<html><body style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space; ">After reading the extension a few times, I'm getting caught up in 4.1.6 (<a href="http://svn.sourceforge.jp/cgi-bin/viewcvs.cgi/*checkout*/spec/openid-trust-exchange-1_0.html?root=openidtx#anchor7)">http://svn.sourceforge.jp/cgi-bin/viewcvs.cgi/*checkout*/spec/openid-trust-exchange-1_0.html?root=openidtx#anchor7)</a> which references amounts being paid, currency, contracts, terms of the contract, etc. Overall, I'm pretty confused about what this extension does (it seems to do a lot of different things) which is making it hard for me to determine a better name. I also still feel that the reuse of AX (for it's extensibility) combined with the ability to exchange signed SAML tokens is a more future proof method and something that will be easier to be widely adopted as OpenID continues to evolve.<div><div><br></div><div>--David</div><div><br><div><div>On Nov 8, 2008, at 11:14 PM, Drummond Reed wrote:</div><br class="Apple-interchange-newline"><blockquote type="cite"><span class="Apple-style-span" style="border-collapse: separate; color: rgb(0, 0, 0); font-family: Helvetica; font-size: 12px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: 2; text-align: auto; text-indent: 0px; text-transform: none; white-space: normal; widows: 2; word-spacing: 0px; -webkit-border-horizontal-spacing: 0px; -webkit-border-vertical-spacing: 0px; -webkit-text-decorations-in-effect: none; -webkit-text-size-adjust: auto; -webkit-text-stroke-width: 0; "><div lang="EN-US" link="blue" vlink="blue"><div class="Section1"><div style="margin-top: 0pt; margin-right: 0pt; margin-left: 0pt; margin-bottom: 0.0001pt; font-size: 12pt; font-family: 'Times New Roman'; "><font size="2" color="navy" face="Arial"><span style="font-size: 10pt; font-family: Arial; color: navy; ">+1. “OpenID Trust Extension” seems like a good fit.<o:p></o:p></span></font></div><div style="margin-top: 0pt; margin-right: 0pt; margin-left: 0pt; margin-bottom: 0.0001pt; font-size: 12pt; font-family: 'Times New Roman'; "><font size="2" color="navy" face="Arial"><span style="font-size: 10pt; font-family: Arial; color: navy; "><o:p> </o:p></span></font></div><div style="margin-top: 0pt; margin-right: 0pt; margin-left: 0pt; margin-bottom: 0.0001pt; font-size: 12pt; font-family: 'Times New Roman'; "><font size="2" color="navy" face="Arial"><span style="font-size: 10pt; font-family: Arial; color: navy; ">=Drummond<o:p></o:p></span></font></div><div style="margin-top: 0pt; margin-right: 0pt; margin-left: 0pt; margin-bottom: 0.0001pt; font-size: 12pt; font-family: 'Times New Roman'; "><font size="2" color="navy" face="Arial"><span style="font-size: 10pt; font-family: Arial; color: navy; "><o:p> </o:p></span></font></div><div style="border-top-style: none; border-right-style: none; border-bottom-style: none; border-width: initial; border-color: initial; border-left-style: solid; border-left-color: blue; border-left-width: 1.5pt; padding-top: 0pt; padding-right: 0pt; padding-bottom: 0pt; padding-left: 4pt; "><div><div class="MsoNormal" align="center" style="text-align: center; margin-top: 0pt; margin-right: 0pt; margin-left: 0pt; margin-bottom: 0.0001pt; font-size: 12pt; font-family: 'Times New Roman'; "><font size="3" face="Times New Roman"><span style="font-size: 12pt; "><hr size="2" width="100%" align="center" tabindex="-1"></span></font></div><div style="margin-top: 0pt; margin-right: 0pt; margin-left: 0pt; margin-bottom: 0.0001pt; font-size: 12pt; font-family: 'Times New Roman'; "><b><font size="2" face="Tahoma"><span style="font-size: 10pt; font-family: Tahoma; font-weight: bold; ">From:</span></font></b><font size="2" face="Tahoma"><span style="font-size: 10pt; font-family: Tahoma; "><span class="Apple-converted-space"> </span><a href="mailto:specs-bounces@openid.net">specs-bounces@openid.net</a> [<a href="mailto:specs-bounces@openid.net" style="color: blue; text-decoration: underline; ">mailto:specs-bounces@openid.net</a>]<span class="Apple-converted-space"> </span><b><span style="font-weight: bold; ">On Behalf Of<span class="Apple-converted-space"> </span></span></b>Nat Sakimura<br><b><span style="font-weight: bold; ">Sent:</span></b><span class="Apple-converted-space"> </span>Saturday, November 08, 2008 12:22 PM<br><b><span style="font-weight: bold; ">To:</span></b><span class="Apple-converted-space"> </span><a href="mailto:david@sixapart.com" style="color: blue; text-decoration: underline; ">david@sixapart.com</a><br><b><span style="font-weight: bold; ">Cc:</span></b><span class="Apple-converted-space"> </span><a href="mailto:specs@openid.net" style="color: blue; text-decoration: underline; ">specs@openid.net</a><br><b><span style="font-weight: bold; ">Subject:</span></b><span class="Apple-converted-space"> </span>Re: Proposal to create the TX