hi Nat,
>
> How will the WG define workflow and proof of user consent if the charter
> says that UI and UX are out of scope?
>
> Allen
>
>
>
> Nat wrote:
>
> Whether it really is legally binding depends on what jurisdiction you are
> in, but typically there are some minimal set of info that has to be included
> to be considered to be a good one. Namely, sufficiently unique identifiers
> for all the parties involved, term, date, expiry, renewal privision,
> termination clause, jurisdiction, and signatures. Signature sometimes is of
> not the subject but of a proxy agent.
> CX is going to define how these should be represented.
>
>  These "contracts" typically lives long, and there are readability
> requirement as well. (I.e. it should not require a special software to read
> and understand what it means.) Cryptographically, it requires provisioning
> against algorithm getting compromised such as time stamping.
>
>  We also have to define the verification procedure for all the above.
>
>  Then, there is an issue of what entails the reasonable action and
> workflow etc. as a proof of user consent.
>
>  So, in summary, while we intend to use AX (and/or OAuth hybrid) as the
> undelying protocol, it is a little more than merely defining another set of
> attributes.
>
> =nat at TOKYO via iPhone
>
> On 2009/01/23, at 5:43, Allen Tom <atom at yahoo-inc.com> wrote:
>
>  Hi Nat,
>
> Can you define the term "contract"? Is it legally binding? It is just a
> signed set of attributes? Who are the parties involved with signing the
> contract? The RP, OP, and user? Instead of defining a new CX extension,
> would it just be sufficient to define new attributes using AX?
>
> Would it make more sense to use OAuth instead of defining a new OpenID
> extension? OAuth is designed to allow a user to authorize an RP (aka
> Consumer) to access protected resources hosted by the user's OP (aka Service
> Provider). It might make more sense to use the OpenID+OAuth hybrid protocol
> along with an OAuth protected web service to exchange contract information.
>
> Thanks
> Allen
>
>
>
>
> Nat Sakimura wrote:
>
> I have edited the Contract Exchange Proposal on the wiki.
>
> http://wiki.openid.net/Working_Groups%3AContract_Exchange_1
>
> It is substantially shorter and easier to parse, hopefully.
>
> Please discuss.
>
> --
> Nat Sakimura (=nat)
> http://www.sakimura.org/en/
>
> ------------------------------
>
> _______________________________________________
> specs mailing listspecs at openid.nethttp://openid.net/mailman/listinfo/specs
>
>
>
>

-- 
Nat Sakimura (=nat)
http://www.sakimura.org/en/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs/attachments/20090123/e0dcbe09/attachment-0002.htm>