<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:x="urn:schemas-microsoft-com:office:excel" xmlns:p="urn:schemas-microsoft-com:office:powerpoint" xmlns:a="urn:schemas-microsoft-com:office:access" xmlns:dt="uuid:C2F41010-65B3-11d1-A29F-00AA00C14882" xmlns:s="uuid:BDC6E3F0-6DA3-11d1-A2A3-00AA00C14882" xmlns:rs="urn:schemas-microsoft-com:rowset" xmlns:z="#RowsetSchema" xmlns:b="urn:schemas-microsoft-com:office:publisher" xmlns:ss="urn:schemas-microsoft-com:office:spreadsheet" xmlns:c="urn:schemas-microsoft-com:office:component:spreadsheet" xmlns:odc="urn:schemas-microsoft-com:office:odc" xmlns:oa="urn:schemas-microsoft-com:office:activation" xmlns:html="http://www.w3.org/TR/REC-html40" xmlns:q="http://schemas.xmlsoap.org/soap/envelope/" xmlns:D="DAV:" xmlns:x2="http://schemas.microsoft.com/office/excel/2003/xml" xmlns:ois="http://schemas.microsoft.com/sharepoint/soap/ois/" xmlns:dir="http://schemas.microsoft.com/sharepoint/soap/directory/" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:dsp="http://schemas.microsoft.com/sharepoint/dsp" xmlns:udc="http://schemas.microsoft.com/data/udc" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:sub="http://schemas.microsoft.com/sharepoint/soap/2002/1/alerts/" xmlns:ec="http://www.w3.org/2001/04/xmlenc#" xmlns:sp="http://schemas.microsoft.com/sharepoint/" xmlns:sps="http://schemas.microsoft.com/sharepoint/soap/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:udcxf="http://schemas.microsoft.com/data/udc/xmlfile" xmlns:wf="http://schemas.microsoft.com/sharepoint/soap/workflow/" xmlns:mver="http://schemas.openxmlformats.org/markup-compatibility/2006" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns:mrels="http://schemas.openxmlformats.org/package/2006/relationships" xmlns:ex12t="http://schemas.microsoft.com/exchange/services/2006/types" xmlns:ex12m="http://schemas.microsoft.com/exchange/services/2006/messages" xmlns:Z="urn:schemas-microsoft-com:" xmlns:st="" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=us-ascii">
<meta name=Generator content="Microsoft Word 12 (filtered medium)">
<!--[if !mso]>
<style>
v\:* {behavior:url(#default#VML);}
o\:* {behavior:url(#default#VML);}
w\:* {behavior:url(#default#VML);}
.shape {behavior:url(#default#VML);}
</style>
<![endif]-->
<style>
<!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Tahoma;
panose-1:2 11 6 4 3 5 4 4 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Times New Roman","serif";}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
p
{mso-style-priority:99;
mso-margin-top-alt:auto;
margin-right:0in;
mso-margin-bottom-alt:auto;
margin-left:0in;
font-size:12.0pt;
font-family:"Times New Roman","serif";}
span.EmailStyle18
{mso-style-type:personal-reply;
font-family:"Calibri","sans-serif";
color:#1F497D;}
.MsoChpDefault
{mso-style-type:export-only;}
@page Section1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.Section1
{page:Section1;}
-->
</style>
<!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang=EN-US link=blue vlink=purple>
<div class=Section1>
<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'>HEHE.<o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'><o:p> </o:p></span></p>
<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'>TRUST MODELS (the unmentionable reality of openid that prevents +actual+
interworking )<o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'><o:p> </o:p></span></p>
<div style='border:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt 0in 0in 0in'>
<p class=MsoNormal><b><span style='font-size:10.0pt;font-family:"Tahoma","sans-serif"'>From:</span></b><span
style='font-size:10.0pt;font-family:"Tahoma","sans-serif"'> general-bounces@openid.net
[mailto:general-bounces@openid.net] <b>On Behalf Of </b>Chris Messina<br>
<b>Sent:</b> Wednesday, October 15, 2008 9:32 PM<br>
<b>To:</b> Drummond Reed<br>
<b>Cc:</b> OpenID List<br>
<b>Subject:</b> [LIKELY_SPAM]Re: [OpenID] Starting new OpenID Workgroups (was
RE:Combining Google & Yahoo user experience research)<o:p></o:p></span></p>
</div>
<p class=MsoNormal><o:p> </o:p></p>
<p class=MsoNormal>I'll volunteer to transfer this document to the OpenID wiki,
but it's not accepting my OpenID, so I'm stymied and can't proceed.<o:p></o:p></p>
<div>
<p class=MsoNormal><o:p> </o:p></p>
</div>
<div>
<p class=MsoNormal>Who's in charge of maintaining the wiki?<o:p></o:p></p>
</div>
<div>
<p class=MsoNormal><o:p> </o:p></p>
</div>
<div>
<p class=MsoNormal style='margin-bottom:12.0pt'>Chris<o:p></o:p></p>
<div>
<p class=MsoNormal>On Wed, Oct 15, 2008 at 10:58 AM, Drummond Reed <<a