working group</span></font><o:p></o:p></div></div><div style="margin-top: 0pt; margin-right: 0pt; margin-left: 0pt; margin-bottom: 0.0001pt; font-size: 12pt; font-family: 'Times New Roman'; "><font size="3" face="Times New Roman"><span style="font-size: 12pt; "><o:p> </o:p></span></font></div><div style="margin-top: 0pt; margin-right: 0pt; margin-left: 0pt; margin-bottom: 0.0001pt; font-size: 12pt; font-family: 'Times New Roman'; "><font size="3" face="Times New Roman"><span style="font-size: 12pt; ">Maybe just OpenID Trust Extension just like WS-Trust? <o:p></o:p></span></font></div><div><div style="margin-top: 0pt; margin-right: 0pt; margin-left: 0pt; margin-bottom: 0.0001pt; font-size: 12pt; font-family: 'Times New Roman'; "><font size="3" face="Times New Roman"><span style="font-size: 12pt; "><o:p> </o:p></span></font></div></div><div><div style="margin-top: 0pt; margin-right: 0pt; margin-left: 0pt; margin-bottom: 0.0001pt; font-size: 12pt; font-family: 'Times New Roman'; "><font size="3" face="Times New Roman"><span style="font-size: 12pt; ">=nat<o:p></o:p></span></font></div><div><div style="margin-top: 0pt; margin-right: 0pt; margin-left: 0pt; margin-bottom: 0.0001pt; font-size: 12pt; font-family: 'Times New Roman'; "><font size="3" face="Times New Roman"><span style="font-size: 12pt; ">On Sun, Nov 9, 2008 at 5:06 AM, Nat Sakimura <<a href="mailto:sakimura@gmail.com" style="color: blue; text-decoration: underline; ">sakimura@gmail.com</a>> wrote:<o:p></o:p></span></font></div><div style="margin-top: 0pt; margin-right: 0pt; margin-left: 0pt; margin-bottom: 0.0001pt; font-size: 12pt; font-family: 'Times New Roman'; "><font size="3" face="Times New Roman"><span style="font-size: 12pt; ">Hi David, <o:p></o:p></span></font></div><div><div style="margin-top: 0pt; margin-right: 0pt; margin-left: 0pt; margin-bottom: 0.0001pt; font-size: 12pt; font-family: 'Times New Roman'; "><font size="3" face="Times New Roman"><span style="font-size: 12pt; "><o:p> </o:p></span></font></div></div><div><div style="margin-top: 0pt; margin-right: 0pt; margin-left: 0pt; margin-bottom: 0.0001pt; font-size: 12pt; font-family: 'Times New Roman'; "><font size="3" face="Times New Roman"><span style="font-size: 12pt; ">I do not have any particular attachment to "trust exchange". So, I am ok in changing it but it would be nice if I can preserve "TX" acronym though. Do you have any specific suggestions? <o:p></o:p></span></font></div></div><div><div style="margin-top: 0pt; margin-right: 0pt; margin-left: 0pt; margin-bottom: 0.0001pt; font-size: 12pt; font-family: 'Times New Roman'; "><font size="3" face="Times New Roman"><span style="font-size: 12pt; "><o:p> </o:p></span></font></div></div><div><div style="margin-top: 0pt; margin-right: 0pt; margin-left: 0pt; margin-bottom: 0.0001pt; font-size: 12pt; font-family: 'Times New Roman'; "><font size="3" color="#888888" face="Times New Roman"><span style="font-size: 12pt; color: rgb(136, 136, 136); ">=nat</span></font><o:p></o:p></div><div><div><div style="margin-top: 0pt; margin-right: 0pt; margin-left: 0pt; margin-bottom: 0.0001pt; font-size: 12pt; font-family: 'Times New Roman'; "><font size="3" face="Times New Roman"><span style="font-size: 12pt; "><o:p> </o:p></span></font></div><div><div style="margin-top: 0pt; margin-right: 0pt; margin-left: 0pt; margin-bottom: 0.0001pt; font-size: 12pt; font-family: 'Times New Roman'; "><font size="3" face="Times New Roman"><span style="font-size: 12pt; ">On Sun, Nov 9, 2008 at 3:50 AM, David Recordon <<a href="mailto:drecordon@sixapart.com" target="_blank" style="color: blue; text-decoration: underline; ">drecordon@sixapart.com</a>> wrote:<o:p></o:p></span></font></div><div style="word-wrap: break-word; "><div style="margin-top: 0pt; margin-right: 0pt; margin-left: 0pt; margin-bottom: 0.0001pt; font-size: 12pt; font-family: 'Times New Roman'; "><font size="3" face="Times New Roman"><span style="font-size: 12pt; ">Hi Nat,<o:p></o:p></span></font></div><div><div style="margin-top: 0pt; margin-right: 0pt; margin-left: 0pt; margin-bottom: 0.0001pt; font-size: 12pt; font-family: 'Times New Roman'; "><font size="3" face="Times New Roman"><span style="font-size: 12pt; ">Thanks. I still would really like to see the name changed for when we think about the World-wide market. Do others disagree? OpenID Trust Exchange just feels like it doesn't actually describe what the spec does nor how you can actually exchange "trust".