<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv=Content-Type content="text/html; charset=us-ascii">
<meta name=Generator content="Microsoft Word 12 (filtered medium)">
<style>
<!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Consolas;
panose-1:2 11 6 9 2 2 4 3 2 4;}
@font-face
{font-family:Verdana;
panose-1:2 11 6 4 3 5 4 4 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri","sans-serif";}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
p.MsoPlainText, li.MsoPlainText, div.MsoPlainText
{mso-style-priority:99;
mso-style-link:"Plain Text Char";
margin:0in;
margin-bottom:.0001pt;
font-size:10.5pt;
font-family:Consolas;}
p.MsoListParagraph, li.MsoListParagraph, div.MsoListParagraph
{mso-style-priority:34;
margin-top:0in;
margin-right:0in;
margin-bottom:0in;
margin-left:.5in;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri","sans-serif";}
span.PlainTextChar
{mso-style-name:"Plain Text Char";
mso-style-priority:99;
mso-style-link:"Plain Text";
font-family:Consolas;}
.MsoChpDefault
{mso-style-type:export-only;}
@page Section1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.Section1
{page:Section1;}
/* List Definitions */
@list l0
{mso-list-id:112754159;
mso-list-type:hybrid;
mso-list-template-ids:593821536 67698703 67698713 67698715 67698703 67698713 67698715 67698703 67698713 67698715;}
@list l0:level1
{mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;}
@list l0:level2
{mso-level-number-format:alpha-lower;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;}
@list l1
{mso-list-id:819733635;
mso-list-type:hybrid;
mso-list-template-ids:-1168768044 67698703 67698689 67698715 67698703 67698713 67698715 67698703 67698713 67698715;}
@list l1:level1
{mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;}
@list l1:level2
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Symbol;}
ol
{margin-bottom:0in;}
ul
{margin-bottom:0in;}
-->
</style>
<!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang=EN-US link=blue vlink=purple>
<div class=Section1>
<p class=MsoPlainText><span style='font-size:10.0pt;font-family:"Courier New";
color:black'>Concerning (A) AX property identities and (B) applying Az policies
to the flow of and encoding of attributes across OpenID AX:-<o:p></o:p></span></p>
<p class=MsoPlainText><span style='font-size:10.0pt;font-family:"Courier New";
color:black'><o:p> </o:p></span></p>
<p class=MsoPlainText style='margin-left:.5in;text-indent:-.25in;mso-list:l0 level1 lfo1'><![if !supportLists]><span
style='font-size:10.0pt;font-family:"Courier New";color:black'><span
style='mso-list:Ignore'>1.<span style='font:7.0pt "Times New Roman"'> </span></span></span><![endif]><span
style='font-size:10.0pt;font-family:"Courier New";color:black'>The Openid:prop
for fullname could need to be associated with the names/types/ids of the equivalent
properties denoted using schemas.xmlsoap.org/ws/2005/05/identity.<o:p></o:p></span></p>
<p class=MsoPlainText style='margin-left:.5in'><span style='font-size:10.0pt;
font-family:"Courier New";color:black'><o:p> </o:p></span></p>
<p class=MsoPlainText style='margin-left:.5in;text-indent:-.25in;mso-list:l0 level1 lfo1'><![if !supportLists]><span
style='font-size:10.0pt;font-family:"Courier New";color:black'><span
style='mso-list:Ignore'>2.<span style='font:7.0pt "Times New Roman"'> </span></span></span><![endif]><span
style='font-size:10.0pt;font-family:"Courier New";color:black'>We have to remember
that the OpenID AX server responds to attribute requests, using ultimately some
local means to find values (e.g. a spaqrql query). This pattern is similar to
that used in an OpenID checkID request – which depends on some local means
to authenticate/prove a fullnamed Person’s presence.<o:p></o:p></span></p>
<p class=MsoListParagraph><span style='font-size:10.0pt;font-family:"Courier New";
color:black'><o:p> </o:p></span></p>
<p class=MsoPlainText style='margin-left:.5in;text-indent:-.25in;mso-list:l0 level1 lfo1'><![if !supportLists]><span
