[OpenID board] Plain-English writeup of IPR process

Drummond Reed drummond.reed at cordance.net
Sat Apr 26 05:18:51 UTC 2008


On our http://openid.net/foundation/intellectual-property/ page, it says:

 

            “We are committed to provide “common language” summaries of our legal documents soon and anyone who has an interest in helping make this happen, please send email to Bill Washburn (bill at oidf.org).

 

In working through the setup of the PAPE working group, we got a clear picture of how badly this is needed. While it’s possibly for an insider like Mike to decode the magic ring to figure out how a working group needs to set up and operate, to an average OpenID developer that wants to propose/pursue a new spec, it would be a huge uphill climb (let alone someone on the outside looking in just wanting to understand the OpenID IPR process).

 

After Ben Laurie of Google, one of the proposers of the proposed PAPE working group, pointed this out to Mike and the rest of the proposers, it seemed it would be a good use of resources – and our stewardship of IPR for the OpenID community –  to hire a writer to organize our IPR docs and create a simple, plain-English description of the process that anyone interested in working group could follow. One thought might be for he/she to do this on the OpenID.net wiki so that we can continue to add notes about best practices and pitfalls to avoid.

 

What do folks think of this? If there is a sentiment to do it, the next step might be for Bill to coordinate a requirements list (it should only be a half-page of bullet points – I’d be happy to help with it), and then get some quotes from qualified writers as Dick did for the marketing work (only this is a much smaller job).

 

Thoughts?

 

=Drummond 

 

 

 

  _____  

From: billhwashburn at gmail.com [mailto:billhwashburn at gmail.com] On Behalf Of Bill Washburn
Sent: Friday, April 25, 2008 9:59 AM
To: Drummond Reed
Subject: Re: FW: Ben's observation about documentation of the WG process

n Thu, Apr 24, 2008 at 9:38 PM, Drummond Reed <drummond.reed at cordance.net> wrote:

Bill,

One more thought -- Mike and I both thought it be worth hiring a writer (unless you want to tackle it) to write up a short, plain-English summary of the OpenID IPR process (and a FAQ) and put it on (or link it prominently to) the http://openid.net/foundation/intellectual-property/ page so that we all have someplace to point folks to when they ask how it works.

After all, shepherding OpenID IPR is one of our main jobs.

Will you add this to the task list? I'm happy to make a motion that the board authorize a small amount to pay a writer to do this.

Thanks,

=Drummond

-----Original Message-----
From: Mike Jones [mailto:Michael.Jones at microsoft.com]
Sent: Thursday, April 24, 2008 7:50 PM
To: Drummond Reed
Subject: RE: Ben's observation about documentation of the WG process

It's at http://openid.net/ipr/ in the process document there.  I don't know why there's not a link to it and the ipr policy doc from the http://openid.net/foundation/intellectual-property/ page.  Can you send Bill a note cc'ing the board asking that that be fixed?

                               Thanks,
                               -- Mike

-----Original Message-----
From: Drummond Reed [mailto:drummond.reed at cordance.net]
Sent: Thursday, April 24, 2008 7:47 PM
To: Mike Jones
Subject: Ben's observation about documentation of the WG process

Mike,

Just a note that I think Ben's right -- as best I can tell (from what I looked over), there's no documentation of the OpenID workgroup process.

Is this the kind of thing we should ask Bill to do? Or at least to contract out? (This is the kind of thing I know Charles could do for ICF, but Bill has a different skillset...)

One good writer for the OIDF website would go a loooong ways...

=Drummond

-----Original Message-----
From: Ben Laurie [mailto:benl at google.com]
Sent: Thursday, April 24, 2008 6:25 PM
To: Drummond Reed
Cc: David Recordon; Mike Jones; John Bradley; Johnny Bufu; Jonathan Daugherty
Subject: Re: Draft note about creation of the OpenID PAPE working group

On Thu, Apr 24, 2008 at 8:01 PM, Drummond Reed
<drummond.reed at cordance.net> wrote:
> Yes, Ben, it's documented in the OpenID Foundation IPR docs at http://openid.net/foundation/intellectual-property/. It could be better organized, but the OIDF is working on that.

