OpenID v.Next Core Protocol Charter
Jonathan Coffman
jonathan.coffman at gmail.com
Sat May 22 15:59:23 UTC 2010
As an RP, I would certainly support putting some work into logout --
but not to the detriment of the rest of v.Next. In other words, it is
worthwhile to put on the list of potential use-cases to support, but
not at the top of said list.
On May 22, 2010, at 11:47 AM, Dick Hardt wrote:
> Great point Torsten. If there is interest in exploring single
> logout, then it likely belongs in this WG.
>
> Are others interested in exploring single logout?
>
> -- Dick
>
> On 2010-05-22, at 2:30 AM, Torsten Lodderstedt wrote:
>
>> does this or another group consider to incorporate some kind of
>> single logout support into OpenId?
>>
>> regards,
>> Torsten.
>>
>>> At IIW yesterday I held a session on bashing the OpenID v.Nest
>>> Core Protocol Charter. Below is the current draft. Comments and/or
>>> questions welcome. Anyone interested in being a fellow proposer
>>> please let me know and I will add you.
>>>
>>> -- Dick
>>>
>>> (a) Charter.
>>>
>>> (i) WG name: OpenID v.Next Core Protocol.
>>> (ii) Purpose: Produce a core protocol
>>> specification or family of specifications for OpenID v.Next that
>>> address the limitations and drawbacks present in the OpenID 2.0
>>> that limit OpenID’s applicability, adoption, usability, privacy,
>>> and security. Specific goals are:
>>> · define message flows and verification methods,
>>> · enable support for controlled release of attributes,
>>> · enable aggregation of attributes from multiple verifiable
>>> sources,
>>> · enable support for a spectrum of clients, including
>>> passive clients per current usage, thin active clients, and active
>>> clients with OP functionality,
>>> · enable authentication to and use of attributes by non-
>>> browser applications,
>>> · enable the use of public key technology to enhance
>>> scalability and performance,
>>> · enable optimized protocol flows combining authentication,
>>> attribute release, and resource authorization,
>>> · define profiles and support features intended to enable
>>> OpenID to be used at levels of assurance higher than NIST SP800-63
>>> v2 level 1 ,
>>> · define an extension mechanism
>>> · ensure the use of OpenID on mobile devices,
>>> · ensure the use of OpenID on existing browsers with URL
>>> length restrictions,
>>> · complement OAuth 2.0
>>> · minimize migration effort from OpenID 2.0
>>> · seamlessly integrate with and complement the other OpenID
>>> v.Next specifications.
>>> Compatibility with OpenID 2.0 is an explicit non-
>>> goal for this work.
>>> (iii) Scope: Produce a next generation OpenID
>>> core protocol specification or specifications, consistent with the
>>> purpose statement.
>>> (iv) Proposed List of Specifications: OpenID
>>> v.Next Core Protocol and possibly related specifications.
>>> (v) Anticipated audience or users of the work:
>>> Implementers of OpenID Providers, Relying Parties, Active Clients,
>>> and non-browser applications utilizing OpenID.
>>> (vi) Language in which the WG will conduct
>>> business: English.
>>> (vii) Method of work: E-mail discussions on the
>>> working group mailing list, working group conference calls, and
>>> face-to-face meetings at the Internet Identity Workshop and OpenID
>>> summits.
>>> (viii) Basis for determining when the work of the
>>> WG is completed: Work will not be deemed to be complete until
>>> there is a consensus that the resulting protocol specification or
>>> family of specifications fulfills the working group goals.
>>> Additional proposed changes beyond that initial consensus will be
>>> evaluated on the basis of whether they increase or decrease
>>> consensus within the working group. The work will be completed
>>> once it is apparent that maximal consensus on the draft has been
>>> achieved, consistent with the purpose and scope.
>>> (b) Background Information.
>>>
>>> (i) Related work being done in other WGs or
>>> organizations: OpenID Authentication 2.0 and related
>>> specifications, including Attribute Exchange (AX), Contract
>>> Exchange (CX), Provider Authentication Policy Extension (PAPE),
>>> and the draft User Interface (UI) Extension. OAuth, OAuth WRAP,
>>> and OAuth 2.0. OpenID Connect proposal. SAML 2.0 Core and SAML
>>> Authn Context.
>>> (ii) Proposers:
>>> Dick Hardt, dick.hardt at gmail.com (chair)
>>>
>>> Michael B. Jones, mbj at microsoft.com
>>>
>>> Breno de Medeiros, breno at google.com
>>>
>>> Ashish Jain, Ashish.Jain at paypal.com
>>>
>>> George Fletcher, gffletch at aol.com
>>>
>>> (iii) Anticipated Contributions: None.
>>>
>>>
>>>
>>> _______________________________________________
>>> specs mailing list
>>> specs at lists.openid.net
>>> http://lists.openid.net/mailman/listinfo/openid-specs
>>>
>>
>
> _______________________________________________
> specs mailing list
> specs at lists.openid.net
> http://lists.openid.net/mailman/listinfo/openid-specs
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs/attachments/20100522/e2c1e930/attachment.html>
More information about the specs
mailing list