<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML xmlns="http://www.w3.org/TR/REC-html40" xmlns:v =
"urn:schemas-microsoft-com:vml" xmlns:o =
"urn:schemas-microsoft-com:office:office" xmlns:w =
"urn:schemas-microsoft-com:office:word" xmlns:m =
"http://schemas.microsoft.com/office/2004/12/omml"><HEAD>
<META content="text/html; charset=us-ascii" http-equiv=Content-Type>
<META name=GENERATOR content="MSHTML 8.00.6001.18812"><BASE href="x-msg://923/">
<STYLE>@font-face {
font-family: Helvetica;
}
@font-face {
font-family: Helvetica;
}
@font-face {
font-family: Calibri;
}
@font-face {
font-family: Tahoma;
}
@font-face {
font-family: Trebuchet MS;
}
@page Section1 {size: 8.5in 11.0in; margin: 1.0in 1.0in 1.0in 1.0in; }
P.MsoNormal {
MARGIN: 0in 0in 0pt; FONT-FAMILY: "Times New Roman","serif"; FONT-SIZE: 12pt
}
LI.MsoNormal {
MARGIN: 0in 0in 0pt; FONT-FAMILY: "Times New Roman","serif"; FONT-SIZE: 12pt
}
DIV.MsoNormal {
MARGIN: 0in 0in 0pt; FONT-FAMILY: "Times New Roman","serif"; FONT-SIZE: 12pt
}
A:link {
COLOR: blue; TEXT-DECORATION: underline; mso-style-priority: 99
}
SPAN.MsoHyperlink {
COLOR: blue; TEXT-DECORATION: underline; mso-style-priority: 99
}
A:visited {
COLOR: purple; TEXT-DECORATION: underline; mso-style-priority: 99
}
SPAN.MsoHyperlinkFollowed {
COLOR: purple; TEXT-DECORATION: underline; mso-style-priority: 99
}
SPAN.apple-style-span {
mso-style-name: apple-style-span
}
SPAN.apple-converted-space {
mso-style-name: apple-converted-space
}
SPAN.EmailStyle19 {
FONT-FAMILY: "Calibri","sans-serif"; COLOR: #1f497d; mso-style-type: personal-reply
}
.MsoChpDefault {
FONT-SIZE: 10pt; mso-style-type: export-only
}
DIV.Section1 {
page: Section1
}
</STYLE>
<!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]--></HEAD>
<BODY
style="WORD-WRAP: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space"
lang=EN-US link=blue vLink=purple>
<DIV dir=ltr align=left><FONT color=#0000ff size=2 face=Arial>
<P style="MARGIN: 0in 0in 0pt" class=MsoNormal><SPAN
style="FONT-FAMILY: Arial; FONT-SIZE: 10pt"><FONT color=#000000>If anyone is
interested, the American Bar Association has recently formed a Federated
Identity Management Task Force that is starting to look into the legal issues
raised by IdM (</FONT><A
title=http://www.abanet.org/dch/committee.cfm?com=CL320041
href="http://www.abanet.org/dch/committee.cfm?com=CL320041"><FONT
color=#606420>http://www.abanet.org/dch/committee.cfm?com=CL320041</FONT></A><FONT
color=#000000>).<o:p></o:p></FONT></SPAN></P>
<P style="MARGIN: 0in 0in 0pt" class=MsoNormal><SPAN
style="FONT-FAMILY: Arial; FONT-SIZE: 10pt"><o:p><FONT
color=#000000> </FONT></o:p></SPAN></P>
<P style="MARGIN: 0in 0in 0pt" class=MsoNormal><SPAN
style="FONT-FAMILY: Arial; FONT-SIZE: 10pt"><FONT color=#000000>I'm co-chair of
the ABA Federated Identity Management Task Force, along with Jane Winn (Prof at
U. of Washington Law School), and David Whitaker (attorney with Wells Fargo
Bank). We are also working with Liberty Alliance (which is currently
hosting our listserv -- you can sign up at </FONT><A
title=http://lists.projectliberty.org/mailman/listinfo/FIMAC_lists.projectliberty.org
href="http://lists.projectliberty.org/mailman/listinfo/FIMAC_lists.projectliberty.org"><SPAN
style="COLOR: windowtext"><SPAN
title=http://lists.projectliberty.org/mailman/listinfo/FIMAC_lists.projectliberty.org>http://lists.projectliberty.org/mailman/listinfo/FIMAC_lists.projectliberty.org</SPAN></SPAN></A><FONT
color=#000000>).<o:p></o:p></FONT></SPAN></P>
<P style="MARGIN: 0in 0in 0pt" class=MsoNormal><SPAN
style="FONT-FAMILY: Arial; FONT-SIZE: 10pt"><o:p><FONT
color=#000000> </FONT></o:p></SPAN></P>
<P style="MARGIN: 0in 0in 0pt" class=MsoNormal><SPAN
style="FONT-FAMILY: Arial; FONT-SIZE: 10pt"><FONT color=#000000>Also, a paper I
wrote as a starting point for the legal analysis – titled “<STRONG>Federated
Identity Management: Balancing Privacy Rights, Liability Risks, and the Duty to
Authenticate</STRONG>” – is now available at </FONT><SPAN class=entry-content><A
href="http://ssrn.com/abstract=1471599"><FONT
color=#606420>http://ssrn.com/abstract=1471599</FONT></A></SPAN><o:p></o:p></SPAN></P></FONT></DIV>
<DIV> </DIV>
<DIV><FONT size=2 face=Arial><SPAN
class=422352403-21092009>Tom</SPAN></FONT></DIV>
<DIV><FONT size=2 face=Arial><SPAN
class=422352403-21092009></SPAN></FONT> </DIV>
<DIV><FONT size=2 face=Arial><SPAN class=422352403-21092009>
<P align=left><SPAN lang=en-us><FONT size=2 face=Arial>Thomas J.