AFAICS that page does not document the WG process.

>
>  =Drummond
>
>
>
>  > -----Original Message-----
>  > From: Ben Laurie [mailto:benl at google.com]
>  > Sent: Thursday, April 24, 2008 10:04 AM
>  > To: David Recordon
>  > Cc: Mike Jones; Drummond Reed; John Bradley; Johnny Bufu; Jonathan
>  > Daugherty
>  > Subject: Re: Draft note about creation of the OpenID PAPE working group
>  >
>  > On Thu, Apr 24, 2008 at 5:37 PM, David Recordon <drecordon at sixapart.com>
>  > wrote:
>  > > You're a part of the Foundation, but Google will have to choose to join
>  > the
>  > > working group.
>  >
>  > Err ... ok ... Google chooses to join the working group.
>  >
>  > BTW, is any of this documented anywhere?
>  >
>  > >
>  > >
>  > >
>  > >  On Apr 24, 2008, at 5:00 AM, "Ben Laurie" <benl at google.com> wrote:
>  > >
>  > >
>  > > > On Thu, Apr 24, 2008 at 7:51 AM, Mike Jones
>  > <Michael.Jones at microsoft.com>
>  > > wrote:
>  > > >
>  > > > >
>  > > > >
>  > > > >
>  > > > >
>  > > > > Good point about making it clear what we're asking people to do.
>  > I've
>  > > > > already asked them to join OIDF and to consider joining the working
>  > > group
>  > > > > once it's up and running.
>  > > > >
>  > > >
>  > > > Am I already joined by virtue of being at google?
>  > > >
>  > > >
>  > > > > What I forgot to do was tell them when and how
>  > > > > the vote will occur.  I propose to do so by adding this sentence to
>  > the
>  > > end
>  > > > > of the message:
>  > > > >
>  > > > >
>  > > > >
>  > > > > "After the Specifications Council has responded to this request to
>  > > create a
>  > > > > working group (which must happen within 15 days) a separate message
>  > will
>  > > be
>  > > > > sent asking those of you who are OpenID members to vote on the
>  > working
>  > > group
>  > > > > creation, containing instructions for how to do so."
>  > > > >
>  > > > >
>  > > > >
>  > > > > Sound good?
>  > > > >
>  > > > >
>  > > > >
>  > > > >                                               -- Mike
>  > > > >
>  > > > >
>  > > > >
>  > > > > ________________________________
>  > > > >
>  > > > >
>  > > > > From: David Recordon [mailto:drecordon at sixapart.com]
>  > > > > Sent: Wednesday, April 23, 2008 11:41 PM
>  > > > > To: Mike Jones
>  > > > > Cc: Ben Laurie; Drummond Reed; John Bradley; Johnny Bufu; Jonathan
>  > > > > Daugherty
>  > > > > Subject: Re: Draft note about creation of the OpenID PAPE working
>  > group
>  > > > >
>  > > > >
>  > > > >
>  > > > >
>  > > > >
>  > > > > Looks fine to me.  The one thing I see missing is what we're asking
>  > > people
>  > > > > to do.  Should we just have people reply with a +1 and we can deal
>  > with
>  > > the
>  > > > > actual counting of the votes re:membership orthogonally?  I think
>  > that
>  > > might
>  > > > > be the easiest.
>  > > > >
>  > > > >
>  > > > >
>  > > > >
>  > > > >
>  > > > > Thanks,
>  > > > >
>  > > > >
>  > > > > --David
>  > > > >
>  > > > >
>  > > > >
>  > > > >
>  > > > >
>  > > > >
>  > > > > On Apr 23, 2008, at 8:05 PM, Mike Jones wrote:
>  > > > >
>  > > > >
>  > > > >
>  > > > >
>  > > > >
>  > > > >
>  > > > >
>  > > > >
>  > > > > Hi folks,
>  > > > >
>  > > > >
>  > > > >
>  > > > >
>  > > > >
>  > > > > To those of you on the to: line -- thanks for agreeing to serve on
>  > the
>  > > PAPE
>  > > > > working group with me to finish making the PAPE draft an OpenID
>  > > > > specification.  Below is the note I propose to send to
>  > specs at openid.net
>  > > to
>  > > > > initiate the creation of the working group.  Please suggest any
>  > edits
>  > > you'd
