<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=us-ascii">
<meta name=Generator content="Microsoft Word 11 (filtered medium)">
<!--[if !mso]>
<style>
v\:* {behavior:url(#default#VML);}
o\:* {behavior:url(#default#VML);}
w\:* {behavior:url(#default#VML);}
.shape {behavior:url(#default#VML);}
</style>
<![endif]-->
<style>
<!--
/* Font Definitions */
@font-face
{font-family:Tahoma;
panose-1:2 11 6 4 3 5 4 4 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Times New Roman";}
h1
{margin-top:12.0pt;
margin-right:0in;
margin-bottom:3.0pt;
margin-left:0in;
page-break-after:avoid;
font-size:16.0pt;
font-family:Arial;}
h2
{margin-top:12.0pt;
margin-right:0in;
margin-bottom:3.0pt;
margin-left:0in;
page-break-after:avoid;
font-size:14.0pt;
font-family:Arial;
font-style:italic;}
h3
{margin-top:12.0pt;
margin-right:0in;
margin-bottom:3.0pt;
margin-left:0in;
page-break-after:avoid;
font-size:12.0pt;
font-family:Arial;}
h4
{margin-top:12.0pt;
margin-right:0in;
margin-bottom:3.0pt;
margin-left:0in;
page-break-after:avoid;
font-size:10.0pt;
font-family:"Times New Roman";
font-style:italic;}
p.MsoHeader, li.MsoHeader, div.MsoHeader
{margin:0in;
margin-bottom:.0001pt;
border:none;
padding:0in;
font-size:10.0pt;
font-family:Arial;}
p.MsoFooter, li.MsoFooter, div.MsoFooter
{margin:0in;
margin-bottom:.0001pt;
border:none;
padding:0in;
font-size:10.0pt;
font-family:Arial;}
p.MsoTitle, li.MsoTitle, div.MsoTitle
{margin-top:0in;
margin-right:0in;
margin-bottom:9.0pt;
margin-left:0in;
text-align:center;
font-size:16.0pt;
font-family:Arial;
font-weight:bold;}
p.MsoBodyText, li.MsoBodyText, div.MsoBodyText
{margin-top:0in;
margin-right:0in;
margin-bottom:6.0pt;
margin-left:0in;
font-size:12.0pt;
font-family:"Times New Roman";}
p.MsoSubtitle, li.MsoSubtitle, div.MsoSubtitle
{margin-top:0in;
margin-right:0in;
margin-bottom:.25in;
margin-left:0in;
text-align:center;
font-size:12.0pt;
font-family:Arial;}
a:link, span.MsoHyperlink
{color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{color:blue;
text-decoration:underline;}
p.Quote, li.Quote, div.Quote
{margin-top:0in;
margin-right:.5in;
margin-bottom:6.0pt;
margin-left:.5in;
font-size:12.0pt;
font-family:"Times New Roman";
font-style:italic;}
p.Wiki, li.Wiki, div.Wiki
{margin:0in;
margin-bottom:.0001pt;
font-size:10.0pt;
font-family:"Courier New";}
p.Graphic, li.Graphic, div.Graphic
{margin-top:0in;
margin-right:0in;
margin-bottom:6.0pt;
margin-left:0in;
text-align:center;
font-size:10.0pt;
font-family:Arial;
font-style:italic;}
span.EmailStyle26
{mso-style-type:personal-reply;
font-family:Arial;
color:navy;}
/* Page Definitions */
@page
{mso-endnote-separator:url("cid:header.htm\@01C85E82.88A3BA50") es;
mso-endnote-continuation-separator:url("cid:header.htm\@01C85E82.88A3BA50") ecs;}
@page Section1
{size:8.5in 11.0in;
margin:1.0in 1.25in 1.0in 1.25in;}
div.Section1
{page:Section1;}
/* List Definitions */
@list l0
{mso-list-id:-132;
mso-list-type:simple;
mso-list-template-ids:-1328661930;}
@list l0:level1
{mso-level-tab-stop:1.25in;
mso-level-number-position:left;
margin-left:1.25in;
text-indent:-.25in;}
@list l1
{mso-list-id:-131;
mso-list-type:simple;
mso-list-template-ids:-909054546;}
@list l1:level1
{mso-level-tab-stop:1.0in;
mso-level-number-position:left;
margin-left:1.0in;
text-indent:-.25in;}
@list l2
{mso-list-id:-130;
mso-list-type:simple;
mso-list-template-ids:531935922;}
@list l2:level1
{mso-level-tab-stop:.75in;
mso-level-number-position:left;