<o:p></o:p></span></font></div></div><div><div style="margin-top: 0pt; margin-right: 0pt; margin-left: 0pt; margin-bottom: 0.0001pt; font-size: 12pt; font-family: 'Times New Roman'; "><font size="3" face="Times New Roman"><span style="font-size: 12pt; "><o:p> </o:p></span></font></div></div><div><div style="margin-top: 0pt; margin-right: 0pt; margin-left: 0pt; margin-bottom: 0.0001pt; font-size: 12pt; font-family: 'Times New Roman'; "><font size="3" color="#888888" face="Times New Roman"><span style="font-size: 12pt; color: rgb(136, 136, 136); ">--David<o:p></o:p></span></font></div></div><div><div><div><div style="margin-top: 0pt; margin-right: 0pt; margin-left: 0pt; margin-bottom: 0.0001pt; font-size: 12pt; font-family: 'Times New Roman'; "><font size="3" face="Times New Roman"><span style="font-size: 12pt; "><o:p> </o:p></span></font></div><div><div><div style="margin-top: 0pt; margin-right: 0pt; margin-left: 0pt; margin-bottom: 0.0001pt; font-size: 12pt; font-family: 'Times New Roman'; "><font size="3" face="Times New Roman"><span style="font-size: 12pt; ">On Nov 1, 2008, at 2:19 AM, Nat Sakimura wrote:<o:p></o:p></span></font></div></div><div style="margin-top: 0pt; margin-right: 0pt; margin-left: 0pt; margin-bottom: 0.0001pt; font-size: 12pt; font-family: 'Times New Roman'; "><font size="3" face="Times New Roman"><span style="font-size: 12pt; "><br><br><o:p></o:p></span></font></div><div style="margin-top: 0pt; margin-right: 0pt; margin-left: 0pt; margin-bottom: 0.0001pt; font-size: 12pt; font-family: 'Times New Roman'; "><font size="3" face="Times New Roman"><span style="font-size: 12pt; ">Hi David, <o:p></o:p></span></font></div><div><div style="margin-top: 0pt; margin-right: 0pt; margin-left: 0pt; margin-bottom: 0.0001pt; font-size: 12pt; font-family: 'Times New Roman'; "><font size="3" face="Times New Roman"><span style="font-size: 12pt; "><o:p> </o:p></span></font></div></div><div><div style="margin-top: 0pt; margin-right: 0pt; margin-left: 0pt; margin-bottom: 0.0001pt; font-size: 12pt; font-family: 'Times New Roman'; "><font size="3" face="Times New Roman"><span style="font-size: 12pt; ">Thanks for your comments. My reply inline below: <o:p></o:p></span></font></div></div><div><div style="margin-top: 0pt; margin-right: 0pt; margin-left: 0pt; margin-bottom: 0.0001pt; font-size: 12pt; font-family: 'Times New Roman'; "><font size="3" face="Times New Roman"><span style="font-size: 12pt; "><o:p> </o:p></span></font></div><div><div style="margin-top: 0pt; margin-right: 0pt; margin-left: 0pt; margin-bottom: 0.0001pt; font-size: 12pt; font-family: 'Times New Roman'; "><font size="3" face="Times New Roman"><span style="font-size: 12pt; ">2008/11/1 David Recordon <<a href="mailto:drecordon@sixapart.com" target="_blank" style="color: blue; text-decoration: underline; ">drecordon@sixapart.com</a>><o:p></o:p></span></font></div><div style="word-wrap: break-word; "><div style="margin-top: 0pt; margin-right: 0pt; margin-left: 0pt; margin-bottom: 0.0001pt; font-size: 12pt; font-family: 'Times New Roman'; "><font size="3" face="Times New Roman"><span style="font-size: 12pt; ">Hey Nat,<o:p></o:p></span></font></div><div><div style="margin-top: 0pt; margin-right: 0pt; margin-left: 0pt; margin-bottom: 0.0001pt; font-size: 12pt; font-family: 'Times New Roman'; "><font size="3" face="Times New Roman"><span style="font-size: 12pt; ">Do you see this as being built atop Attribute Exchange for transport or as something new that TX defines? I know Sxip had done work with AX to enable passing signed and encrypted attributes using SAML assertions.<o:p></o:p></span></font></div></div></div><div><div style="margin-top: 0pt; margin-right: 0pt; margin-left: 0pt; margin-bottom: 0.0001pt; font-size: 12pt; font-family: 'Times New Roman'; "><font size="3" face="Times New Roman"><span style="font-size: 12pt; "><o:p> </o:p></span></font></div></div><div><div style="margin-top: 0pt; margin-right: 0pt; margin-left: 0pt; margin-bottom: 0.0001pt; font-size: 12pt; font-family: 'Times New Roman'; "><font size="3" face="Times New Roman"><span style="font-size: 12pt; ">I have thought of using AX as transport once, then gave up on it when I was thinking of a mobile use case where the amount of payload that could be carried with was very limited (URL length in GET is limited to one of 128bytes, 256bytes or 512bytes depending on the handset). So, the current draft looks a lot like AX with bunch of hard coded attribute types in a way. <o:p></o:p></span></font></div></div><div><div style="margin-top: 0pt; margin-right: 0pt; margin-left: 0pt; margin-bottom: 0.0001pt; font-size: 12pt; font-family: 'Times New Roman'; "><font size="3" face="Times New Roman"><span style="font-size: 12pt; "><o:p> </o:p></span></font></div></div><div><div style="margin-top: 0pt; margin-right: 0pt; margin-left: 0pt; margin-bottom: 0.0001pt; font-size: 12pt; font-family: 'Times New Roman'; "><font size="3" face="Times New Roman"><span style="font-size: 12pt; ">As far as carrying SAML token etc. in AX are concerned, similar thing has also been done by one of the proposer, Robert Ott of Clavid. Martin Paljak of Estonia (<a href="http://openid.ee" target="_blank" style="color: blue; text-decoration: