<html><body style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space; ">Peter, you seem to be conflating Liberty Alliance (an organization with a broad mandate, including user-centric identity) with SAML 2.0 (a federation protocol that -- in large part, but not entirely -- came out of work Liberty Alliance did). I also think you're giving SAML a black eye it doesn't deserve, but I'll let my technical betters defend the user-empowerment of SAML. <div><br><div><div>On Dec 4, 2008, at 12:56 PM, Peter Williams wrote:</div><br class="Apple-interchange-newline"><blockquote type="cite"><span class="Apple-style-span" style="border-collapse: separate; color: rgb(0, 0, 0); font-family: Helvetica; font-size: 12px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: 2; text-align: auto; text-indent: 0px; text-transform: none; white-space: normal; widows: 2; word-spacing: 0px; -webkit-border-horizontal-spacing: 0px; -webkit-border-vertical-spacing: 0px; -webkit-text-decorations-in-effect: none; -webkit-text-size-adjust: auto; -webkit-text-stroke-width: 0; "><div lang="EN-US" link="blue" vlink="purple"><div class="Section1"><div style="margin-top: 0in; margin-right: 0in; margin-left: 0in; margin-bottom: 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif; "><span style="font-size: 11pt; font-family: Calibri, sans-serif; color: rgb(31, 73, 125); ">Assurance in the “system”? Or assurance about an individual operator?<o:p></o:p></span></div><div style="margin-top: 0in; margin-right: 0in; margin-left: 0in; margin-bottom: 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif; "><span style="font-size: 11pt; font-family: Calibri, sans-serif; color: rgb(31, 73, 125); "><o:p> </o:p></span></div><div style="margin-top: 0in; margin-right: 0in; margin-left: 0in; margin-bottom: 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif; "><span style="font-size: 11pt; font-family: Calibri, sans-serif; color: rgb(31, 73, 125); ">Liberty has active programs for facilitating governance of IDPs, and IDPs control over Users and RPs. OpenID encourages a contrasting world of UCI, which has no governance model and no assumption that governance is particularly relevant.<o:p></o:p></span></div><div style="margin-top: 0in; margin-right: 0in; margin-left: 0in; margin-bottom: 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif; "><span style="font-size: 11pt; font-family: Calibri, sans-serif; color: rgb(31, 73, 125); "><o:p> </o:p></span></div><div style="margin-top: 0in; margin-right: 0in; margin-left: 0in; margin-bottom: 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif; "><span style="font-size: 11pt; font-family: Calibri, sans-serif; color: rgb(31, 73, 125); ">I do hope OpenID Japan is not acting as an (undeclared) proxy for Liberty initiatives. There is little or no conception of UCI in the Liberty view of the world. Liberty is a full power TTP control model, where the IDP “controls” users as subscribers and (indirectly) governs their conduct on RP systems. In OpenID, if one OP removes your access to your assertions or attributes signaled to a given RP, you can ALWAYS dump them and SIMPLY use another on the same RP, ___with no impact to the User__. This is (obviously) not the case with the TTP model, where the IDP _<i>controls</i>_ the level of impact on one or more RPs.<o:p></o:p></span></div><div style="margin-top: 0in; margin-right: 0in; margin-left: 0in; margin-bottom: 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif; "><span style="font-size: 11pt; font-family: Calibri, sans-serif; color: rgb(31, 73, 125); "><o:p> </o:p></span></div><div style="margin-top: 0in; margin-right: 0in; margin-left: 0in; margin-bottom: 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif; "><span style="font-size: 11pt; font-family: Calibri, sans-serif; color: rgb(31, 73, 125); "><o:p> </o:p></span></div><div style="border-right-style: none; border-bottom-style: none; border-left-style: none; border-width: initial; border-color: initial; border-top-style: solid; border-top-color: rgb(181, 196, 223); border-top-width: 1pt; padding-top: 3pt; padding-right: 0in; padding-bottom: 0in; padding-left: 0in; "><div style="margin-top: 0in; margin-right: 0in; margin-left: 0in; margin-bottom: 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif; "><b><span style="font-size: 10pt; font-family: Tahoma, sans-serif; ">From:</span></b><span style="font-size: 10pt; font-family: Tahoma, sans-serif; "><span class="Apple-converted-space"> </span><a href="mailto:general-bounces@openid.net">general-bounces@openid.net</a> [<a href="mailto:general-bounces@openid.net" style="color: blue; text-decoration: underline; ">mailto:general-bounces@openid.net</a>]<span class="Apple-converted-space"> </span><b>On Behalf Of<span class="Apple-converted-space"> </span></b>Nat Sakimura<br><b>Sent:</b><span class="Apple-converted-space"> </span>Thursday, December 04, 2008 7:32 AM<br><b>To:</b><span class="Apple-converted-space"> </span>Eddy Nigg (StartCom Ltd.)