margin-left:.75in;
text-indent:-.25in;}
@list l3
{mso-list-id:-129;
mso-list-type:simple;
mso-list-template-ids:2046339550;}
@list l3:level1
{mso-level-tab-stop:.5in;
mso-level-number-position:left;
text-indent:-.25in;}
@list l4
{mso-list-id:-128;
mso-list-type:simple;
mso-list-template-ids:82112870;}
@list l4:level1
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:1.25in;
mso-level-number-position:left;
margin-left:1.25in;
text-indent:-.25in;
font-family:Symbol;}
@list l5
{mso-list-id:-127;
mso-list-type:simple;
mso-list-template-ids:-1405587484;}
@list l5:level1
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:1.0in;
mso-level-number-position:left;
margin-left:1.0in;
text-indent:-.25in;
font-family:Symbol;}
@list l6
{mso-list-id:-126;
mso-list-type:simple;
mso-list-template-ids:828961842;}
@list l6:level1
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:.75in;
mso-level-number-position:left;
margin-left:.75in;
text-indent:-.25in;
font-family:Symbol;}
@list l7
{mso-list-id:-125;
mso-list-type:simple;
mso-list-template-ids:1053828088;}
@list l7:level1
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:.5in;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Symbol;}
@list l8
{mso-list-id:-120;
mso-list-type:simple;
mso-list-template-ids:-2021464228;}
@list l8:level1
{mso-level-tab-stop:.25in;
mso-level-number-position:left;
margin-left:.25in;
text-indent:-.25in;}
@list l9
{mso-list-id:-119;
mso-list-type:simple;
mso-list-template-ids:445916746;}
@list l9:level1
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:.25in;
mso-level-number-position:left;
margin-left:.25in;
text-indent:-.25in;
font-family:Symbol;}
ol
{margin-bottom:0in;}
ul
{margin-bottom:0in;}
-->
</style>
<!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang=EN-US link=blue vlink=blue>
<div class=Section1>
<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:navy'>+1. To make it even easier to access,
links to all the key current specs from the XRI TC are also maintained directly
on the TC home page, <a href="http://www.oasis-open.org/committees/xri/">http://www.oasis-open.org/committees/xri/</a>.
The two current specs are:<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:navy'><o:p> </o:p></span></font></p>
<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:navy'> XRI Syntax 2.0 Committee Draft
02:<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:navy'> <a
href="http://www.oasis-open.org/committees/download.php/15377">http://www.oasis-open.org/committees/download.php/15377</a><o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:navy'><o:p> </o:p></span></font></p>
<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:navy'> XRI Resolution 2.0 Committee
Draft 02 <o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:navy'> <a
href="http://docs.oasis-open.org/xri/2.0/specs/cd02/xri-resolution-V2.0-cd-02.pdf">http://docs.oasis-open.org/xri/2.0/specs/cd02/xri-resolution-V2.0-cd-02.pdf</a><o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:navy'><o:p> </o:p></span></font></p>
<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:navy'>Since reading specs is often not the best way
to get questions answered ;-), the XRI TC just discussed this morning creating
a new, non-normative document, “Best Practices for Using XRI and XRDS
with OpenID” that will help answer lots of questions about XRI and XRDS
usage that are coming up in OpenID 2.0 implementations (mostly on the RP side).
