OpenID v.Next Core Protocol WG Charter :: DRAFT 2

David Recordon recordond at gmail.com
Mon May 24 20:11:29 UTC 2010 

Adding power grid meters to the scope of v.Next, profiles of the Core spec
from the start, and discovery of trust frameworks (from Tony in another
thread) are perfect examples of why I believe that v.Next is trying to bite
off far too much. I have no issue with these being long term goals, but
shouldn't slow down near term progress.

--David


On Mon, May 24, 2010 at 8:51 AM, Anthony Nadalin <tonynad at microsoft.com>wrote:

>  > ensure the use of OpenID on mobile devices,
>
> Ensure the use of OpenID on devices
>
>
>
> Would like to make sure we cover devices that are not really in the mobile
> space (like power grid meters, switches, etc)
>
>
>
> >     define profiles and support features intended to enable OpenID to be
> used at levels of assurance higher than NIST SP800-63 v2 level 1 ,
>
> Define profiles and support features intended to enable OpenID to be used
> at least 1 level of assurance higher than NIST SP800-63 v2 level 1.
>
>
>
> Want to make sure we set a goal that may be reachable but not to go after
> the highest level and fail.
>
>
>
>
>
>
>
> *From:* openid-specs-bounces at lists.openid.net [mailto:
> openid-specs-bounces at lists.openid.net] *On Behalf Of *Dick Hardt
>
> *Sent:* Sunday, May 23, 2010 3:29 PM
> *To:* OpenID Specs Mailing List
> *Subject:* OpenID v.Next Core Protocol WG Charter :: DRAFT 2
>
>
>
> Hello All
>
>
>
> Thanks for the feedback to date, below is a revised draft. Changes are:
>
> - changed use of public key from ensure to evaluate.
>
> - added goal to evaluate single sign out
>
> - broke multiple atttibute sources and verification of attributes and
> sources into separate goals
>
> - added a number of additional proposers (Yes, Shade is in the list as he
> is supportive of this WG.)
>
>
>
> I welcome any further feedback or additional requests to be added as a
> proposer. If I receive no significant feedback by EOB tomorrow, I will
> consider the charter bashing done.
>
>
>
> -- Dick
>
>
>
>
>
>
>
> *(a)  Charter.*
>
> *(i)*                  *WG name:*  OpenID v.Next Core Protocol.
>
> *(ii)*                  *Purpose:*  Produce a core protocol specification
> or family of specifications for OpenID v.Next that address the limitations
> and drawbacks present in OpenID 2.0 that limit OpenID’s applicability,
> adoption, usability, privacy, and security.  Specific goals are:
>
> ·       define core message flows and verification methods,
>
> ·       enable support for controlled release of attributes,
>
> ·        enable aggregation of attributes from multiple attribute sources,
>
> ·        enable attribute sources to provide verified attributes,
>
> ·        enable the sources of attributes to be verified,
>
> ·       enable support for a spectrum of clients, including passive
> clients per current usage, thin active clients, and active clients with OP
> functionality,
>
> ·       enable authentication to and use of attributes by non-browser
> applications,
>
> ·       enable optimized protocol flows combining authentication,
> attribute release, and resource authorization,
>
> ·       define profiles and support features intended to enable OpenID to
> be used at levels of assurance higher than NIST SP800-63 v2 level 1 ,
>
> ·       ensure the use of OpenID on mobile devices,
>
> ·       ensure the use of OpenID on existing browsers with URL length
> restrictions,
>
> ·       define an extension mechanism for identified capabilities that are
> not in the core specification
>
>  ·     evaluate the use of public key technology to enhance, security,
> scalability and performance,
>
> ·       evaluate inclusion of single sign out
>
> ·       complement OAuth 2.0
>
> ·       minimize migration effort from OpenID 2.0
>
> ·       seamlessly integrate with and complement the other OpenID v.Next
> specifications.
>
>               Compatibility with OpenID 2.0 is an explicit non-goal for
> this work.
>
> *(iii)*                  *Scope:*  Produce a next generation OpenID core
> protocol specification or specifications, consistent with the purpose
> statement.
>
> *(iv)*                  *Proposed List of Specifications*:  OpenID v.Next
> Core Protocol and possibly related specifications.
>
> *(v)*                  *Anticipated audience or users of the work:*
> Implementers of OpenID Providers, Relying Parties, Active Clients, and
> non-browser applications utilizing OpenID.
>
> *(vi)*                  *Language in which the WG will conduct business*:
> English.
>
> *(vii)*                  *Method of work:  *E-mail discussions on the
> working group mailing list, working group conference calls, and face-to-face
> meetings at the Internet Identity Workshop and OpenID summits.
>
> *(viii)*                  *Basis for determining when the work of the WG
> is completed:*  Work will not be deemed to be complete until there is a
> rough consensus that the resulting protocol specification or family of
> specifications fulfills the working group goals.  Additional proposed
> changes beyond that initial consensus will be evaluated on the basis of
> whether they increase or decrease consensus within the working group.  The
> work will be completed once it is apparent that rough consensus on the draft
> has been achieved and there are two working, interoperating implementations,
> consistent with the purpose and scope.
>
> *(b)  Background Information.*
>
> *(i)*                  *Related work being done in other WGs or
> organizations*:  OpenID Authentication 2.0 and related specifications,
> including Attribute Exchange (AX), Contract Exchange (CX), Provider
> Authentication Policy Extension (PAPE), Artifact Binding (AB) and the draft
> User Interface (UI) Extension.  OAuth 2.0, SAML 2.0 Core and SAML Authn
> Context.
>
> *(ii)*                  *Proposers:*
>
> Dick Hardt, dick.hardt at gmail.com (chair)
>
> Michael B. Jones, mbj at microsoft.com
>
> Breno de Medeiros, breno at google.com
>
> Ashish Jain, Ashish.Jain at paypal.com
>
> George Fletcher, gffletch at aol.com
>
> John Bradley, ve7jtb at ve7jtb.com
>
> Nat Sakimura, n-sakimura at nri.co.jp
>
> Shade, sysadmin at shadowsinthegarden.com
>
>
>
> * (iii)*                  *Anticipated Contributions*:  None.
>
>
>
>
>
>
>
> _______________________________________________
> specs mailing list
> specs at lists.openid.net
> http://lists.openid.net/mailman/listinfo/openid-specs
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs/attachments/20100524/80a70a85/attachment-0001.html>

More information about the specs mailing list