<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
</head>
<body bgcolor="#ffffff" text="#000000">
Dear Specification Council members: <br>
<br>
In accordance with the OpenID Foundation <a
href="http://openid.net/foundation/intellectual-property/"
target="_blank">IPR policies and
procedures</a> this note proposes the formation of a new working group
chartered to produce an OpenID specification. As per Section 4.1 of
the
Policies, the specifics of the proposed working group are:<br>
<b><font face="MS PGothic" size="4"><span style="font-size: 13.5pt;"></span></font></b>
<h3><br>
</h3>
<h3><b><font face="MS PGothic" size="4"><span style="font-size: 13.5pt;">Trust
Exchange (TX) Extension WG Charter<o:p></o:p></span></font></b></h3>
<div>
<div>
<p class="MsoNormal"><font face="MS PGothic" size="3"><span
style="font-size: 12pt;">In
accordance with the OpenID Foundation IPR policies and procedures this
note
proposes the formation of a new working group chartered to produce an
OpenID
specification. As per Section 4.1 of the Policies, the specifics of
the
proposed working group are:<br>
<br>
<br>
Proposal:<br>
<br>
(a) Charter.<br>
<br>
(i) WG name: Trust Exchange Extension (TX)<br>
<br>
(ii) Purpose: The purpose of this WG is to produce a standard
OpenID extension to the OpenID Authentication protocol that enable<font
color="navy"><span style="color: navy;">s</span></font> arbitrary
parties to create
and exchange <font color="navy"><span style="color: navy;">a</span></font>
mutually<font color="navy"><span style="color: navy;">-</span></font>digitally<font
color="navy"><span style="color: navy;">-</span></font>signed legally
binding "contract".
This protocol extension aims to be both broadband and mobile friendly
by
defining appropriate bindings for each use case. <br>
<br>
Although this specification defines one default protocol for
transfering data based on the contract, the data transfer portion is
intended to be pluggable so that other protocols may also be used for
this purpose. <br>
<br>
<font color="#000000">The extension is not intended to be a general
method for defining attributes; the scope is limited to a specific set
of attributes necessary for contract semantics. The extension will also
define a contract signature based on public key cryptography. When used
with a digital certificate signed by a third party, the contract and
signature can be used as an assertion of conformance to an applicable
assurance program.</font><br>
<br>
(iii) Scope: <br>
<br>
Scope of the work<o:p></o:p></span></font></p>
<ul type="disc">
<li class="MsoNormal" style=""><font face="MS PGothic" size="3"><span
style="font-size: 12pt;"> Development of the specification including:<o:p></o:p></span></font></li>
</ul>
<ul type="disc">
<ul type="circle">
<li class="MsoNormal" style=""><font face="MS PGothic" size="3"><span
style="font-size: 12pt;">An extensible tag-value contract format<o:p></o:p></span></font></li>
<li class="MsoNormal" style=""><font face="MS PGothic" size="3"><span
style="font-size: 12pt;">Public Key Cryptography based digital
signature method applied to the above contract format<o:p></o:p></span></font></li>
<li class="MsoNormal" style=""><font face="MS PGothic" size="3"><span
style="font-size: 12pt;">Query/response communication protocols for
establishing the contract<o:p></o:p></span></font></li>
<li class="MsoNormal" style="color: navy;"><font color="black"
face="MS PGothic" size="3"><span
style="font-size: 12pt; color: windowtext;">Default data transfer
protocol based on the contract</span></font><o:p></o:p></li>
<li class="MsoNormal" style="color: navy;"><font color="black"
face="MS PGothic" size="3"><span
style="font-size: 12pt; color: windowtext;">Conformance requirements
for other data transfer protocol bindings</span></font><o:p></o:p></li>
</ul>
</ul>
<ul type="disc">
<li class="MsoNormal" style=""><font face="MS PGothic" size="3"><span
style="font-size: 12pt;">Security, threats and Risk analysis<o:p></o:p></span></font></li>
</ul>
<ul type="disc">
<ul type="circle">
<li class="MsoNormal" style=""><font face="MS PGothic" size="3"><span
style="font-size: 12pt;">Perform Security Risk analysis and profiles
for best practice<o:p></o:p></span></font></li>
</ul>
</ul>
<p class="MsoNormal"><font face="MS PGothic" size="3"><span
style="font-size: 12pt;"> Out
of scope<o:p></o:p></span></font></p>
<ul type="disc">
<li class="MsoNormal" style=""><font face="MS PGothic" size="3"><span
style="font-size: 12pt;"><o:p></o:p></span></font>Term negotiation:
Actual negotiation of the terms of a contract should be dealt with
out-of-band or by other specifications. <br>
</li>
<li class="MsoNormal" style=""><font face="MS PGothic" size="3"><span
style="font-size: 12pt;"><o:p></o:p></span></font>General purpose data
type identifiers: this should be determined on a per-community bases