John Bradley is leading this effort. I cc’d him. Let us know if you’d
like to be involved.<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:navy'><o:p> </o:p></span></font></p>
<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:navy'>=Drummond <o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:navy'><o:p> </o:p></span></font></p>
<div style='border:none;border-left:solid blue 1.5pt;padding:0in 0in 0in 4.0pt'>
<div>
<div class=MsoNormal align=center style='text-align:center'><font size=3
face="Times New Roman"><span style='font-size:12.0pt'>
<hr size=2 width="100%" align=center tabindex=-1>
</span></font></div>
<p class=MsoNormal><b><font size=2 face=Tahoma><span style='font-size:10.0pt;
font-family:Tahoma;font-weight:bold'>From:</span></font></b><font size=2
face=Tahoma><span style='font-size:10.0pt;font-family:Tahoma'>
general-bounces@openid.net [mailto:general-bounces@openid.net] <b><span
style='font-weight:bold'>On Behalf Of </span></b>Gabe Wachob<br>
<b><span style='font-weight:bold'>Sent:</span></b> Thursday, January 24, 2008
11:19 AM<br>
<b><span style='font-weight:bold'>To:</span></b> Peter Williams<br>
<b><span style='font-weight:bold'>Cc:</span></b> openid-general<br>
<b><span style='font-weight:bold'>Subject:</span></b> Re: [OpenID] FW:
Technical Comparison: OpenID and SAML - Draft 06</span></font><o:p></o:p></p>
</div>
<p class=MsoNormal><font size=3 face="Times New Roman"><span style='font-size:
12.0pt'><o:p> </o:p></span></font></p>
<p class=MsoNormal style='margin-bottom:12.0pt'><font size=3
face="Times New Roman"><span style='font-size:12.0pt'>Peter-<br>
OASIS specs (drafts too, usually) are published publicly and for
free. You can find the XRI TC docs at: <a
href="http://www.oasis-open.org/committees/documents.php?wg_abbrev=xri">http://www.oasis-open.org/committees/documents.php?wg_abbrev=xri
</a><br>
<br>
If you have any issues accessing documents, you can email me
personally. <br>
<br>
-Gabe<br>
<br>
<o:p></o:p></span></font></p>
<div>
<p class=MsoNormal><font size=3 face="Times New Roman"><span style='font-size:
12.0pt'>On Jan 24, 2008 11:12 AM, Peter Williams <<a
href="mailto:pwilliams@rapattoni.com"> pwilliams@rapattoni.com</a>> wrote:<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=3 face="Times New Roman"><span style='font-size:
12.0pt'>2 questions:<br>
<br>
Q1. how does XRI/XRD conflict with ENUM/NAPTR and IETF-style provisioning of
name and service records in DNS <br>
<br>
<br>
A1: You have not read IETF stuff, and I have not read XRI stuff (because it
costs money to read even a draft OASIS standard). We are kind of stuck in a
deadlock. Thus, I go with the IETF stuff, expressed particular in ENUM. <br>
<br>
- The basic YADIS approach (read an XRS stream from an http endpoint) seems
like a temporary hack, in the big scheme of things. Going XRI native or XRI
proxies is a blind alley for me, personally, right now (as im ignorant of what
it all means, ultimately) <br>
<br>
- walled garden ENUM (where the walled-garden variant was a hard won battle in
IETF, note) shows how reliance in openid could be walled off, without forcing
the walling procedures to use protocol level security controls (encryption etc)
or qualified namespaces. <br>
<br>
<br>
<br>
Q2. how can openid2 and SAML2 cooperate (within the SAML2 proxying model and
nameid-qualification/autocreate model)<br>
<br>
A2: OpenID2 (likes SAML2) assumes matters of qualified naming and account
subscription/provisioning are handled as local matters - using some or other
backend (probably legacy) system. We happen to have fronted our proprietary
stuff (that covers about 85% of realty's 2.5 million current or recently
expired accounts) with SAML endpoint - saying to the world: ok! stop whining
about relaty proprietary legacy systems: here is an open interface. Get on with
it. You have naming protocols, encryption protocols, assertion protocols, now
even attribute query protocols. When I finally get my head around SAML+XACML,