style='font-size:10.0pt;font-family:"Courier New";color:black'><span
style='mso-list:Ignore'>3.<span style='font:7.0pt "Times New Roman"'> </span></span></span><![endif]><span
style='font-size:10.0pt;font-family:"Courier New";color:black'>If the consumer
& OpenID-server opt to use FOAF-based metadata (applying the explicit, open-payload
architecture of the AX model) to orchestrate their mutual handling of AX attributes,
yet the “locally-defined” AX value-resolver at some server is using
another vocabulary (e.g. cardspace claims), what do we do?<o:p></o:p></span></p>
<p class=MsoListParagraph><span style='font-size:10.0pt;font-family:"Courier New";
color:black'><o:p> </o:p></span></p>
<p class=MsoPlainText style='margin-left:1.0in;text-indent:-.25in;mso-list:
l1 level2 lfo2'><![if !supportLists]><span style='font-size:10.0pt;font-family:
Symbol;color:black'><span style='mso-list:Ignore'>·<span
style='font:7.0pt "Times New Roman"'>
</span></span></span><![endif]><span style='font-size:10.0pt;font-family:"Courier New";
color:black'>If the foaf AX property now declares it association with the (cardspace)
claim it associates with, the user’s FOAF file can help gateway between
the AX server and the cardspace token claim-values that may infact be the (local)
source of the AX values.<o:p></o:p></span></p>
<p class=MsoPlainText style='margin-left:1.0in'><span style='font-size:10.0pt;
font-family:"Courier New";color:black'><o:p> </o:p></span></p>
<p class=MsoPlainText style='margin-left:1.0in;text-indent:-.25in;mso-list:
l1 level2 lfo2'><![if !supportLists]><span style='font-size:10.0pt;font-family:
Symbol;color:black'><span style='mso-list:Ignore'>·<span
style='font:7.0pt "Times New Roman"'>
</span></span></span><![endif]><span style='font-size:10.0pt;font-family:"Courier New";
color:black'>The FOAF-based access control policy will still constrain the AX
responder. Those FOAF attributes (typed in FOAF-space) that are public info
from the FOAF file get auto-mapped into the AX response. Those others FOAF-space
attributes must come from some local query, per the access control policy, use the
“attribute-type mapping” to get the string value… <o:p></o:p></span></p>
<p class=MsoListParagraph><span style='font-size:10.0pt;font-family:"Courier New";
color:black'><o:p> </o:p></span></p>
<p class=MsoPlainText style='margin-left:1.0in;text-indent:-.25in;mso-list:
l1 level2 lfo2'><![if !supportLists]><span style='font-size:10.0pt;font-family:
Symbol;color:black'><span style='mso-list:Ignore'>·<span
style='font:7.0pt "Times New Roman"'>
</span></span></span><![endif]><span style='font-size:10.0pt;font-family:"Courier New";
color:black'>Before the value is delivered to AX to send, any further access
controls are applied (e.g. per-attribute encryption) per additional policy
instructions in the user’s FOAF file.<o:p></o:p></span></p>
<p class=MsoPlainText><o:p> </o:p></p>
<p class=MsoPlainText><o:p> </o:p></p>
<p class=MsoPlainText>FOAF will be allowing OpenID to do much of what SAML2 can
do in the same area, when handling attributes, access controls and encrypting
particular attributes. The benefit is… FOAF makes it UCI managed, rather
than a B2B TTP-only management regime.<o:p></o:p></p>
<p class=MsoPlainText><o:p> </o:p></p>
<p class=MsoPlainText><o:p> </o:p></p>
<p class=MsoPlainText>-----Original Message-----<br>
From: Story Henry [mailto:henry.story@bblfish.net] <br>
Sent: Wednesday, August 22, 2007 8:08 AM<br>
To: Peter Williams<br>
Cc: OpenID General<br>
Subject: Re: [OpenID] cryptographics web of trust<o:p></o:p></p>
<p class=MsoPlainText><o:p> </o:p></p>
<p class=MsoPlainText><o:p> </o:p></p>
<p class=MsoPlainText><o:p> </o:p></p>
<p class=MsoPlainText><o:p> </o:p></p>
<p class=MsoPlainText style='margin-left:.5in'>Interesting idea here to specify
in the foaf file what types of attributes can be found on the OpenID AX.