underline; ">openid.ee</a>) has been using XAdES with AX. <o:p></o:p></span></font></div></div><div><div style="margin-top: 0pt; margin-right: 0pt; margin-left: 0pt; margin-bottom: 0.0001pt; font-size: 12pt; font-family: 'Times New Roman'; "><font size="3" face="Times New Roman"><span style="font-size: 12pt; ">These approach are valid. However, I thought the approach partly defeats the purpose of OpenID. <o:p></o:p></span></font></div></div><div><div style="margin-top: 0pt; margin-right: 0pt; margin-left: 0pt; margin-bottom: 0.0001pt; font-size: 12pt; font-family: 'Times New Roman'; "><font size="3" face="Times New Roman"><span style="font-size: 12pt; ">If we were using SAML, then we could have used it through out. <o:p></o:p></span></font></div></div><div><div style="margin-top: 0pt; margin-right: 0pt; margin-left: 0pt; margin-bottom: 0.0001pt; font-size: 12pt; font-family: 'Times New Roman'; "><font size="3" face="Times New Roman"><span style="font-size: 12pt; ">I wanted to make it easier for the developers by sticking to the tag-value approach. <o:p></o:p></span></font></div></div><div><div style="margin-top: 0pt; margin-right: 0pt; margin-left: 0pt; margin-bottom: 0.0001pt; font-size: 12pt; font-family: 'Times New Roman'; "><font size="3" face="Times New Roman"><span style="font-size: 12pt; ">This made us define some of the attribute types defined in SAML and XAdES to be defined as tag-value tag. <o:p></o:p></span></font></div></div><div><div style="margin-top: 0pt; margin-right: 0pt; margin-left: 0pt; margin-bottom: 0.0001pt; font-size: 12pt; font-family: 'Times New Roman'; "><font size="3" face="Times New Roman"><span style="font-size: 12pt; "><o:p> </o:p></span></font></div></div><div><div style="margin-top: 0pt; margin-right: 0pt; margin-left: 0pt; margin-bottom: 0.0001pt; font-size: 12pt; font-family: 'Times New Roman'; "><font size="3" face="Times New Roman"><span style="font-size: 12pt; "> <o:p></o:p></span></font></div></div><blockquote style="border-top-style: none; border-right-style: none; border-bottom-style: none; border-width: initial; border-color: initial; border-left-style: solid; border-left-color: rgb(204, 204, 204); border-left-width: 1pt; padding-top: 0pt; padding-right: 0pt; padding-bottom: 0pt; padding-left: 6pt; margin-left: 4.8pt; margin-right: 0pt; "><div style="word-wrap: break-word; "><div><div style="margin-top: 0pt; margin-right: 0pt; margin-left: 0pt; margin-bottom: 0.0001pt; font-size: 12pt; font-family: 'Times New Roman'; "><font size="3" face="Times New Roman"><span style="font-size: 12pt; "><o:p> </o:p></span></font></div></div><div><div style="margin-top: 0pt; margin-right: 0pt; margin-left: 0pt; margin-bottom: 0.0001pt; font-size: 12pt; font-family: 'Times New Roman'; "><font size="3" face="Times New Roman"><span style="font-size: 12pt; ">Is "Trust Exchange" really the best name? Seems like "trust" is quite a broad concept so something more specific might be better.<o:p></o:p></span></font></div></div></div></blockquote><div><div style="margin-top: 0pt; margin-right: 0pt; margin-left: 0pt; margin-bottom: 0.0001pt; font-size: 12pt; font-family: 'Times New Roman'; "><font size="3" face="Times New Roman"><span style="font-size: 12pt; "><o:p> </o:p></span></font></div></div><div><div style="margin-top: 0pt; margin-right: 0pt; margin-left: 0pt; margin-bottom: 0.0001pt; font-size: 12pt; font-family: 'Times New Roman'; "><font size="3" face="Times New Roman"><span style="font-size: 12pt; ">Right. Naming was a bit problematic. I started using "Trust" because the messaging model is not dis-similar to WS-Trust. Now, the "trust" defined in WS-Trust in our context is essentially "Contract". So I thought of changing it to "CX" or something, but then, at least in Japan, quite a few key people were already exposed to "TX" by now and thus I kept the name "TX". <o:p></o:p></span></font></div></div><div><div style="margin-top: 0pt; margin-right: 0pt; margin-left: 0pt; margin-bottom: 0.0001pt; font-size: 12pt; font-family: 'Times New Roman'; "><font size="3" face="Times New Roman"><span style="font-size: 12pt; "><o:p> </o:p></span></font></div></div><div><div style="margin-top: 0pt; margin-right: 0pt; margin-left: 0pt; margin-bottom: 0.0001pt; font-size: 12pt; font-family: 'Times New Roman'; "><font size="3" face="Times New Roman"><span style="font-size: 12pt; "><o:p> </o:p></span></font></div></div><blockquote style="border-top-style: none; border-right-style: none; border-bottom-style: none; border-width: initial; border-color: initial; border-left-style: solid; border-left-color: rgb(204, 204, 204); border-left-width: 1pt; padding-top: 0pt; padding-right: 0pt; padding-bottom: 0pt; padding-left: 6pt; margin-left: 4.8pt; margin-right: 0pt; "><div style="word-wrap: break-word; "><div><div style="margin-top: 0pt; margin-right: 0pt; margin-left: 