[OpenID] access to draft specifications?

Peter Williams home_pw at msn.com
Mon Sep 7 20:35:02 UTC 2015 

Noting that account is used non traditionally would be useful. If its a mere design artifact of the standard, then fine.

What we dont want, under traditional controls, can be illustrated by an online gambling example. Under traditional account (and thus accountability), we don't want you suddenly liable for us taxes on the winnings and reporting if you use/link your google account in the UK, vs the primary account. We don't want a UK person arrested on entering the us (for illegal gambling) because he linked an America social network account.

These are not fantastic examples, being problems for UK folk who link their America brand payment cards (eg a visa card) to  an "offshore" account (doing something banned in America and China).

Perhaps simply add in security section that account is not meant in the sense of common criteria and security controls, and doesn't imply accountability/governance theory (similarly). Its just a  construct, in some relationship model helping describe the new features.



Sent from my Windows Phone
________________________________
From: Pamela Dingle<mailto:pdingle at pingidentity.com>
Sent: ‎9/‎7/‎2015 1:10 PM
To: peter williams<mailto:home_pw at msn.com>
Cc: Dick Hardt<mailto:dick.hardt at gmail.com>; openid-general at lists.openid.net<mailto:openid-general at lists.openid.net>; Don Thibeau<mailto:don at oidf.org>
Subject: Re: [OpenID] access to draft specifications?

We differentiate between primary and federated accounts in AccountChooser
only to explain the spec differences between initiating a user-only
discovery (ie all you get back is data to fill a local login or
registration form so the user doesn't have to) and a user+idp discovery,
which could act as a basis for a federated authentication request with an
attached login hint.

I agree that most consuming sites would not consider this primary/federated
account dichotomy a fundamental account classification, other than briefly
at authentication time.  If that terminology is confusing, we could
definitely consider alternative terms to communicate those two methods of
discovery, drop me an email if you feel like a different description would
make the spec easier to understand.

Thanks!

Pamela

On Mon, Sep 7, 2015 at 12:25 PM, peter williams <home_pw at msn.com> wrote:

> whats the thinking?on primary vs federated accounts when multiple
> federated accounts underpin local access decisions to the resources
> accountable to a given primary account.
>
> I always thought of things as in name federation (a synonym service for
> identities, based on graph technologies), rather than parallel
> accountabilities.
>
>
>
>
> On September 7, 2015, at 11:49 AM, Pamela Dingle <pdingle at pingidentity.com>
> wrote:
>
> Hey Dick, the latest versions of the two AccountChooser specs we are
> working on are linked to in HTML format from the AC working group page at
> http://openid.net/wg/ac (under the specifications section),  here are the
> links so you don't have to go back to the page, or you can get PDF versions
> from bitbucket at the location that John specified:
>
> Accountchooser Basic Draft:
> http://openid.net/wordpress-content/uploads/2011/12/account-chooser-basic.html
> AccountChooser Integration API Draft:
> http://openid.net/wordpress-content/uploads/2011/12/ac-integration-spec.html
>
> I hope that helps!
>
> Cheers,
>
> Pam
>
> On Sun, Sep 6, 2015 at 3:10 PM, Dick Hardt <dick.hardt at gmail.com> wrote:
>
> Thanks John. Much appreciated.
>
> Perhaps someone could fix the links on the openid.net site?
>
> http://openid.net/wg/napps/ links to http://hg.openid.net/napps/ which
> then redirects to https://bitbucket.org/
>
>
>
> On Sun, Sep 6, 2015 at 2:55 PM, John Bradley <ve7jtb at ve7jtb.com> wrote:
>
> You don’t need to be a member to attend the Oct 26 meeting.
>
> The work groups mostly have bitbucket repositories and wiki.
> MODERNA  https://bitbucket.org/openid/mobile
> NAPPS        https://bitbucket.org/openid/napps
> AC               https://bitbucket.org/openid/ac
>
> RISK is still in the discussion stage I on crating a draft.  I don’t think
> anything is public yet.
> Best place to check is the mailing list.
>
> NAPPS is looking at a posable  recharter splitting the native app sso best
> practices from token agent.
>
> Some of the latest best practice thoughts driven by the new view
> controllers in iOS and Android are in:
> https://tools.ietf.org/html/draft-wdenniss-oauth-native-apps
>
> John B.
>
> On Sep 6, 2015, at 4:52 PM, Dick Hardt <dick.hardt at gmail.com> wrote:
>
> Hi Don / Mike
>
> I wanted to review the latest drafts of:
>
>  Account Chooser WG
>  Native Applications WG
>  MODRNA WG
>  RISC WG
>
> But it does not look like there are any public, read only versions of
> those specifications.
>
> Did I do something wrong in trying to get access?
>
> I registered for the Oct 26 OpenID meeting. Do I have to be a member to
> attend?
>
> -- Dick
>
> _______________________________________________
> general mailing list
> general at lists.openid.net
> http://lists.openid.net/mailman/listinfo/openid-general
>
>
>
>
>
> --
> Subscribe to the HARDTWARE <http://hardtware.com/> mail list to learn
> about projects I am working on!
>
>
>
>
> --
>
> [image: Ping Identity logo] <https://www.pingidentity.com/>
> Pam Dingle
> Principal Technical Architect
> @ pdingle at pingidentity.com [image: phone] +1 303.999.5890 Connect with us… [image:
> twitter logo] <https://twitter.com/pingidentity> [image: youtube logo]
> <https://www.youtube.com/user/PingIdentityTV> [image: LinkedIn logo]
> <https://www.linkedin.com/company/21870> [image: Facebook logo]
> <https://www.facebook.com/pingidentitypage> [image: Google+ logo]
> <https://plus.google.com/u/0/114266977739397708540> [image: slideshare
> logo] <http://www.slideshare.net/PingIdentity> [image: flipboard logo]
> <http://flip.it/vjBF7> [image: rss feed icon]
> <https://www.pingidentity.com/blogs/>
>



--

[image: Ping Identity logo] <https://www.pingidentity.com/>
Pam Dingle
Principal Technical Architect
@ pdingle at pingidentity.com [image: phone] +1 303.999.5890 Connect with
us… [image:
twitter logo] <https://twitter.com/pingidentity> [image: youtube logo]
<https://www.youtube.com/user/PingIdentityTV> [image: LinkedIn logo]
<https://www.linkedin.com/company/21870> [image: Facebook logo]
<https://www.facebook.com/pingidentitypage> [image: Google+ logo]
<https://plus.google.com/u/0/114266977739397708540> [image: slideshare logo]
<http://www.slideshare.net/PingIdentity> [image: flipboard logo]
<http://flip.it/vjBF7> [image: rss feed icon]
<https://www.pingidentity.com/blogs/>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-general/attachments/20150907/c5cffa5d/attachment.html>

More information about the general mailing list