I wonder how this could be written in foaf... Perhaps something like this:<o:p></o:p></p>
<p class=MsoPlainText style='margin-left:.5in'><o:p> </o:p></p>
<p class=MsoPlainText style='margin-left:.5in'><o:p> </o:p></p>
<p class=MsoPlainText style='margin-left:.5in'>:me a foaf:Person;<o:p></o:p></p>
<p class=MsoPlainText style='margin-left:.5in'> foaf:openid
[ = <http://openid.sun.com/bblfish>;<o:p></o:p></p>
<p class=MsoPlainText style='margin-left:.5in'>
openid:server <"https://openid.sun.com/openid/service>;<o:p></o:p></p>
<p class=MsoPlainText style='margin-left:.5in'>
] .<o:p></o:p></p>
<p class=MsoPlainText style='margin-left:.5in'><o:p> </o:p></p>
<p class=MsoPlainText style='margin-left:.5in'>[] a
openId:AttributeExchangeData;<o:p></o:p></p>
<p class=MsoPlainText style='margin-left:.5in'>
openid:subject <http://openid.sun.com/bblfish>;<o:p></o:p></p>
<p class=MsoPlainText style='margin-left:.5in'> openid:server
<https://openid.sun.com/openid/service>;<o:p></o:p></p>
<p class=MsoPlainText style='margin-left:.5in'> openid:prop
<http://example.com/schema/fullname>;<o:p></o:p></p>
<p class=MsoPlainText style='margin-left:.5in'> openid:prop
<http://example.com/schema/favourite_movie> .<o:p></o:p></p>
<p class=MsoPlainText style='margin-left:.5in'><o:p> </o:p></p>
<p class=MsoPlainText style='margin-left:.5in'><o:p> </o:p></p>
<p class=MsoPlainText style='margin-left:.5in'>Do people use foaf urls for
identifying relations in the attribute <o:p></o:p></p>
<p class=MsoPlainText style='margin-left:.5in'>exchange? That would make a lot
of sense.<o:p></o:p></p>
<p class=MsoPlainText style='margin-left:.5in'><span style='color:black'><o:p> </o:p></span></p>
<p class=MsoPlainText style='margin-left:.5in'>It would also be interesting
because one could then identify the <o:p></o:p></p>
<p class=MsoPlainText style='margin-left:.5in'>attribute exchange protocol as a
form of query. See my recent post <o:p></o:p></p>
<p class=MsoPlainText style='margin-left:.5in'>http://blogs.sun.com/bblfish/entry/sparqling_altavista_the_meaning_of<o:p></o:p></p>
<p class=MsoPlainText><o:p> </o:p></p>
<p class=MsoPlainText><o:p> </o:p></p>
<p class=MsoPlainText><span style='color:black'><o:p> </o:p></span></p>
<p class=MsoPlainText><span style='font-size:8.0pt;font-family:"Verdana","sans-serif";
color:black'>The Openid:prop for fullname could need to be associated with the
names/types/ids of the same properties – as expressed in terms of schemas.xmlsoap.org/ws/2005/05/identity.<o:p></o:p></span></p>
<p class=MsoPlainText><span style='font-size:8.0pt;font-family:"Verdana","sans-serif";
color:black'><o:p> </o:p></span></p>
<p class=MsoPlainText><span style='font-size:8.0pt;font-family:"Verdana","sans-serif";
color:black'>We have to remember that the OpenID AX server responds to
attribute requests, using ultimately some local means to find values (e.g. a spaqrql
query). This is similar to the patter used in an OpenID checkID request –
which depends on some local means to authenticate/prove the Person’s
presence.<o:p></o:p></span></p>
<p class=MsoPlainText><span style='font-size:8.0pt;font-family:"Verdana","sans-serif";
color:black'><o:p> </o:p></span></p>
<p class=MsoPlainText><span style='font-size:8.0pt;font-family:"Verdana","sans-serif";
color:black'>If the consumer & server opt to use FOAF-based metadata to
orchestrate their handling of AX attributes, yet the local value-resolver
is using another vocabulary (e.g. cardspace claims), what do we do?<o:p></o:p></span></p>
<p class=MsoPlainText><span style='font-size:8.0pt;font-family:"Verdana","sans-serif";
color:black'><o:p> </o:p></span></p>
<p class=MsoPlainText><span style='font-size:8.0pt;font-family:"Verdana","sans-serif";
color:black'>If the foaf AX property is declaring with cardspace claim its
associated with, the users FOAF file can help gateway AX to the cardspace tokens
that may infact be the source of the values.</span><span style='color:black'><o:p></o:p></span></p>
</div>
</body>
</html>