
<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:x="urn:schemas-microsoft-com:office:excel" xmlns:p="urn:schemas-microsoft-com:office:powerpoint" xmlns:a="urn:schemas-microsoft-com:office:access" xmlns:dt="uuid:C2F41010-65B3-11d1-A29F-00AA00C14882" xmlns:s="uuid:BDC6E3F0-6DA3-11d1-A2A3-00AA00C14882" xmlns:rs="urn:schemas-microsoft-com:rowset" xmlns:z="#RowsetSchema" xmlns:b="urn:schemas-microsoft-com:office:publisher" xmlns:ss="urn:schemas-microsoft-com:office:spreadsheet" xmlns:c="urn:schemas-microsoft-com:office:component:spreadsheet" xmlns:odc="urn:schemas-microsoft-com:office:odc" xmlns:oa="urn:schemas-microsoft-com:office:activation" xmlns:html="http://www.w3.org/TR/REC-html40" xmlns:q="http://schemas.xmlsoap.org/soap/envelope/" xmlns:D="DAV:" xmlns:x2="http://schemas.microsoft.com/office/excel/2003/xml" xmlns:ois="http://schemas.microsoft.com/sharepoint/soap/ois/" xmlns:dir="http://schemas.microsoft.com/sharepoint/soap/directory/" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:dsp="http://schemas.microsoft.com/sharepoint/dsp" xmlns:udc="http://schemas.microsoft.com/data/udc" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:sub="http://schemas.microsoft.com/sharepoint/soap/2002/1/alerts/" xmlns:ec="http://www.w3.org/2001/04/xmlenc#" xmlns:sp="http://schemas.microsoft.com/sharepoint/" xmlns:sps="http://schemas.microsoft.com/sharepoint/soap/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:udcs="http://schemas.microsoft.com/data/udc/soap" xmlns:udcxf="http://schemas.microsoft.com/data/udc/xmlfile" xmlns:udcp2p="http://schemas.microsoft.com/data/udc/parttopart" xmlns:wf="http://schemas.microsoft.com/sharepoint/soap/workflow/" xmlns:dsss="http://schemas.microsoft.com/office/2006/digsig-setup" xmlns:dssi="http://schemas.microsoft.com/office/2006/digsig" xmlns:mdssi="http://schemas.openxmlformats.org/package/2006/digital-signature" xmlns:mver="http://schemas.openxmlformats.org/markup-compatibility/2006" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns:mrels="http://schemas.openxmlformats.org/package/2006/relationships" xmlns:spwp="http://microsoft.com/sharepoint/webpartpages" xmlns:ex12t="http://schemas.microsoft.com/exchange/services/2006/types" xmlns:ex12m="http://schemas.microsoft.com/exchange/services/2006/messages" xmlns:pptsl="http://schemas.microsoft.com/sharepoint/soap/SlideLibrary/" xmlns:spsl="http://microsoft.com/webservices/SharePointPortalServer/PublishedLinksService" xmlns:Z="urn:schemas-microsoft-com:" xmlns:st="&#1;" xmlns="http://www.w3.org/TR/REC-html40">


<head>

<meta http-equiv=Content-Type content="text/html; charset=us-ascii">

<meta name=Generator content="Microsoft Word 12 (filtered medium)">

<style>

<!--

 /* Font Definitions */

 @font-face

        {font-family:PMingLiU;

        panose-1:2 2 5 0 0 0 0 0 0 0;}

@font-face

        {font-family:"Cambria Math";

        panose-1:2 4 5 3 5 4 6 3 2 4;}

@font-face

        {font-family:Calibri;

        panose-1:2 15 5 2 2 2 4 3 2 4;}

@font-face

        {font-family:Tahoma;

        panose-1:2 11 6 4 3 5 4 4 2 4;}

@font-face

        {font-family:"\@PMingLiU";

        panose-1:2 2 5 0 0 0 0 0 0 0;}

 /* Style Definitions */

 p.MsoNormal, li.MsoNormal, div.MsoNormal

        {margin:0in;

        margin-bottom:.0001pt;

        font-size:12.0pt;

        font-family:"PMingLiU","serif";}

a:link, span.MsoHyperlink

        {mso-style-priority:99;

        color:blue;

        text-decoration:underline;}

a:visited, span.MsoHyperlinkFollowed

        {mso-style-priority:99;

        color:purple;

        text-decoration:underline;}

span.EmailStyle17

        {mso-style-type:personal-reply;

        font-family:"Calibri","sans-serif";

        color:#1F497D;}

.MsoChpDefault

        {mso-style-type:export-only;}

@page Section1

        {size:8.5in 11.0in;

        margin:1.0in 1.0in 1.0in 1.0in;}

div.Section1

        {page:Section1;}

-->

</style>

<!--[if gte mso 9]><xml>

 <o:shapedefaults v:ext="edit" spidmax="1026" />

</xml><![endif]--><!--[if gte mso 9]><xml>

 <o:shapelayout v:ext="edit">

  <o:idmap v:ext="edit" data="1" />

 </o:shapelayout></xml><![endif]-->

</head>


<body lang=EN-US link=blue vlink=purple>


<div class=Section1>


<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";

color:#1F497D'>If there is any proposal that will ever evoke (d), surely it&#8217;s

the topic you are touching. If it is the same one as a draft I read a while ago,

its proposing the infrastructure normalize the means of giving signed notice of

(freeform) legal terms attached to the assertion sent to an SP. <o:p></o:p></span></p>