href="mailto:drummond.reed@cordance.net">drummond.reed@cordance.net</a>>
wrote:<o:p></o:p></p>
<div>
<div>
<p><span style='font-size:10.0pt;font-family:"Arial","sans-serif";color:navy'>Chris,
you bring up a very good point and one which the OIDF needs to take action on –
it's too hard to find this info right now. The workgroup chartering process is
described a set of docs listed at the bottom of:</span><o:p></o:p></p>
<p><span style='font-size:10.0pt;font-family:"Arial","sans-serif";color:navy'> </span><o:p></o:p></p>
<p><span style='font-size:10.0pt;font-family:"Arial","sans-serif";color:navy'>
<a href="http://openid.net/foundation/intellectual-property/" target="_blank">http://openid.net/foundation/intellectual-property/</a></span><o:p></o:p></p>
<p><span style='font-size:10.0pt;font-family:"Arial","sans-serif";color:navy'> </span><o:p></o:p></p>
<p><span style='font-size:10.0pt;font-family:"Arial","sans-serif";color:navy'>The
key doc in PDF form is:</span><o:p></o:p></p>
<p><span style='font-size:10.0pt;font-family:"Arial","sans-serif";color:navy'> </span><o:p></o:p></p>
<p><span style='font-size:10.0pt;font-family:"Arial","sans-serif";color:navy'>
<a
href="http://openid.net/ipr/OpenID_Process_Document_(Final_Clean_20071221).pdf"
target="_blank">http://openid.net/ipr/OpenID_Process_Document_(Final_Clean_20071221).pdf</a></span><o:p></o:p></p>
<p><span style='font-size:10.0pt;font-family:"Arial","sans-serif";color:navy'> </span><o:p></o:p></p>
<p><span style='font-size:10.0pt;font-family:"Arial","sans-serif";color:navy'>IMHO
what needs to happen is that a simple web page description of this process
needs to be written up and posted to <a href="http://openid.net" target="_blank">openid.net</a>
so that it's much more accessible. If I weren't so swamped I'd volunteer to do
this myself, but due to deadlines I'm under I won't be able to get to it for
several weeks.</span><o:p></o:p></p>
<p><span style='font-size:10.0pt;font-family:"Arial","sans-serif";color:navy'> </span><o:p></o:p></p>
<p><span style='font-size:10.0pt;font-family:"Arial","sans-serif";color:navy'>In
any case, all the info you need is that doc. Basically a group of community
members proposes a charter for the WG, submits it to the Specifications Council
for approval, then the WG is chartered, folks join (and sign the IPR
agreement), it does the work to produce the spec, then the community votes on
it.</span><o:p></o:p></p>
<p><span style='font-size:10.0pt;font-family:"Arial","sans-serif";color:navy'> </span><o:p></o:p></p>
<p><span style='font-size:10.0pt;font-family:"Arial","sans-serif";color:navy'>=Drummond
</span><o:p></o:p></p>
<p><span style='font-size:10.0pt;font-family:"Arial","sans-serif";color:navy'> </span><o:p></o:p></p>
<div style='border:none;border-left:solid blue 1.5pt;padding:0in 0in 0in 4.0pt'>
<div>
<div class=MsoNormal align=center style='text-align:center'>
<hr size=2 width="100%" align=center>
</div>
<p><b><span style='font-size:10.0pt;font-family:"Tahoma","sans-serif"'>From:</span></b><span
style='font-size:10.0pt;font-family:"Tahoma","sans-serif"'> <a
href="mailto:general-bounces@openid.net" target="_blank">general-bounces@openid.net</a>
[mailto:<a href="mailto:general-bounces@openid.net" target="_blank">general-bounces@openid.net</a>]
<b>On Behalf Of </b>Chris Messina<br>
<b>Sent:</b> Wednesday, October 15, 2008 1:00 AM<br>
<b>To:</b> Johannes Ernst<br>
<b>Cc:</b> OpenID List<br>
<b>Subject:</b> Re: [OpenID] Combining Google & Yahoo user experience
research</span><o:p></o:p></p>
</div>
<p> <o:p></o:p></p>
<p>Perfect! Well, I asked Recordon about this over a month ago and I'm still
not clear on what the official policy is! I googled for "OpenID
workgroup" and came up empty; worse, I checked out <a
href="http://openid.net" target="_blank">openid.net</a> and found nothing
either.<o:p></o:p></p>
<div>
<p> <o:p></o:p></p>
</div>
<div>
<p>How does one go about creating such a workgroup? What's required? And how do
we take the existing spec through an OpenID Extension process?<o:p></o:p></p>
</div>
<div>
<p> <o:p></o:p></p>
</div>
<div>
<p>Thanks!<o:p></o:p></p>
</div>
<div>
<p> <o:p></o:p></p>
</div>
<div>
<p style='margin-bottom:12.0pt'>Chris<o:p></o:p></p>
<div>
<p>On Tue, Oct 14, 2008 at 10:26 PM, Johannes Ernst <jernst+<a
href="http://openid.net" target="_blank">openid.net</a>@<a
href="http://netmesh.us" target="_blank">netmesh.us</a>> wrote:<o:p></o:p></p>
<div>
<p>What about you charter EAUT as a proper OpenID workgroup, and then we talk?