0pt; margin-bottom: 0.0001pt; font-size: 12pt; font-family: 'Times New Roman'; "><font size="3" face="Times New Roman"><span style="font-size: 12pt; "><o:p> </o:p></span></font></div></div><div><div style="margin-top: 0pt; margin-right: 0pt; margin-left: 0pt; margin-bottom: 0.0001pt; font-size: 12pt; font-family: 'Times New Roman'; "><font size="3" face="Times New Roman"><span style="font-size: 12pt; ">--David<o:p></o:p></span></font></div></div><div><div style="margin-top: 0pt; margin-right: 0pt; margin-left: 0pt; margin-bottom: 0.0001pt; font-size: 12pt; font-family: 'Times New Roman'; "><font size="3" face="Times New Roman"><span style="font-size: 12pt; "><o:p> </o:p></span></font></div></div><div><div><div><div><div style="margin-top: 0pt; margin-right: 0pt; margin-left: 0pt; margin-bottom: 0.0001pt; font-size: 12pt; font-family: 'Times New Roman'; "><font size="3" face="Times New Roman"><span style="font-size: 12pt; ">On Oct 31, 2008, at 4:21 AM, Nat Sakimura wrote:<o:p></o:p></span></font></div></div><div style="margin-top: 0pt; margin-right: 0pt; margin-left: 0pt; margin-bottom: 0.0001pt; font-size: 12pt; font-family: 'Times New Roman'; "><font size="3" face="Times New Roman"><span style="font-size: 12pt; "><o:p> </o:p></span></font></div></div></div><blockquote type="cite" style="margin-top: 5pt; margin-bottom: 5pt; "><div><div><div bgcolor="#ffffff" text="#000000"><div style="margin-top: 0pt; margin-right: 0pt; margin-left: 0pt; margin-bottom: 0.0001pt; font-size: 12pt; font-family: 'Times New Roman'; "><font size="3" face="Times New Roman"><span style="font-size: 12pt; ">Dear Specification Council members:<span class="Apple-converted-space"> </span><br><br>In accordance with the OpenID Foundation<span class="Apple-converted-space"> </span><a href="http://openid.net/foundation/intellectual-property/" target="_blank" style="color: blue; text-decoration: underline; ">IPR policies and procedures</a><span class="Apple-converted-space"> </span>this note proposes the formation of a new working group chartered to produce an OpenID specification. As per Section 4.1 of the Policies, the specifics of the proposed working group are:<o:p></o:p></span></font></div><h3 style="margin-right: 0pt; margin-left: 0pt; font-size: 13.5pt; font-family: 'Times New Roman'; font-weight: bold; "><b><font size="4" face="Times New Roman"><span style="font-size: 13.5pt; "><o:p> </o:p></span></font></b></h3><h3 style="margin-right: 0pt; margin-left: 0pt; font-size: 13.5pt; font-family: 'Times New Roman'; font-weight: bold; "><b><font size="4" face="MS PGothic"><span style="font-size: 13.5pt; font-family: 'MS PGothic'; ">Trust Exchange (TX) Extension WG Charter</span></font><o:p></o:p></b></h3><div><div><p style="margin-right: 0pt; margin-left: 0pt; font-size: 12pt; font-family: 'Times New Roman'; "><font size="3" face="MS PGothic"><span style="font-size: 12pt; font-family: 'MS PGothic'; ">In accordance with the OpenID Foundation IPR policies and procedures this note proposes the formation of a new working group chartered to produce an OpenID specification. As per Section 4.1 of the Policies, the specifics of the proposed working group are:<br><br><br>Proposal:<br><br>(a) Charter.<br><br> (i) WG name: Trust Exchange Extension (TX)<br><br> (ii) Purpose: The purpose of this WG is to produce a standard OpenID extension to the OpenID Authentication protocol that enable<font color="navy"><span style="color: navy; ">s</span></font>arbitrary parties to create and exchange<span class="Apple-converted-space"> </span><font color="navy"><span style="color: navy; ">a</span></font><span class="Apple-converted-space"> </span>mutually<font color="navy"><span style="color: navy; ">-</span></font>digitally<font color="navy"><span style="color: navy; ">-</span></font>signed legally binding "contract". This protocol extension aims to be both broadband and mobile friendly by defining appropriate bindings for each use case. <br><br>Although this specification defines one default protocol for transfering data based on the contract, the data transfer portion is intended to be pluggable so that other protocols may also be used for this purpose.<span class="Apple-converted-space"> </span><br><br><font color="black"><span style="color: black; ">The extension is not intended to be a general method for defining attributes; the scope is limited to a specific set of attributes necessary for contract semantics. The extension will also define a contract signature based on public key cryptography. When used with a digital certificate signed by a third party, the contract and signature can be used as an assertion of conformance to an applicable assurance program.