<br><b>Cc:</b><span class="Apple-converted-space"> </span><a href="mailto:general@openid.net" style="color: blue; text-decoration: underline; ">general@openid.net</a><br><b>Subject:</b><span class="Apple-converted-space"> </span>Re: [OpenID] For the nominees<o:p></o:p></span></div></div><div style="margin-top: 0in; margin-right: 0in; margin-left: 0in; margin-bottom: 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif; "><o:p> </o:p></div><div style="margin-top: 0in; margin-right: 0in; margin-left: 0in; margin-bottom: 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif; ">Hi Eddy, <o:p></o:p></div><div><div style="margin-top: 0in; margin-right: 0in; margin-left: 0in; margin-bottom: 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif; "><o:p> </o:p></div></div><div><div style="margin-top: 0in; margin-right: 0in; margin-left: 0in; margin-bottom: 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif; ">Here is my answers inline: <o:p></o:p></div><div><div style="margin-top: 0in; margin-right: 0in; margin-left: 0in; margin-bottom: 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif; ">On Thu, Dec 4, 2008 at 10:14 PM, Eddy Nigg (StartCom Ltd.) <<a href="mailto:eddy_nigg@startcom.org" style="color: blue; text-decoration: underline; ">eddy_nigg@startcom.org</a>> wrote:<o:p></o:p></div><div><div style="margin-top: 0in; margin-right: 0in; margin-left: 0in; margin-bottom: 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif; ">There are a few questions I'd like to ask the current nominees in order to get a better picture about which ideas a nominee represents. Of course the questions are specifically what I feel important:<o:p></o:p></div><ol start="1" type="1" style="margin-bottom: 0in; "><li class="MsoNormal" style="margin-top: 0in; margin-right: 0in; margin-left: 0in; margin-bottom: 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif; ">Adoption of OpenID by relying parties isn't on-par with the amount of providers available. How would you improve that ratio?<o:p></o:p></li></ol></div><div><div style="margin-top: 0in; margin-right: 0in; margin-left: 0in; margin-bottom: 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif; ">In Japan, we are doing the following: <o:p></o:p></div></div><div><div style="margin-top: 0in; margin-right: 0in; margin-left: 0in; margin-bottom: 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif; "><o:p> </o:p></div></div><div><div style="margin-top: 0in; margin-right: 0in; margin-left: 0in; margin-bottom: 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif; ">- Individual visit to potential RPs to persuade them the value of being an RP. <o:p></o:p></div></div><div><div style="margin-top: 0in; margin-right: 0in; margin-left: 0in; margin-bottom: 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif; ">- Technical seminars to get them up to speed. <o:p></o:p></div></div><div><div style="margin-top: 0in; margin-right: 0in; margin-left: 0in; margin-bottom: 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif; ">- Create an Assurance Framework (this is in progress) to let them have better "trust" in the system. <o:p></o:p></div></div><div><div style="margin-top: 0in; margin-right: 0in; margin-left: 0in; margin-bottom: 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif; "><o:p> </o:p></div></div><div><div style="margin-top: 0in; margin-right: 0in; margin-left: 0in; margin-bottom: 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif; ">I personally think we should replicate it in the global scale. <o:p></o:p></div></div><blockquote style="border-top-style: none; border-right-style: none; border-bottom-style: none; border-width: initial; border-color: initial; border-left-style: solid; border-left-color: rgb(204, 204, 204); border-left-width: 1pt; padding-top: 0in; padding-right: 0in; padding-bottom: 0in; padding-left: 6pt; margin-left: 4.8pt; margin-right: 0in; "><div><ol start="1" type="1" style="margin-bottom: 0in; "><li class="MsoNormal" style="margin-top: 0in; margin-right: 0in; margin-left: 0in; margin-bottom: 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif; ">What is it that should be done in order to have big providers like Google, Yahoo!, Microsoft rely on other operators?