using other specifications such as OpenID Attribute Exchange.<br>
</li>
<li class="MsoNormal" style=""><font face="MS PGothic" size="3"><span
style="font-size: 12pt;">Assurance programs or other identity
governance frameworks.<br>
</span></font></li>
<li class="MsoNormal" style=""><font face="MS PGothic" size="3"><span
style="font-size: 12pt;">It is the intent that this specification be
usable by any trust community, whether it uses conventional PKI
hierarchies, peer-to-peer trust mechanisms, reputation systems, or
other forms of trust assurance. The specification of any particular
trust root, trust hierarchy, or trust policy is explicitly out of scope.<o:p></o:p></span></font></li>
</ul>
<p class="MsoNormal" style="margin-bottom: 12pt;"><font
face="MS PGothic" size="3"><span style="font-size: 12pt;"><br>
(iv) Proposed List of Specifications: TX 1.0, spec completion
expected in January 2009.<br>
<br>
(v) Anticipated audience or users of the work: Implementers of
OpenID Providers and Relying Parties, especially those who require
security and accountability features to exchange sensitive customer
information (e.g. personally identifiable information and credit card
numbers) responsibly among trusted parties.<br>
<br>
(vi) Language in which the WG will conduct business: English.<br>
<br>
(vii) Method of work: E-mail discussions on the working group
mailing list, working group conference calls, and possibly face-to-face
meetings at conferences.<br>
<br>
(viii) Basis for determining when the work of the WG is
completed: Draft 1 will be evaluated on the basis of whether they
increase or decrease consensus within the working group. The work will
be
completed once it is apparent that maximal consensus on the draft has
been
achieved, consistent with the purpose and scope.<br>
<br>
(b) Background Information.<br>
<br>
(i) Related work being done by other WGs or organizations: <br>
</span></font></p>
<ul>
<li><font face="MS PGothic" size="3"><span style="font-size: 12pt;"><a
href="http://www.projectliberty.org/liberty/content/download/4329/28939/file/liberty-igf-draft-1.0-2008-06-21.zip">LIberty
Alliance Identity Governance Framework (IGF) 1.0 Draft</a> <br>
</span></font></li>
<li><font face="MS PGothic" size="3"><span style="font-size: 12pt;"><a
href="http://www.w3.org/TR/XAdES/">XML Advanced Electronic Signatures
(XAdES)</a><br>
</span></font></li>
</ul>
<p class="MsoNormal" style="margin-bottom: 12pt;"><font
face="MS PGothic" size="3"><span style="font-size: 12pt;"></span></font><font
face="MS PGothic" size="3"><span style="font-size: 12pt;"> </span></font><br>
<font face="MS PGothic" size="3"><span style="font-size: 12pt;"> (ii)
Proposers:<o:p></o:p></span></font></p>
<div>
<p class="MsoNormal"><font face="MS PGothic" size="3"><span
style="font-size: 12pt;"> Drummond
Reed, <a href="mailto:drummond.reed@parity.com" target="_blank">drummond.reed@parity.com</a>,
Cordance/Parity/OASIS (U.S.A)<br>
Henrik Biering, <a href="mailto:hb@netamia.com" target="_blank">hb@netamia.com</a>,
Netamia (Denmark)<br>
Hideki Nara, <a href="mailto:hdknr@ic-tact.co.jp" target="_blank">hdknr@ic-tact.co.jp</a>,
Tact Communications (Japan)<o:p></o:p><br>
John Bradeley, <a class="moz-txt-link-abbreviated" href="mailto:jbradley@mac.com">jbradley@mac.com</a>, OASIS IDTrust Member Section
(Canada)</span></font><font color="black" face="Arial" size="1"><span
style="font-size: 6.5pt; font-family: Arial; color: black;"></span></font><br>
Mike Graves, <a href="mailto:mgraves@janrain.com" target="_blank">mgraves@janrain.com</a>,
JanRain, Inc. (U.S.A.)<br>
Nat Sakimura, <a href="mailto:n-sakimura@nri.co.jp" target="_blank">n-sakimura@nri.co.jp</a>,
Nomura Research Institute, Ltd.(Japan)<br>
Robert Ott, <a href="mailto:robert.ott@clavid.com" target="_blank">robert.ott@clavid.com</a>,
Clavid (Switzerland)<o:p></o:p><font face="MS PGothic" size="3"><span
style="font-size: 12pt;"><br>
Tatsuki Sakushima, <a href="mailto:tatsuki@nri.com" target="_blank">tatsuki@nri.com</a>,
NRI America, Ltd. (U.S.A.)<o:p></o:p><br>
Toru Yamaguchi, <a href="mailto:trymch@gmail.com" target="_blank">trymch@gmail.com</a>,
Cyboze Lab (Japan)<o:p></o:p></span></font></p>
<div>
<div>
<div>
</div>
<div>
<div>
</div>
<div>
<p class="MsoNormal"><font face="MS PGothic" size="3"><span
style="font-size: 12pt;"><br>
Editors:<br>
<br>
Nat Sakimura, <a href="mailto:n-sakimura@nri.co.jp" target="_blank">n-sakimura@nri.co.jp</a>,
Nomura Research Institute, Ltd.<br>
<br>
(iii) Anticipated Contributions: <br>
(1) <a
href="http://svn.sourceforge.jp/cgi-bin/viewcvs.cgi/*checkout*/spec/openid-trust-exchange-1_0.html?root=openidtx">Sakimura,
N., et. al "OpenID Trusted data eXchange
Extention Specification (draft)", Oct. 2008. [TX2008]</a>. <o:p></o:p></span></font></p>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
<font face="MS PGothic" size="3"><span style="font-size: 12pt;"><br>
</span></font>
</body>
</html>