</span></font><br><br> (iii) Scope:<span class="Apple-converted-space"> </span><br><br>Scope of the work</span></font><o:p></o:p></p><ul type="disc" style="margin-bottom: 0pt; "><li class="MsoNormal" style="margin-top: 0pt; margin-right: 0pt; margin-left: 0pt; margin-bottom: 0.0001pt; font-size: 12pt; font-family: 'Times New Roman'; "><font size="3" face="MS PGothic"><span style="font-size: 12pt; font-family: 'MS PGothic'; "> Development of the specification including:</span></font><o:p></o:p></li></ul><ul type="disc" style="margin-bottom: 0pt; "><ul type="circle" style="margin-bottom: 0pt; "><li class="MsoNormal" style="margin-top: 0pt; margin-right: 0pt; margin-left: 0pt; margin-bottom: 0.0001pt; font-size: 12pt; font-family: 'Times New Roman'; "><font size="3" face="MS PGothic"><span style="font-size: 12pt; font-family: 'MS PGothic'; ">An extensible tag-value contract format</span></font><o:p></o:p></li><li class="MsoNormal" style="margin-top: 0pt; margin-right: 0pt; margin-left: 0pt; margin-bottom: 0.0001pt; font-size: 12pt; font-family: 'Times New Roman'; "><font size="3" face="MS PGothic"><span style="font-size: 12pt; font-family: 'MS PGothic'; ">Public Key Cryptography based digital signature method applied to the above contract format</span></font><o:p></o:p></li><li class="MsoNormal" style="margin-top: 0pt; margin-right: 0pt; margin-left: 0pt; margin-bottom: 0.0001pt; font-size: 12pt; font-family: 'Times New Roman'; "><font size="3" face="MS PGothic"><span style="font-size: 12pt; font-family: 'MS PGothic'; ">Query/response communication protocols for establishing the contract</span></font><o:p></o:p></li><li class="MsoNormal" style="color: navy; margin-top: 0pt; margin-right: 0pt; margin-left: 0pt; margin-bottom: 0.0001pt; font-size: 12pt; font-family: 'Times New Roman'; "><font size="3" color="black" face="MS PGothic"><span style="font-size: 12pt; font-family: 'MS PGothic'; color: windowtext; ">Default data transfer protocol based on the contract</span></font><o:p></o:p></li><li class="MsoNormal" style="color: navy; margin-top: 0pt; margin-right: 0pt; margin-left: 0pt; margin-bottom: 0.0001pt; font-size: 12pt; font-family: 'Times New Roman'; "><font size="3" color="black" face="MS PGothic"><span style="font-size: 12pt; font-family: 'MS PGothic'; color: windowtext; ">Conformance requirements for other data transfer protocol bindings</span></font><o:p></o:p></li></ul></ul><ul type="disc" style="margin-bottom: 0pt; "><li class="MsoNormal" style="margin-top: 0pt; margin-right: 0pt; margin-left: 0pt; margin-bottom: 0.0001pt; font-size: 12pt; font-family: 'Times New Roman'; "><font size="3" face="MS PGothic"><span style="font-size: 12pt; font-family: 'MS PGothic'; ">Security, threats and Risk analysis</span></font><o:p></o:p></li></ul><ul type="disc" style="margin-bottom: 0pt; "><ul type="circle" style="margin-bottom: 0pt; "><li class="MsoNormal" style="margin-top: 0pt; margin-right: 0pt; margin-left: 0pt; margin-bottom: 0.0001pt; font-size: 12pt; font-family: 'Times New Roman'; "><font size="3" face="MS PGothic"><span style="font-size: 12pt; font-family: 'MS PGothic'; ">Perform Security Risk analysis and profiles for best practice</span></font><o:p></o:p></li></ul></ul><p style="margin-right: 0pt; margin-left: 0pt; font-size: 12pt; font-family: 'Times New Roman'; "><font size="3" face="MS PGothic"><span style="font-size: 12pt; font-family: 'MS PGothic'; "> Out of scope</span></font><o:p></o:p></p><ul type="disc" style="margin-bottom: 0pt; "><li class="MsoNormal" style="margin-top: 0pt; margin-right: 0pt; margin-left: 0pt; margin-bottom: 0.0001pt; font-size: 12pt; font-family: 'Times New Roman'; "><font size="3" face="Times New Roman"><span style="font-size: 12pt; ">Term negotiation: Actual negotiation of the terms of a contract should be dealt with out-of-band or by other specifications.<o:p></o:p></span></font></li><li class="MsoNormal" style="margin-top: 0pt; margin-right: 0pt; margin-left: 0pt; margin-bottom: 0.0001pt; font-size: 12pt; font-family: 'Times New Roman'; "><font size="3" face="Times New Roman"><span style="font-size: 12pt; ">General purpose data type identifiers: this should be determined on a per-community bases using other specifications such as OpenID Attribute Exchange.<o:p></o:p></span></font></li><li class="MsoNormal" style="margin-top: 0pt; margin-right: 0pt; margin-left: 0pt; margin-bottom: 0.0001pt; font-size: 12pt; font-family: 'Times New Roman'; "><font size="3" face="MS PGothic"><span style="font-size: 12pt; font-family: 'MS PGothic'; ">Assurance programs or other identity governance frameworks.</span></font><o:p></o:p></li><li class="MsoNormal" style="margin-top: 0pt; margin-right: 0pt; margin-left: 0pt; margin-bottom: 0.0001pt; font-size: 12pt; font-family: 'Times New Roman'; "><font size="3" face="MS PGothic"><span style="font-size: 12pt; font-family: 'MS PGothic'; ">It is the intent that this specification be usable by any trust community, whether it uses conventional PKI hierarchies, peer-to-peer trust mechanisms, reputation systems, or other forms of trust assurance. The specification of any particular trust root, trust hierarchy, or trust policy is explicitly out of scope.