;-)<o:p></o:p></p>
<div>
<p> <o:p></o:p></p>
</div>
<div>
<p>I really don't understand why it is not if you are serious about going in
that direction ...<o:p></o:p></p>
</div>
<div>
<div>
<div>
<p> <o:p></o:p></p>
</div>
<div>
<p> <o:p></o:p></p>
<div>
<p> <o:p></o:p></p>
<div>
<div>
<p>On Oct 14, 2008, at 20:49 , Chris Messina wrote:<o:p></o:p></p>
</div>
<p style='margin-bottom:12.0pt'><o:p> </o:p></p>
<div>
<p>Can I take a poll? With all this talk about email address
mapping/translation -- I'm curious -- how many of you have actually read the
EAUT (email address to URL translation) spec?<o:p></o:p></p>
<div>
<p> <o:p></o:p></p>
</div>
<div>
<p><a href="http://eaut.org/specs/1.0/" target="_blank">http://eaut.org/specs/1.0/</a><o:p></o:p></p>
</div>
<div>
<p> <o:p></o:p></p>
</div>
<div>
<p style='margin-bottom:12.0pt'>It seems like much of this conversation (the
productive bits) could be had on the EAUT list [1], in order to move things
forward and get the spec in a form that could be taken into an OpenID Extension,
which could then pave the way for 1) establishing extension creation protocol
and 2) make the spec ready for wider deployment/adoption.<o:p></o:p></p>
</div>
<div>
<p>Not that all this talk of DNS and XRI isn't compelling, but I was hoping
that we might get a solution in place before I turn 40.<o:p></o:p></p>
</div>
<div>
<p> <o:p></o:p></p>
</div>
<div>
<p>Chris<o:p></o:p></p>
</div>
<div>
<p> <o:p></o:p></p>
</div>
<div>
<p>P.S. I was born in 1981.<o:p></o:p></p>
</div>
<div>
<p> <o:p></o:p></p>
</div>
<div>
<p>[1] <a href="http://groups.google.com/group/eaut" target="_blank">http://groups.google.com/group/eaut</a><o:p></o:p></p>
</div>
<div>
<p> <o:p></o:p></p>
<div>
<p>On Tue, Oct 14, 2008 at 8:32 PM, Brandon Ramirez <<a
href="mailto:brandon.s.ramirez@gmail.com" target="_blank">brandon.s.ramirez@gmail.com</a>>
wrote:<o:p></o:p></p>
<div>
<p>It's more than just request -> response. It's also an intriguing
model for information resolution, where the trust is centralized, but
then delegated out.<br>
<br>
Why shouldn't it be used for identity resolution as well? An identity
(even more so from a computer's perspective) is merely a small set of data with
a chain of trust - just like most DNS lookups.<o:p></o:p></p>
<div>
<div>
<p style='margin-bottom:12.0pt'> <o:p></o:p></p>
<div>
<p>On Tue, Oct 14, 2008 at 10:45 PM, Martin Atkins <<a
href="mailto:mart@degeneration.co.uk" target="_blank">mart@degeneration.co.uk</a>>
wrote:<o:p></o:p></p>
<div>
<p style='margin-bottom:12.0pt'>SitG Admin wrote:<br>
><br>
>> Putting it in DNS doesn't change the user-centricness, it just changes<br>
>> the means of publication.<br>
><br>
> I disagree here; to use military terminology here (as learned from<br>
> analyses of Trusted Computing) for a moment, your DNS server is not a<br>
> Trusted party for your personal information! IT does not have access to<br>
> your personal information; YOU do. If a spammer (or stalker) wants to<br>
> learn where you live (so they have a physical address for snailmail spam<br>
> or home invasion), they cannot simply ask the DNS server where you live,<br>
> because the DNS server does not possess that information - they MUST<br>
> contact you, the user, directly, and in the process of making that<br>
> request they not only make you (the user) aware of it, but provoke the<br>
> distinct possibility that you will simply refuse to tell them!<br>
><br>
> Your reply also suggested, though, that this level of control *can* be<br>
