<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=us-ascii">
<meta name=Generator content="Microsoft Word 12 (filtered medium)">
<style>
<!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Tahoma;
panose-1:2 11 6 4 3 5 4 4 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Times New Roman","serif";}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
span.EmailStyle17
{mso-style-type:personal-reply;
font-family:"Calibri","sans-serif";
color:#1F497D;}
.MsoChpDefault
{mso-style-type:export-only;}
@page Section1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.Section1
{page:Section1;}
/* List Definitions */
@list l0
{mso-list-id:603150715;
mso-list-template-ids:-118978276;}
@list l1
{mso-list-id:775946323;
mso-list-template-ids:616873938;}
@list l2
{mso-list-id:1276205792;
mso-list-template-ids:633371746;}
@list l3
{mso-list-id:2113553949;
mso-list-template-ids:-221209646;}
ol
{margin-bottom:0in;}
ul
{margin-bottom:0in;}
-->
</style>
<!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang=EN-US link=blue vlink=purple>
<div class=Section1>
<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'>Assurance in the “system”? Or assurance about an individual operator?<o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'><o:p> </o:p></span></p>
<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'>Liberty has active programs for facilitating governance of IDPs,
and IDPs control over Users and RPs. OpenID encourages a contrasting world of UCI,
which has no governance model and no assumption that governance is particularly
relevant. <o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'><o:p> </o:p></span></p>
<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'>I do hope OpenID Japan is not acting as an (undeclared) proxy
for Liberty initiatives. There is little or no conception of UCI in the Liberty
view of the world. Liberty is a full power TTP control model, where the IDP “controls”
users as subscribers and (indirectly) governs their conduct on RP systems. In
OpenID, if one OP removes your access to your assertions or attributes signaled
to a given RP, you can ALWAYS dump them and SIMPLY use another on the same RP, ___with
no impact to the User__. This is (obviously) not the case with the TTP model, where
the IDP _<i>controls</i>_ the level of impact on one or more RPs.<o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'><o:p> </o:p></span></p>
<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'><o:p> </o:p></span></p>
<div style='border:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt 0in 0in 0in'>
<p class=MsoNormal><b><span style='font-size:10.0pt;font-family:"Tahoma","sans-serif"'>From:</span></b><span
style='font-size:10.0pt;font-family:"Tahoma","sans-serif"'>
general-bounces@openid.net [mailto:general-bounces@openid.net] <b>On Behalf Of </b>Nat
Sakimura<br>
<b>Sent:</b> Thursday, December 04, 2008 7:32 AM<br>
<b>To:</b> Eddy Nigg (StartCom Ltd.)<br>
<b>Cc:</b> general@openid.net<br>
<b>Subject:</b> Re: [OpenID] For the nominees<o:p></o:p></span></p>
</div>
<p class=MsoNormal><o:p> </o:p></p>
<p class=MsoNormal>Hi Eddy, <o:p></o:p></p>
<div>
<p class=MsoNormal><o:p> </o:p></p>
</div>
<div>
<p class=MsoNormal style='margin-bottom:12.0pt'>Here is my answers
inline: <o:p></o:p></p>
<div>
<p class=MsoNormal>On Thu, Dec 4, 2008 at 10:14 PM, Eddy Nigg (StartCom Ltd.)
<<a href="mailto:eddy_nigg@startcom.org">eddy_nigg@startcom.org</a>>
wrote:<o:p></o:p></p>
<div>
<p class=MsoNormal style='margin-bottom:12.0pt'>There are a few questions I'd
like to ask the current nominees in order to get a better picture about which
ideas a nominee represents. Of course the questions are specifically what I
feel important:<o:p></o:p></p>
<ol start=1 type=1>
<li class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;
mso-list:l3 level1 lfo1'>Adoption of OpenID by relying parties isn't
on-par with the amount of providers available. How would you improve that
ratio?<o:p></o:p></li>
</ol>
</div>
<div>
<p class=MsoNormal>In Japan, we are doing the following: <o:p></o:p></p>
</div>
<div>
<p class=MsoNormal><o:p> </o:p></p>
</div>
<div>
<p class=MsoNormal>- Individual visit to potential RPs to persuade them the
value of being an RP. <o:p></o:p></p>
</div>
<div>
<p class=MsoNormal>- Technical seminars to get them up to speed. <o:p></o:p></p>
</div>
<div>
<p class=MsoNormal>- Create an Assurance Framework (this is in progress) to let
them have better "trust" in the system. <o:p></o:p></p>
</div>
<div>
<p class=MsoNormal><o:p> </o:p></p>
</div>
<div>
<p class=MsoNormal>I personally think we should replicate it in the global
scale. <o:p></o:p></p>
</div>
<blockquote style='border:none;border-left:solid #CCCCCC 1.0pt;padding:0in 0in 0in 6.0pt;
margin-left:4.8pt;margin-right:0in'>
<div>
<ol start=1 type=1>
<li class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;
mso-list:l0 level1 lfo2'>What is it that should be done in order to have
big providers like Google, Yahoo!, Microsoft rely on other operators?<o:p></o:p></li>
</ol>
</div>
</blockquote>
<div>
<p class=MsoNormal> Assurance framework is a key. Right now, we have no
good way of assessing the assurance level of the assertions. Once it is solved,
it will become much easier for them to start accepting the assertions created
by a third party. <o:p></o:p></p>
</div>
<div>
<p class=MsoNormal><o:p> </o:p></p>
</div>
<div>
<p class=MsoNormal>Also, we have to show the relevant parties the market and
profit potential. <o:p></o:p></p>
</div>
<blockquote style='border:none;border-left:solid #CCCCCC 1.0pt;padding:0in 0in 0in 6.0pt;
margin-left:4.8pt;margin-right:0in'>
<div>
<ol start=1 type=1>
<li class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;
mso-list:l2 level1 lfo3'>Do you think that a trust relationship framework
should be created, similar to PKI auditing (or any other/similar idea) in
order to allow relying parties easily trust on other operators? Or what
would you suggest instead?<o:p></o:p></li>
</ol>
</div>
</blockquote>
<div>
<p class=MsoNormal>Obviously, an assurance framework coupled with auditing is a
key factor. I think we should look at Liberty Alliance's Identity Assurance
Framework (IAF). IAF is protocol independent so we can profile it to OpenID.