we will add authorization protocols via PEPs/PDPs/PAPs. <br>
<br>
We are perfectly happy for openid2 protocol engine to be either a downstream or
upstream SAML/legacy proxy (in the formal SAML IDP proxying model). You want to
talk to realty via openid protocols..? Wonderful. Here is how (not that you
really need to know) it maps onto realty's open SAML interfaces so we can
realize your desire. In certain advanced cases, the openid relying party will
have business rules that DEMAND that it knows about what proxying went on, and
with whom. So, we will have to "emulate" certain SAML signals as AX
attributes, probably. Or, openid3 will do it properly. <br>
<br>
Peter (speaking for Rapattoni, not various other realty systems vendors or
NAR).<br>
<br>
<br>
<br>
<br>
<br>
<br>
________________________________<br>
<br>
From: Joseph Holsten on behalf of Joseph Anthony Pasquale Holsten <br>
Sent: Wed 1/23/2008 11:17 PM<br>
To: Peter Williams<br>
Cc: Drummond Reed; openid-general<br>
Subject: Re: [OpenID] FW: Technical Comparison: OpenID and SAML - Draft 06<o:p></o:p></span></font></p>
<div>
<div>
<p class=MsoNormal style='margin-bottom:12.0pt'><font size=3
face="Times New Roman"><span style='font-size:12.0pt'><br>
<br>
On 02008:01:21, at 7:57CST, Peter Williams wrote: <br>
<br>
Intending to speak non-threateningly, I know (as a
security designer on the dumber end of the know-how spectrum) that I want next
to investigate SAML2 and its use of NAPTRs. Its in this area where there
appears a conflict of infrastructure vision between openid and SAML2 - one that
concerns me. <br>
<br>
Openid Auth (over https) is fine as a lightweight
websso protocol. But, the whole XRD and XRI emphasis conflicts with general
IETF direction in DNS, NAPTRs, walled-garden ENUM etc. I know for my part, I
don't yet know how to reconcile these two infrastructure visions on resolving
names to services, particular the websso assurance depend on secure name
resolution. I do know I'm personally arming a new SAML2 party each week (in US
realty), with increasingly sophisticated use of the fancier SAML2 features
(which bodes well for openid2, which the same feature set as SAML in the 80% of
features that most matter). <br>
<br>
<br>
What are you refering to about conflicts with the IETF direction? I haven't
monitored IETF work in years, so please excuse my ignorance. Are you referring
to the way XRI extends existing URI infrastructure? Does non-XRI XRD resolution
(nee yadis) overcome these conflicts in your eyes? <br>
<br>
<br>
<br>
<br>
Whilst we@rapattoni have made a commitment to ensure
we can join realty's websso infrastructure to the web2.0 world via openid2,
beyond that limited goal I'm not sure how to characterize what we will do with
openid. I think it all comes down to SPECIFICALLY how the UCI management vision
takes off, or not, in such as business applications that are building on all
the various successful social networking practices proven over the last few
years. <br>
<br>
<br>
I wonder, are you implementing openid alongside SAML2? It seems that most of
the SSO uses we've had at my work are best solved with OAuth, although if the
site you're SSOing with acts as an OP, I guess AX would be sufficient. <br>
<br>
http:// Joseph Holsten .com<br>
<br>
<br>
<o:p></o:p></span></font></p>
</div>
</div>
<div>
<div>
<p class=MsoNormal><font size=3 face="Times New Roman"><span style='font-size:
12.0pt'>_______________________________________________<br>
general mailing list<br>
<a href="mailto:general@openid.net">general@openid.net </a><br>
<a href="http://openid.net/mailman/listinfo/general" target="_blank">http://openid.net/mailman/listinfo/general</a><o:p></o:p></span></font></p>
</div>
</div>
</div>
<p class=MsoNormal><font size=3 face="Times New Roman"><span style='font-size:
12.0pt'><br>
<br clear=all>
<br>
-- <br>
Gabe Wachob / <a href="mailto:gwachob@wachob.com">gwachob@wachob.com</a> \ <a
href="http://blog.wachob.com">http://blog.wachob.com</a> <o:p></o:p></span></font></p>
</div>
</div>
</body>
</html>