[OpenID] RP library authors

John Bradley ve7jtb at ve7jtb.com
Fri Sep 11 23:31:31 UTC 2009 

I would like to say there is some hidden plan that explains it, but no  
it is an error.

The tech writer will be reprimanded.

I will have that fixed.

Thanks
John B.

On 2009-09-11, at 7:15 PM, Tatsuki Sakushima wrote:

> Hi John,
>
> The document misses a reference to the PAPE spec in Appendix D.
> Is that done on purpose until some errors in the spec will be fixed?
>
> Tatsuki
>
> Tatsuki Sakushima
> NRI Pacific - Nomura Research Institute America, Inc.
>
> (9/11/09 8:49 AM), John Bradley wrote:
>> The GSA profile for openID is available at:
>> http://www.idmanagement.gov/documents/ICAM_OpenID20Profile.pdf
>> Many things that are SHOULD in the openID 2.0 spec are now MUST in  
>> the profile.
>> There are new PAPE URI and other modifications.
>> Most of the OP's supporting the profile will not be restricting it  
>> to only Gov RP's.
>> Any RP may elect to use all or parts of this new profile for any  
>> purpose they choose.
>> Also any OP is free to support it wether or not they are on the GSA  
>> whitelist.
>> To get on the GSA white-list OP's must support the profile and be  
>> audited against a Trust Framework.  The OIDF has information  
>> available an applying through it's program.
>> There are quite a number of requirements on the RP side, that need  
>> to be met.
>> The sooner these features are in libraries the sooner government  
>> agencies can move ahead with deployments.
>> If there is interest we can set up a google group where developers  
>> can get there questions on implementing the profile answered.
>> If I can get to IIW in Nov,  I would like to organize a session on  
>> this for people.
>> There will be revisions to the profile in the future as we all gain  
>> experience.
>> The people who worked on the profile tried to profile only the  
>> existing specifications as written without inventing anything  
>> incompatible with existing implementations.
>> The GSA's goal is to enable as many existing identities as possible  
>> to have access to govenment resources without making people create  
>> new username and password accounts at each of the thousands  of  
>> potential RP sites.
>> Extra attention was taken to allow openID to be used without  
>> divulging ANY PII to the government.
>> This includes the use of a Pseudonymous openID identifier to allow  
>> sites that can take no PII or do any correlation to still use openID.
>> The regulation on this is quite strict.  We could not convert the  
>> ID to a pseudonym on the RP side and adhere to the regulation.
>> We hope that the profile maximizes participation of OP's and RPs  
>> alike, while not placing insurmountable burdens on developers.
>> RP's and OP's that don't intend to make use of the profile need to  
>> make no changes at all.
>> I regret bot being able to share more of this with you sooner.  The  
>> OIDF and the other foundations were requested not to discuss this  
>> publicly until after the government announcements.
>> Regards
>> John Bradley
>> _______________________________________________
>> specs mailing list
>> specs at lists.openid.net
>> http://lists.openid.net/mailman/listinfo/openid-specs

More information about the general mailing list