Also, Assurance does not come in the form of Technology alone. Legal systems
have impact on it. In Japan, we are working closely with the Japanese
government to sort out the issues. I think this needs to be replicated to
anywhere in the world. That is why we need to have a good representation from
the different jurisdictions for the board. <o:p></o:p></p>
</div>
<div>
<p class=MsoNormal><o:p> </o:p></p>
</div>
<div>
<p class=MsoNormal>Having said that, the assurance framework alone does not
solve the problem. We should use reputations services in conjunction with it.
That is why I have created ORMS TC at OASIS. <o:p></o:p></p>
</div>
<div>
<p class=MsoNormal> <o:p></o:p></p>
</div>
<blockquote style='border:none;border-left:solid #CCCCCC 1.0pt;padding:0in 0in 0in 6.0pt;
margin-left:4.8pt;margin-right:0in'>
<div>
<ol start=1 type=1>
<li class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;
mso-list:l1 level1 lfo4'>Do you think that instead of hiring an executive
director, the load of the different tasks could be shifted to a small
group of different persons instead (foundation management)? Would you view
a such a scenario possible and perhaps more efficient? (Considering the
amount to be paid for an ED, I suspect that many highly motivated and
capable individuals from within the community or from outside could do a
better job than one individual and receive fair compensation for their
work.)<o:p></o:p></li>
</ol>
</div>
</blockquote>
<div>
<p class=MsoNormal>This is exactly what we are doing in OpenID Foundation
Japan. Instead of hiring an ED, we have distributed tasks to (business-wise)
motivated group of people for each topic. Providing them the benefit of doing
it seems to deliver a better ROI at least in Japan. I am not entirely sure
about the situation in the U.S. and other countries, but considering that OIDF
is resource constrained, it certainly is a path that should be considered.
<o:p></o:p></p>
</div>
<div>
<p class=MsoNormal><o:p> </o:p></p>
</div>
<blockquote style='border:none;border-left:solid #CCCCCC 1.0pt;padding:0in 0in 0in 6.0pt;
margin-left:4.8pt;margin-right:0in'>
<div>
<p class=MsoNormal><o:p> </o:p></p>
<div>
<p class=MsoNormal>-- <o:p></o:p></p>
<table class=MsoNormalTable border=0 cellspacing=0 cellpadding=0>
<tr>
<td colspan=2 style='padding:0in 0in 0in 0in'>
<p class=MsoNormal>Regards <o:p></o:p></p>
</td>
</tr>
<tr>
<td colspan=2 style='padding:0in 0in 0in 0in'>
<p class=MsoNormal> <o:p></o:p></p>
</td>
</tr>
<tr>
<td style='padding:0in 0in 0in 0in'>
<p class=MsoNormal>Signer: <o:p></o:p></p>
</td>
<td style='padding:0in 0in 0in 0in'>
<p class=MsoNormal>Eddy Nigg, <a href="http://www.startcom.org"
target="_blank">StartCom Ltd.</a><o:p></o:p></p>
</td>
</tr>
<tr>
<td style='padding:0in 0in 0in 0in'>
<p class=MsoNormal>Jabber: <o:p></o:p></p>
</td>
<td style='padding:0in 0in 0in 0in'>
<p class=MsoNormal>startcom@startcom.org<o:p></o:p></p>
</td>
</tr>
<tr>
<td style='padding:0in 0in 0in 0in'>
<p class=MsoNormal>Blog: <o:p></o:p></p>
</td>
<td style='padding:0in 0in 0in 0in'>
<p class=MsoNormal><a href="http://blog.startcom.org" target="_blank">Join
the Revolution!</a><o:p></o:p></p>
</td>
</tr>
<tr>
<td style='padding:0in 0in 0in 0in'>
<p class=MsoNormal>Phone: <o:p></o:p></p>
</td>
<td style='padding:0in 0in 0in 0in'>
<p class=MsoNormal>+1.213.341.0390<o:p></o:p></p>
</td>
</tr>
<tr>
<td colspan=2 style='padding:0in 0in 0in 0in'>
<p class=MsoNormal> <o:p></o:p></p>
</td>
</tr>
</table>
</div>
</div>
<p class=MsoNormal style='margin-bottom:12.0pt'><br>
_______________________________________________<br>
general mailing list<br>
<a href="mailto:general@openid.net">general@openid.net</a><br>
<a href="http://openid.net/mailman/listinfo/general" target="_blank">http://openid.net/mailman/listinfo/general</a><o:p></o:p></p>
</blockquote>
</div>
<p class=MsoNormal><br>
<br clear=all>
<br>
-- <br>
Nat Sakimura (=nat)<br>
<a href="http://www.sakimura.org/en/">http://www.sakimura.org/en/</a><o:p></o:p></p>
</div>
</div>
</body>
</html>