>  > > > > like or send an ack that you're OK with it as-is.
>  > > > >
>  > > > >
>  > > > >
>  > > > >
>  > > > >
>  > > > > Johnny and Jonathan, as authors of the existing PAPE spec, I'd also
>  > like
>  > > to
>  > > > > invite you to join and contribute to the working group.  If you
>  > would
>  > > like
>  > > > > to be listed as proposers of the working group please let me know
>  > and
>  > > I'll
>  > > > > gladly also add you.  And if any of you would crave the opportunity
>  > to
>  > > be an
>  > > > > editor of the specification I can add you to that list too.
>  > > > >
>  > > > >
>  > > > >
>  > > > >
>  > > > >
>  > > > >                                                               Thanks
>  > > all,
>  > > > >
>  > > > >
>  > > > >                                                               --
>  > Mike
>  > > > >
>  > > > >
>  > > > >
>  > > > >
>  > > > >
>  > > > > To:  specs at openid.net
>  > > > >
>  > > > >
>  > > > > Subject:  Proposal to create the PAPE working group
>  > > > >
>  > > > >
>  > > > >
>  > > > >
>  > > > >
>  > > > > In accordance with the OpenID Foundation IPR policies and procedures
>  > > this
>  > > > > note proposes the formation of a new working group chartered to
>  > produce
>  > > an
>  > > > > OpenID specification.  As per Section 4.1 of the Policies, the
>  > specifics
>  > > of
>  > > > > the proposed working group are:
>  > > > >
>  > > > >
>  > > > >
>  > > > >
>  > > > >
>  > > > > Proposal:
>  > > > >
>  > > > >
>  > > > > (a)  Charter.
>  > > > >
>  > > > >
>  > > > >               (i)  WG name:  Provider Authentication Policy
>  > Extension
>  > > > > (PAPE)
>  > > > >
>  > > > >
>  > > > >               (ii)  Purpose:  Produce a standard OpenID extension to
>  > the
>  > > > > OpenID Authentication protocol that:  provides a mechanism by which
>  > a
>  > > > > Relying Party can request that particular authentication policies be
>  > > applied
>  > > > > by the OpenID Provider when authenticating an End User and provides
>  > a
>  > > > > mechanism by which an OpenID Provider may inform a Relying Party
>  > which
>  > > > > authentication policies were used. Thus a Relying Party can request
>  > that
>  > > the
>  > > > > End User authenticate, for example, using a phishing-resistant
>  > and/or
>  > > > > multi-factor authentication method.
>  > > > >
>  > > > >
>  > > > >               (iii)  Scope:  Produce a revision of the PAPE 1.0
>  > Draft 2
>  > > > > specification that clarifies its intent, while maintaining
>  > compatibility
>  > > for
>  > > > > existing Draft 2 implementations.  Adding any support for
>  > communicating
>  > > > > requests for or the use of specific authentication methods (as
>  > opposed
>  > > to
>  > > > > authentication policies) is explicitly out of scope.
>  > > > >
>  > > > >
>  > > > >               (iv)  Proposed List of Specifications:  Provider
>  > > > > Authentication Policy Extension 1.0, spec completion expected during
>  > May
>  > > > > 2008.
>  > > > >
>  > > > >
>  > > > >               (v)  Anticipated audience or users of the work:
>  > > > > Implementers of OpenID Providers and Relying Parties – especially
>  > those
>  > > > > interested in mitigating the phishing vulnerabilities of logging
>  > into
>  > > OpenID
>  > > > > providers with passwords.
>  > > > >
>  > > > >
>  > > > >               (vi)  Language in which the WG will conduct business:
>  > > > > English.
>  > > > >
>  > > > >
>  > > > >               (vii)  Method of work:  E-mail discussions on the
>  > working
>  > > > > group mailing list, working group conference calls, and possibly a