Smedinghoff<BR>Wildman Harrold<BR>225 W. Wacker Drive<BR>Chicago, Illinois
60606<BR>Phone: +1 312-201-2021<BR>Fax: +1
312-416-4773<BR></FONT></SPAN><A title=blocked::mailto:smedinghoff@wildman.com
href="mailto:smedinghoff@wildman.com"><SPAN lang=en-us
title=blocked::mailto:smedinghoff@wildman.com><U
title=blocked::mailto:smedinghoff@wildman.com><FONT
title=blocked::mailto:smedinghoff@wildman.com color=#0000ff size=2
face=Arial>smedinghoff@wildman.com</FONT></U></SPAN></A><FONT face=Arial><FONT
size=2><SPAN lang=en-us> <BR></SPAN><A
href="http://www.wildman.com/smedinghoff">www.wildman.com/smedinghoff</A>
</FONT></FONT><A title=blocked::http://www.wildman.com/
href="http://www.wildman.com/"><SPAN lang=en-us
title=blocked::http://www.wildman.com/><U
title=blocked::http://www.wildman.com/><FONT
title=blocked::http://www.wildman.com/
color=#0000ff></A></FONT></U></SPAN></P></SPAN></FONT></DIV>
<DIV><FONT size=2 face=Arial></FONT> </DIV>
<DIV><BR></DIV>
<DIV dir=ltr lang=en-us class=OutlookMessageHeader align=left>
<HR tabIndex=-1>
<FONT size=2 face=Tahoma><B>From:</B> openid-general-bounces@lists.openid.net
[mailto:openid-general-bounces@lists.openid.net] <B>On Behalf Of </B>Peter
Williams<BR><B>Sent:</B> Sunday, September 20, 2009 2:03 PM<BR><B>To:</B> John
Bradley<BR><B>Cc:</B> openid General<BR><B>Subject:</B> Re: [OpenID] liability
issues<BR></FONT><BR></DIV>
<DIV></DIV>
<DIV class=Section1>
<P class=MsoNormal><SPAN
style="FONT-FAMILY: 'Calibri','sans-serif'; COLOR: #1f497d; FONT-SIZE: 11pt">For
those less fortunate than Board members, the rest of us may have to make
do with <o:p></o:p></SPAN></P>
<P class=MsoNormal><SPAN
style="FONT-FAMILY: 'Calibri','sans-serif'; COLOR: #1f497d; FONT-SIZE: 11pt"><o:p> </o:p></SPAN></P>
<P class=MsoNormal><SPAN
style="FONT-FAMILY: 'Calibri','sans-serif'; COLOR: #1f497d; FONT-SIZE: 11pt"><A
href="http://www.abanet.org/scitech/ec/isc/dsgfree.html">http://www.abanet.org/scitech/ec/isc/dsgfree.html</A><o:p></o:p></SPAN></P>
<P class=MsoNormal><SPAN
style="FONT-FAMILY: 'Calibri','sans-serif'; COLOR: #1f497d; FONT-SIZE: 11pt"><o:p> </o:p></SPAN></P>
<P class=MsoNormal><SPAN
style="FONT-FAMILY: 'Calibri','sans-serif'; COLOR: #1f497d; FONT-SIZE: 11pt">It’s
really out of date and focuses on users, RPs and CAs relying on certificates,
cert chains, and registered names (vs relying on assertions, XRD sequences, and
claims). But in an 80:20 world of low assurance, it’s probably still great for
the 80% case. It’s not as if the principles of fraud have really changed in 400
years.<o:p></o:p></SPAN></P>
<P class=MsoNormal><SPAN
style="FONT-FAMILY: 'Calibri','sans-serif'; COLOR: #1f497d; FONT-SIZE: 11pt"><o:p> </o:p></SPAN></P>
<P class=MsoNormal><SPAN
style="FONT-FAMILY: 'Calibri','sans-serif'; COLOR: #1f497d; FONT-SIZE: 11pt">The
main purpose of the DSG was to provide a judicial reference : well researched
issues with which to frame the process of forming judgments. In its day, it
assumed the clueless judge : which may no longer be a valid
assumption.<o:p></o:p></SPAN></P>
<P class=MsoNormal><SPAN
style="FONT-FAMILY: 'Calibri','sans-serif'; COLOR: #1f497d; FONT-SIZE: 11pt"><o:p> </o:p></SPAN></P>
<P class=MsoNormal><SPAN
style="FONT-FAMILY: 'Calibri','sans-serif'; COLOR: #1f497d; FONT-SIZE: 11pt">It’s