<o:p></o:p></li></ol></div></blockquote><div><div style="margin-top: 0in; margin-right: 0in; margin-left: 0in; margin-bottom: 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif; "> Assurance framework is a key. Right now, we have no good way of assessing the assurance level of the assertions. Once it is solved, it will become much easier for them to start accepting the assertions created by a third party. <o:p></o:p></div></div><div><div style="margin-top: 0in; margin-right: 0in; margin-left: 0in; margin-bottom: 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif; "><o:p> </o:p></div></div><div><div style="margin-top: 0in; margin-right: 0in; margin-left: 0in; margin-bottom: 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif; ">Also, we have to show the relevant parties the market and profit potential. <o:p></o:p></div></div><blockquote style="border-top-style: none; border-right-style: none; border-bottom-style: none; border-width: initial; border-color: initial; border-left-style: solid; border-left-color: rgb(204, 204, 204); border-left-width: 1pt; padding-top: 0in; padding-right: 0in; padding-bottom: 0in; padding-left: 6pt; margin-left: 4.8pt; margin-right: 0in; "><div><ol start="1" type="1" style="margin-bottom: 0in; "><li class="MsoNormal" style="margin-top: 0in; margin-right: 0in; margin-left: 0in; margin-bottom: 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif; ">Do you think that a trust relationship framework should be created, similar to PKI auditing (or any other/similar idea) in order to allow relying parties easily trust on other operators? Or what would you suggest instead?<o:p></o:p></li></ol></div></blockquote><div><div style="margin-top: 0in; margin-right: 0in; margin-left: 0in; margin-bottom: 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif; ">Obviously, an assurance framework coupled with auditing is a key factor. I think we should look at Liberty Alliance's Identity Assurance Framework (IAF). IAF is protocol independent so we can profile it to OpenID. Also, Assurance does not come in the form of Technology alone. Legal systems have impact on it. In Japan, we are working closely with the Japanese government to sort out the issues. I think this needs to be replicated to anywhere in the world. That is why we need to have a good representation from the different jurisdictions for the board. <o:p></o:p></div></div><div><div style="margin-top: 0in; margin-right: 0in; margin-left: 0in; margin-bottom: 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif; "><o:p> </o:p></div></div><div><div style="margin-top: 0in; margin-right: 0in; margin-left: 0in; margin-bottom: 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif; ">Having said that, the assurance framework alone does not solve the problem. We should use reputations services in conjunction with it. That is why I have created ORMS TC at OASIS. <o:p></o:p></div></div><div><div style="margin-top: 0in; margin-right: 0in; margin-left: 0in; margin-bottom: 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif; "> <o:p></o:p></div></div><blockquote style="border-top-style: none; border-right-style: none; border-bottom-style: none; border-width: initial; border-color: initial; border-left-style: solid; border-left-color: rgb(204, 204, 204); border-left-width: 1pt; padding-top: 0in; padding-right: 0in; padding-bottom: 0in; padding-left: 6pt; margin-left: 4.8pt; margin-right: 0in; "><div><ol start="1" type="1" style="margin-bottom: 0in; "><li class="MsoNormal" style="margin-top: 0in; margin-right: 0in; margin-left: 0in; margin-bottom: 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif; ">Do you think that instead of hiring an executive director, the load of the different tasks could be shifted to a small group of different persons instead (foundation management)? Would you view a such a scenario possible and perhaps more efficient? (Considering the amount to be paid for an ED, I suspect that many highly motivated and capable individuals from within the community or from outside could do a better job than one individual and receive fair compensation for their work.)<o:p></o:p></li></ol></div></blockquote><div><div style="margin-top: 0in; margin-right: 0in; margin-left: 0in; margin-bottom: 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif; ">This is exactly what we are doing in OpenID Foundation Japan. Instead of hiring an ED, we have distributed tasks to (business-wise) motivated group of people for each topic. Providing them the benefit of doing it seems to deliver a better ROI at least in Japan. I am not entirely sure about the situation in the U.S. and other countries, but considering that OIDF is resource constrained, it certainly is a path that should be considered. <o:p></o:p></div></div><div><div style="margin-top: 0in; margin-right: 0in; margin-left: 0in; margin-bottom: 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif; "><o:p> </o:p></div></div><blockquote style="border-top-style: none; border-right-style: none; border-bottom-style: none; border-width: initial; border-color: initial; border-left-style: solid; border-left-color: rgb(204, 204, 204); border-left-width: 1pt; padding-top: 0in; padding-right: 0in; padding-bottom: 0in; padding-left: 6pt; margin-left: 4.8pt; margin-right: 0in; "><div><div style="margin-top: 0in; margin-right: 0in; margin-left: 0in; margin-bottom: 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif; "><o:p> </o:p></div><div><div style="margin-top: 