>  > > > > face-to-face meeting at the Internet Identity Workshop.
>  > > > >
>  > > > >
>  > > > >               (viii)  Basis for determining when the work of the WG
>  > is
>  > > > > completed:  Proposed changes to draft 2 will be evaluated on the
>  > basis
>  > > of
>  > > > > whether they increase or decrease consensus within the working
>  > group.
>  > > The
>  > > > > work will be completed once it is apparent that maximal consensus on
>  > the
>  > > > > draft has been achieved, consistent with the purpose and scope.
>  > > > >
>  > > > >
>  > > > > (b)  Background Information.
>  > > > >
>  > > > >
>  > > > >               (i)  Related work being done in other WGs or
>  > > organizations:
>  > > > > (1) Assurance Levels as defined by the National Institute of
>  > Standards
>  > > and
>  > > > > Technology (NIST) in Special Publication 800-63 (Burr, W., Dodson,
>  > D.,
>  > > and
>  > > > > W. Polk, Ed., "Electronic Authentication Guideline," April 2006.)
>  > > > > [NIST_SP800‑63].  This working group is needed to enable
>  > authentication
>  > > > > policy statements to be exchanged by OpenID endpoints.  No
>  > coordination
>  > > is
>  > > > > needed with NIST, as the PAPE specification uses elements of the
>  > NIST
>  > > > > specification in the intended fashion.
>  > > > >
>  > > > >
>  > > > >               (ii)  Proposers:
>  > > > >
>  > > > >
>  > > > >                               Michael B. Jones, mbj at microsoft.com,
>  > > > > Microsoft Corporation
>  > > > >
>  > > > >
>  > > > >                               David Recordon,
>  > drecordon at sixapart.com,
>  > > Six
>  > > > > Apart Corporation
>  > > > >
>  > > > >
>  > > > >                               Ben Laurie, benl at google.com, Google
>  > > > > Corporation
>  > > > >
>  > > > >
>  > > > >                               Drummond Reed,
>  > drummond.reed at cordance.net,
>  > > > > Cordance Corporation
>  > > > >
>  > > > >
>  > > > >                               John Bradley, john.bradley at wingaa.com,
>  > > > > Wingaa Corporation
>  > > > >
>  > > > >
>  > > > > Editors:
>  > > > >
>  > > > >
>  > > > >                               Michael B. Jones, mbj at microsoft.com,
>  > > > > Microsoft Corporation
>  > > > >
>  > > > >
>  > > > >                               David Recordon,
>  > drecordon at sixapart.com,
>  > > Six
>  > > > > Apart Corporation
>  > > > >
>  > > > >
>  > > > >               (iii)  Anticipated Contributions:  None.
>  > > > >
>  > > > >
>  > > > >
>  > > > >
>  > > > >
>  > > > > ====
>  > > > >
>  > > > >
>  > > > >
>  > > > >
>  > > > >
>  > > > > (The rest of this note is informational and not part of the proposal
>  > to
>  > > > > create an OpenID working group.)
>  > > > >
>  > > > >
>  > > > >
>  > > > >
>  > > > >
>  > > > > Given that the OpenID specification procedures call for votes of the
>  > > > > membership, this would be a good time for those wanting to influence
>  > the
>  > > > > outcome of this specification to join the OpenID Foundation.  You
>  > can do
>  > > so
>  > > > > at http://openid.net/foundation/join/.  Should you wish to join the
>  > > working
>  > > > > group, you will also need to execute one of the Contribution
>  > Agreements
>  > > at
>  > > > > http://openid.net/foundation/intellectual-property/ once the working
>  > > group
>  > > > > formation has been approved by the membership.
>  > > > >
>  > > > >
>  > > > >
>  > > > >
>  > > > >
>  > > > >
>  > > >
>  > >
>  > >
>
>

 

 

 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-board/attachments/20080425/06f413f8/attachment-0003.htm>


More information about the board mailing list