</span></font><o:p></o:p></li></ul><p style="margin-bottom: 12pt; margin-right: 0pt; margin-left: 0pt; font-size: 12pt; font-family: 'Times New Roman'; "><font size="3" face="MS PGothic"><span style="font-size: 12pt; font-family: 'MS PGothic'; "><br> (iv) Proposed List of Specifications: TX 1.0, spec completion expected in January 2009.<br><br> (v) Anticipated audience or users of the work: Implementers of OpenID Providers and Relying Parties, especially those who require security and accountability features to exchange sensitive customer information (e.g. personally identifiable information and credit card numbers) responsibly among trusted parties.<br><br> (vi) Language in which the WG will conduct business: English.<br><br> (vii) Method of work: E-mail discussions on the working group mailing list, working group conference calls, and possibly face-to-face meetings at conferences.<br><br> (viii) Basis for determining when the work of the WG is completed: Draft 1 will be evaluated on the basis of whether they increase or decrease consensus within the working group. The work will be completed once it is apparent that maximal consensus on the draft has been achieved, consistent with the purpose and scope.<br><br>(b) Background Information.<br><br> (i) Related work being done by other WGs or organizations:</span></font><o:p></o:p></p><ul type="disc" style="margin-bottom: 0pt; "><li class="MsoNormal" style="margin-top: 0pt; margin-right: 0pt; margin-left: 0pt; margin-bottom: 0.0001pt; font-size: 12pt; font-family: 'Times New Roman'; "><font size="3" face="MS PGothic"><span style="font-size: 12pt; font-family: 'MS PGothic'; "><a href="http://www.projectliberty.org/liberty/content/download/4329/28939/file/liberty-igf-draft-1.0-2008-06-21.zip" target="_blank" style="color: blue; text-decoration: underline; ">LIberty Alliance Identity Governance Framework (IGF) 1.0 Draft</a></span></font><o:p></o:p></li><li class="MsoNormal" style="margin-top: 0pt; margin-right: 0pt; margin-left: 0pt; margin-bottom: 0.0001pt; font-size: 12pt; font-family: 'Times New Roman'; "><font size="3" face="MS PGothic"><span style="font-size: 12pt; font-family: 'MS PGothic'; "><a href="http://www.w3.org/TR/XAdES/" target="_blank" style="color: blue; text-decoration: underline; ">XML Advanced Electronic Signatures (XAdES)</a></span></font><o:p></o:p></li></ul><p style="margin-bottom: 12pt; margin-right: 0pt; margin-left: 0pt; font-size: 12pt; font-family: 'Times New Roman'; "><font size="3" face="MS PGothic"><span style="font-size: 12pt; font-family: 'MS PGothic'; "> <span class="Apple-converted-space"> </span></span></font><br><font face="MS PGothic"><span style="font-family: 'MS PGothic'; "> (ii) Proposers:</span></font><o:p></o:p></p><div><p style="margin-right: 0pt; margin-left: 0pt; font-size: 12pt; font-family: 'Times New Roman'; "><font size="3" face="MS PGothic"><span style="font-size: 12pt; font-family: 'MS PGothic'; "> Drummond Reed,<span class="Apple-converted-space"> </span><a href="mailto:drummond.reed@parity.com" target="_blank" style="color: blue; text-decoration: underline; ">drummond.reed@parity.com</a>, Cordance/Parity/OASIS (U.S.A)<br> Henrik Biering,<span class="Apple-converted-space"> </span><a href="mailto:hb@netamia.com" target="_blank" style="color: blue; text-decoration: underline; ">hb@netamia.com</a>, Netamia (Denmark)<br> Hideki Nara,<span class="Apple-converted-space"> </span><a href="mailto:hdknr@ic-tact.co.jp" target="_blank" style="color: blue; text-decoration: underline; ">hdknr@ic-tact.co.jp</a>, Tact Communications (Japan)<br> John Bradeley,<span class="Apple-converted-space"> </span><a href="mailto:jbradley@mac.com" target="_blank" style="color: blue; text-decoration: underline; ">jbradley@mac.com</a>, OASIS IDTrust Member Section (Canada)</span></font><br> Mike Graves,<span class="Apple-converted-space"> </span><a href="mailto:mgraves@janrain.com" target="_blank" style="color: blue; text-decoration: underline; ">mgraves@janrain.com</a>, JanRain, Inc. (U.S.A.)<br> Nat Sakimura,<span class="Apple-converted-space"> </span><a href="mailto:n-sakimura@nri.co.jp" target="_blank" style="color: blue; text-decoration: underline; ">n-sakimura@nri.co.jp</a>, Nomura Research Institute, Ltd.(Japan)<br> Robert Ott,<span class="Apple-converted-space"> </span><a href="mailto:robert.ott@clavid.com" target="_blank" style="color: blue; text-decoration: underline; ">robert.ott@clavid.com</a>, Clavid (Switzerland)<font face="MS PGothic"><span style="font-family: 'MS PGothic'; "><br> Tatsuki Sakushima,<span class="Apple-converted-space"> </span><a href="mailto:tatsuki@nri.com" target="_blank" style="color: blue; text-decoration: underline; ">tatsuki@nri.com</a>, NRI America, Ltd. (U.S.A.)