RP library authors

Tatsuki Sakushima tatsuki at nri.com
Fri Sep 11 23:15:43 UTC 2009 

Hi John,

The document misses a reference to the PAPE spec in Appendix D.
Is that done on purpose until some errors in the spec will be fixed?

Tatsuki

Tatsuki Sakushima
NRI Pacific - Nomura Research Institute America, Inc.

(9/11/09 8:49 AM), John Bradley wrote:
> The GSA profile for openID is available at:
> 
> http://www.idmanagement.gov/documents/ICAM_OpenID20Profile.pdf
> 
> Many things that are SHOULD in the openID 2.0 spec are now MUST in the 
> profile.
> 
> There are new PAPE URI and other modifications.
> 
> Most of the OP's supporting the profile will not be restricting it to 
> only Gov RP's.
> 
> Any RP may elect to use all or parts of this new profile for any purpose 
> they choose.
> 
> Also any OP is free to support it wether or not they are on the GSA 
> whitelist.
> 
> To get on the GSA white-list OP's must support the profile and be 
> audited against a Trust Framework.  The OIDF has information available 
> an applying through it's program.
> 
> There are quite a number of requirements on the RP side, that need to be 
> met.
> 
> The sooner these features are in libraries the sooner government 
> agencies can move ahead with deployments.
> 
> If there is interest we can set up a google group where developers can 
> get there questions on implementing the profile answered.
> 
> If I can get to IIW in Nov,  I would like to organize a session on this 
> for people.
> 
> There will be revisions to the profile in the future as we all gain 
> experience.
> 
> The people who worked on the profile tried to profile only the existing 
> specifications as written without inventing anything incompatible with 
> existing implementations.
> 
> The GSA's goal is to enable as many existing identities as possible to 
> have access to govenment resources without making people create new 
> username and password accounts at each of the thousands  of potential RP 
> sites.
> 
> Extra attention was taken to allow openID to be used without divulging 
> ANY PII to the government.
> This includes the use of a Pseudonymous openID identifier to allow sites 
> that can take no PII or do any correlation to still use openID.
> 
> The regulation on this is quite strict.  We could not convert the ID to 
> a pseudonym on the RP side and adhere to the regulation.
> 
> We hope that the profile maximizes participation of OP's and RPs alike, 
> while not placing insurmountable burdens on developers.
> 
> RP's and OP's that don't intend to make use of the profile need to make 
> no changes at all.
> 
> I regret bot being able to share more of this with you sooner.  The OIDF 
> and the other foundations were requested not to discuss this publicly 
> until after the government announcements.
> 
> Regards
> John Bradley
> 
> 
> 
> _______________________________________________
> specs mailing list
> specs at lists.openid.net
> http://lists.openid.net/mailman/listinfo/openid-specs
>

More information about the specs mailing list