<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";

color:#1F497D'><o:p>&nbsp;</o:p></span></p>


<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";

color:#1F497D'>If that assumption about legal notices is true, &nbsp;this is

the same as a core innovation VeriSign added&nbsp; to RSA secure server certificates

early on : (a) delivery of a copyright notice in the certificate OU field, in

order to give notice of data ownership and establish associated legal controls

over repurposers, (b) include a url to incorporate by reference a legal agreement

&nbsp;to which any the relying party(s) and/or user(s)are deemed to be bound,

upon making any user of the certificate. If in OpenID Auth v2 you now sign with

a public key signing operation the assertion&#8217;s (h)mac, and the mac covers

the text of the legal terms present in a new extension, you have essentially

reinvented the OP as an entity performing on-demand certificate issuing (if the

AX response extension contains the user&#8217;s public key(s)).<o:p></o:p></span></p>


<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";

color:#1F497D'><o:p>&nbsp;</o:p></span></p>


<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";

color:#1F497D'>I&#8217;d have sympathy with the founders of openid objecting to

that proposal, if cast in the terms above. I _<i>can</i>_ see them applying their

collective veto on the grounds that such a capability is not consistent with

the &#8220;purpose&#8221; of openid. Treated separately, though, each element of

your elements is a very useful (reusable) function. <o:p></o:p></span></p>


<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";

color:#1F497D'><o:p>&nbsp;</o:p></span></p>


<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";

color:#1F497D'>I suspect folks are going to have to extend their definition of the

&#8220;purpose&#8221; of openid to accommodate your proposal, even if presented

as a series of individual elements. Ill guess that this will mean persuading a

majority of the spec council that the type of OP/SP they are now dealing with

needs the kinds of instruments you are proposing. <o:p></o:p></span></p>


<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";

color:#1F497D'><o:p>&nbsp;</o:p></span></p>


<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";

color:#1F497D'>This feels like another &#8220;NSF/NASA gives operational control

to MCI&#8221; moment (*). The spec council members might do well to consult our

very own Foundation EO &nbsp;for counsel on how to navigate a shift &nbsp;of

this magnitude.<o:p></o:p></span></p>


<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";

color:#1F497D'><o:p>&nbsp;</o:p></span></p>


<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";

color:#1F497D'>(*) the transition that gave birth of the _commercial_ internet.<o:p></o:p></span></p>


<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";

color:#1F497D'><o:p>&nbsp;</o:p></span></p>


<div style='border:none;border-left:solid blue 1.5pt;padding:0in 0in 0in 4.0pt'>


<div>


<div style='border:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt 0in 0in 0in'>


<p class=MsoNormal><b><span style='font-size:10.0pt;font-family:"Tahoma","sans-serif"'>From:</span></b><span

style='font-size:10.0pt;font-family:"Tahoma","sans-serif"'> Nat Sakimura

[mailto:sakimura@gmail.com] <br>

<b>Sent:</b> Tuesday, December 23, 2008 7:43 PM<br>

<b>To:</b> Peter Williams<br>

<b>Cc:</b> Sakimura Nat; general@openid.net<br>

<b>Subject:</b> Re: [OpenID] [OIDFSC] FW: Proposal to create the TX working

group<o:p></o:p></span></p>


</div>


</div>


<p class=MsoNormal><o:p>&nbsp;</o:p></p>


<p class=MsoNormal style='mso-margin-top-alt:0in;margin-right:0in;margin-bottom:

12.0pt;margin-left:5.25pt'>Well, yeah, but I think specs-committee is not

talking about (d). <br>

<br>

I also considered splitting it into dsig and cx, but current spec process is a

kind of heavy lifting, so I was hoping that I could do it in one shot. Also,

one of the beauty of OpenID specs were not being modularized so much, so that

you do not have to go through so many specs. From the point of veiw of the

modularity, I would split the authentication spec as well into (1) Discovery

(of both canonical ID e.g., URI with fragment and services), (2) Assertion

Format (3) Signature methods (4) Protocols. [I actually prefer this way, but

I've got a feeling that this community wants a monolithic spec.]<br>

<br>

<br>

<o:p></o:p></p>


<p class=MsoNormal><o:p>&nbsp;</o:p></p>


</div>


</div>


</body>


</html>