<br> Toru Yamaguchi,<span class="Apple-converted-space"> </span><a href="mailto:trymch@gmail.com" target="_blank" style="color: blue; text-decoration: underline; ">trymch@gmail.com</a>, Cyboze Lab (Japan)</span></font><o:p></o:p></p><div><div><div><div><p style="margin-right: 0pt; margin-left: 0pt; font-size: 12pt; font-family: 'Times New Roman'; "><font size="3" face="MS PGothic"><span style="font-size: 12pt; font-family: 'MS PGothic'; "><br> Editors:<br><br> Nat Sakimura,<span class="Apple-converted-space"> </span><a href="mailto:n-sakimura@nri.co.jp" target="_blank" style="color: blue; text-decoration: underline; ">n-sakimura@nri.co.jp</a>, Nomura Research Institute, Ltd.<br><br> (iii) Anticipated Contributions: <span class="Apple-converted-space"> </span><br> (1)<span class="Apple-converted-space"> </span><a href="http://svn.sourceforge.jp/cgi-bin/viewcvs.cgi/*checkout*/spec/openid-trust-exchange-1_0.html?root=openidtx" target="_blank" style="color: blue; text-decoration: underline; ">Sakimura, N., et. al "OpenID Trusted data eXchange Extention Specification (draft)", Oct. 2008. [TX2008]</a>.</span></font><o:p></o:p></p></div></div></div></div></div></div></div><div style="margin-top: 0pt; margin-right: 0pt; margin-left: 0pt; margin-bottom: 0.0001pt; font-size: 12pt; font-family: 'Times New Roman'; "><font size="3" face="Times New Roman"><span style="font-size: 12pt; "><o:p> </o:p></span></font></div></div></div></div><div style="margin-top: 0pt; margin-right: 0pt; margin-left: 0pt; margin-bottom: 0.0001pt; font-size: 12pt; font-family: 'Times New Roman'; "><font size="3" face="Times New Roman"><span style="font-size: 12pt; ">_______________________________________________<br>specs mailing list<br><a href="mailto:specs@openid.net" target="_blank" style="color: blue; text-decoration: underline; ">specs@openid.net</a><br><a href="http://openid.net/mailman/listinfo/specs" target="_blank" style="color: blue; text-decoration: underline; ">http://openid.net/mailman/listinfo/specs</a><o:p></o:p></span></font></div></blockquote></div><div style="margin-top: 0pt; margin-right: 0pt; margin-left: 0pt; margin-bottom: 0.0001pt; font-size: 12pt; font-family: 'Times New Roman'; "><font size="3" face="Times New Roman"><span style="font-size: 12pt; "><o:p> </o:p></span></font></div></div><div style="margin-top: 0pt; margin-right: 0pt; margin-left: 0pt; margin-bottom: 0.0001pt; font-size: 12pt; font-family: 'Times New Roman'; "><font size="3" face="Times New Roman"><span style="font-size: 12pt; "><br>_______________________________________________<br>specs mailing list<br><a href="mailto:specs@openid.net" target="_blank" style="color: blue; text-decoration: underline; ">specs@openid.net</a><br><a href="http://openid.net/mailman/listinfo/specs" target="_blank" style="color: blue; text-decoration: underline; ">http://openid.net/mailman/listinfo/specs</a><o:p></o:p></span></font></div></blockquote></div><div style="margin-top: 0pt; margin-right: 0pt; margin-left: 0pt; margin-bottom: 0.0001pt; font-size: 12pt; font-family: 'Times New Roman'; "><font size="3" face="Times New Roman"><span style="font-size: 12pt; "><br><br clear="all"><br>--<span class="Apple-converted-space"> </span><br>Nat Sakimura (=nat)<br><a href="http://www.sakimura.org/en/" target="_blank" style="color: blue; text-decoration: underline; ">http://www.sakimura.org/en/</a><o:p></o:p></span></font></div></div></div><div style="margin-top: 0pt; margin-right: 0pt; margin-left: 0pt; margin-bottom: 0.0001pt; font-size: 12pt; font-family: 'Times New Roman'; "><font size="3" face="Times New Roman"><span style="font-size: 12pt; "><o:p> </o:p></span></font></div></div></div></div></div></div><div style="margin-top: 0pt; margin-right: 0pt; margin-left: 0pt; margin-bottom: 0.0001pt; font-size: 12pt; font-family: 'Times New Roman'; "><font size="3" face="Times New Roman"><span style="font-size: 12pt; "><br><br clear="all"><br>--<span class="Apple-converted-space"> </span><br>Nat Sakimura (=nat)<br><a href="http://www.sakimura.org/en/" target="_blank" style="color: blue; text-decoration: underline; ">http://www.sakimura.org/en/</a><o:p></o:p></span></font></div></div></div></div></div><div style="margin-top: 0pt; margin-right: 0pt; margin-left: 0pt; margin-bottom: 0.0001pt; font-size: 12pt; font-family: 'Times New Roman'; "><font size="3" face="Times New Roman"><span style="font-size: 12pt; "><br><br clear="all"><br>--<span class="Apple-converted-space"> </span><br>Nat Sakimura (=nat)<br><a href="http://www.sakimura.org/en/" style="color: blue; text-decoration: underline; ">http://www.sakimura.org/en/</a><o:p></o:p></span></font></div></div></div></div></div></span></blockquote></div><br></div></div></body></html>