0in; margin-right: 0in; margin-left: 0in; margin-bottom: 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif; ">--<o:p></o:p></div><table class="MsoNormalTable" border="0" cellspacing="0" cellpadding="0"><tbody><tr><td colspan="2" style="padding-top: 0in; padding-right: 0in; padding-bottom: 0in; padding-left: 0in; "><div style="margin-top: 0in; margin-right: 0in; margin-left: 0in; margin-bottom: 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif; ">Regards <o:p></o:p></div></td></tr><tr><td colspan="2" style="padding-top: 0in; padding-right: 0in; padding-bottom: 0in; padding-left: 0in; "><div style="margin-top: 0in; margin-right: 0in; margin-left: 0in; margin-bottom: 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif; "> <o:p></o:p></div></td></tr><tr><td style="padding-top: 0in; padding-right: 0in; padding-bottom: 0in; padding-left: 0in; "><div style="margin-top: 0in; margin-right: 0in; margin-left: 0in; margin-bottom: 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif; ">Signer: <o:p></o:p></div></td><td style="padding-top: 0in; padding-right: 0in; padding-bottom: 0in; padding-left: 0in; "><div style="margin-top: 0in; margin-right: 0in; margin-left: 0in; margin-bottom: 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif; ">Eddy Nigg,<span class="Apple-converted-space"> </span><a href="http://www.startcom.org" target="_blank" style="color: blue; text-decoration: underline; ">StartCom Ltd.</a><o:p></o:p></div></td></tr><tr><td style="padding-top: 0in; padding-right: 0in; padding-bottom: 0in; padding-left: 0in; "><div style="margin-top: 0in; margin-right: 0in; margin-left: 0in; margin-bottom: 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif; ">Jabber: <o:p></o:p></div></td><td style="padding-top: 0in; padding-right: 0in; padding-bottom: 0in; padding-left: 0in; "><div style="margin-top: 0in; margin-right: 0in; margin-left: 0in; margin-bottom: 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif; "><a href="mailto:startcom@startcom.org" style="color: blue; text-decoration: underline; ">startcom@startcom.org</a><o:p></o:p></div></td></tr><tr><td style="padding-top: 0in; padding-right: 0in; padding-bottom: 0in; padding-left: 0in; "><div style="margin-top: 0in; margin-right: 0in; margin-left: 0in; margin-bottom: 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif; ">Blog: <o:p></o:p></div></td><td style="padding-top: 0in; padding-right: 0in; padding-bottom: 0in; padding-left: 0in; "><div style="margin-top: 0in; margin-right: 0in; margin-left: 0in; margin-bottom: 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif; "><a href="http://blog.startcom.org" target="_blank" style="color: blue; text-decoration: underline; ">Join the Revolution!</a><o:p></o:p></div></td></tr><tr><td style="padding-top: 0in; padding-right: 0in; padding-bottom: 0in; padding-left: 0in; "><div style="margin-top: 0in; margin-right: 0in; margin-left: 0in; margin-bottom: 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif; ">Phone: <o:p></o:p></div></td><td style="padding-top: 0in; padding-right: 0in; padding-bottom: 0in; padding-left: 0in; "><div style="margin-top: 0in; margin-right: 0in; margin-left: 0in; margin-bottom: 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif; ">+1.213.341.0390<o:p></o:p></div></td></tr><tr><td colspan="2" style="padding-top: 0in; padding-right: 0in; padding-bottom: 0in; padding-left: 0in; "><div style="margin-top: 0in; margin-right: 0in; margin-left: 0in; margin-bottom: 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif; "> <o:p></o:p></div></td></tr></tbody></table></div></div><div style="margin-top: 0in; margin-right: 0in; margin-left: 0in; margin-bottom: 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif; "><br>_______________________________________________<br>general mailing list<br><a href="mailto:general@openid.net" style="color: blue; text-decoration: underline; ">general@openid.net</a><br><a href="http://openid.net/mailman/listinfo/general" target="_blank" style="color: blue; text-decoration: underline; ">http://openid.net/mailman/listinfo/general</a><o:p></o:p></div></blockquote></div><div style="margin-top: 0in; margin-right: 0in; margin-left: 0in; margin-bottom: 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif; "><br><br clear="all"><br>--<span class="Apple-converted-space"> </span><br>Nat Sakimura (=nat)<br><a href="http://www.sakimura.org/en/" style="color: blue; text-decoration: underline; ">http://www.sakimura.org/en/</a><o:p></o:p></div></div></div>_______________________________________________<br>general mailing list<br><a href="mailto:general@openid.net" style="color: blue; text-decoration: underline; ">general@openid.net</a><br><a href="http://openid.net/mailman/listinfo/general" style="color: blue; text-decoration: underline; ">http://openid.net/mailman/listinfo/general</a><br></div></span></blockquote></div><br></div></body></html>