> present in DNS, which intrigues me :)<br>
><o:p></o:p></p>
</div>
<p>I was not suggesting that you should put your physical address or<br>
telephone number in DNS, just that you can publish in DNS information<br>
about how that information might be obtained, much as you publish on<br>
your web site how that information might be obtained.<br>
<br>
I'd also like to point out that HTTP URLs are themselves dependent on<br>
DNS. All you gain by publishing this information over HTTP rather than<br>
DNS is a couple more layers of indirection. I can't control my identity<br>
page on MyOpenID any more than I can control the contents of the<br>
<a href="http://myopenid.com" target="_blank">myopenid.com</a> DNS zone.<br>
<br>
Additionally, since DNS is a request->response protocol just like HTTP,<br>
there's no technical reason why you can't log requests and refuse to<br>
talk to certain clients if you wish. The domain name system is not magic.<o:p></o:p></p>
<div>
<div>
<p><br>
<br>
_______________________________________________<br>
general mailing list<br>
<a href="mailto:general@openid.net" target="_blank">general@openid.net</a><br>
<a href="http://openid.net/mailman/listinfo/general" target="_blank">http://openid.net/mailman/listinfo/general</a><o:p></o:p></p>
</div>
</div>
</div>
<p> <o:p></o:p></p>
</div>
</div>
</div>
<p style='margin-bottom:12.0pt'><br>
_______________________________________________<br>
general mailing list<br>
<a href="mailto:general@openid.net" target="_blank">general@openid.net</a><br>
<a href="http://openid.net/mailman/listinfo/general" target="_blank">http://openid.net/mailman/listinfo/general</a><o:p></o:p></p>
</div>
<p><br>
<br clear=all>
<br>
-- <br>
Chris Messina<br>
Citizen-Participant &<br>
Open Technology Advocate-at-Large<br>
<a href="http://factoryjoe.com" target="_blank">factoryjoe.com</a> # <a
href="http://diso-project.org" target="_blank">diso-project.org</a><br>
<a href="http://citizenagency.com" target="_blank">citizenagency.com</a> # <a
href="http://vidoop.com" target="_blank">vidoop.com</a><br>
This email is: [ ] bloggable [X] ask first [ ]
private<o:p></o:p></p>
</div>
</div>
<p>_______________________________________________<br>
general mailing list<br>
<a href="mailto:general@openid.net" target="_blank">general@openid.net</a><br>
<a href="http://openid.net/mailman/listinfo/general" target="_blank">http://openid.net/mailman/listinfo/general</a><o:p></o:p></p>
</div>
<p> <o:p></o:p></p>
</div>
</div>
</div>
</div>
</div>
</div>
<p><br>
<br clear=all>
<br>
-- <br>
Chris Messina<br>
Citizen-Participant &<br>
Open Technology Advocate-at-Large<br>
<a href="http://factoryjoe.com" target="_blank">factoryjoe.com</a> # <a
href="http://diso-project.org" target="_blank">diso-project.org</a><br>
<a href="http://citizenagency.com" target="_blank">citizenagency.com</a> # <a
href="http://vidoop.com" target="_blank">vidoop.com</a><br>
This email is: [ ] bloggable [X] ask first [ ]
private<o:p></o:p></p>
</div>
</div>
</div>
</div>
</div>
<p class=MsoNormal><br>
<br clear=all>
<br>
-- <br>
Chris Messina<br>
Citizen-Participant &<br>
Open Technology Advocate-at-Large<br>
<a href="http://factoryjoe.com">factoryjoe.com</a> # <a
href="http://diso-project.org">diso-project.org</a><br>
<a href="http://citizenagency.com">citizenagency.com</a> # <a
href="http://vidoop.com">vidoop.com</a><br>
This email is: [ ] bloggable [X] ask first [ ]
private<o:p></o:p></p>
</div>
</div>
</body>
</html>