not a study of liabilities in the area of assertions, self-certifications, or
policy based governance through audit verification by a registry (that’s been
done many times before, over the last 20 years). It’s a study in the art of
controlling liability as a TTP (read IDP). Much of the art went into the design
of the VeriSign CPS, whose liability control systems have changed little in 10
years<o:p></o:p></SPAN></P>
<P class=MsoNormal><SPAN
style="FONT-FAMILY: 'Calibri','sans-serif'; COLOR: #1f497d; FONT-SIZE: 11pt"><o:p> </o:p></SPAN></P>
<P class=MsoNormal><SPAN
style="FONT-FAMILY: 'Calibri','sans-serif'; COLOR: #1f497d; FONT-SIZE: 11pt">About
the only thing that has really changed is the role of the RP which -- in
infocard-land -- is now instrumental in picking cards (since it sets the claim
requirements, including requirements for trust-level assertions from particular
schemes). <o:p></o:p></SPAN></P>
<P class=MsoNormal><SPAN
style="FONT-FAMILY: 'Calibri','sans-serif'; COLOR: #1f497d; FONT-SIZE: 11pt"><o:p> </o:p></SPAN></P>
<DIV>
<DIV
style="BORDER-BOTTOM: medium none; BORDER-LEFT: medium none; PADDING-BOTTOM: 0in; PADDING-LEFT: 0in; PADDING-RIGHT: 0in; BORDER-TOP: #b5c4df 1pt solid; BORDER-RIGHT: medium none; PADDING-TOP: 3pt">
<P class=MsoNormal><B><SPAN
style="FONT-FAMILY: 'Tahoma','sans-serif'; FONT-SIZE: 10pt">From:</SPAN></B><SPAN
style="FONT-FAMILY: 'Tahoma','sans-serif'; FONT-SIZE: 10pt"> John Bradley
[mailto:ve7jtb@ve7jtb.com] <BR><B>Sent:</B> Sunday, September 20, 2009 11:38
AM<BR><B>To:</B> Peter Williams<BR><B>Cc:</B> openid General<BR><B>Subject:</B>
Re: [OpenID] liability issues<o:p></o:p></SPAN></P></DIV></DIV>
<P class=MsoNormal><o:p> </o:p></P>
<P class=MsoNormal>Legal review of the TFP documents and issues is
ongoing.<o:p></o:p></P>
<DIV>
<P class=MsoNormal><o:p> </o:p></P></DIV>
<DIV>
<P class=MsoNormal>I don't know when the board will circulate results
publicly.<o:p></o:p></P></DIV>
<DIV>
<P class=MsoNormal><o:p> </o:p></P></DIV>
<DIV>
<P class=MsoNormal>John B.<o:p></o:p></P></DIV>
<DIV>
<P class=MsoNormal><o:p> </o:p></P>
<DIV>
<DIV>
<P class=MsoNormal>On 2009-09-20, at 2:20 PM, Peter Williams
wrote:<o:p></o:p></P></DIV>
<P class=MsoNormal><BR><BR><o:p></o:p></P>
<DIV>
<DIV>
<DIV>
<P class=MsoNormal><SPAN
style="FONT-FAMILY: 'Trebuchet MS','sans-serif'; COLOR: #555555; FONT-SIZE: 10pt">“The
foundations jointly hired<SPAN class=apple-converted-space> </SPAN><A
href="http://thread-safe.livejournal.com/">John Bradley</A><SPAN
class=apple-converted-space> </SPAN>to develop profiles for the two
technologies. They also hired the same lawyer to look at liability issues.” [<A
href="http://self-issued.info/?p=216">http://self-issued.info/?p=216</A>]</SPAN><SPAN
style="FONT-FAMILY: 'Calibri','sans-serif'; FONT-SIZE: 11pt"><o:p></o:p></SPAN></P></DIV>
<DIV>
<P class=MsoNormal><SPAN
style="FONT-FAMILY: 'Trebuchet MS','sans-serif'; COLOR: #555555; FONT-SIZE: 10pt"> </SPAN><SPAN
style="FONT-FAMILY: 'Calibri','sans-serif'; FONT-SIZE: 11pt"><o:p></o:p></SPAN></P></DIV>
<DIV>
<P class=MsoNormal><SPAN
style="FONT-FAMILY: 'Trebuchet MS','sans-serif'; COLOR: #555555; FONT-SIZE: 10pt">Is
the legal work available for review, or it is all confidential?</SPAN><SPAN
style="FONT-FAMILY: 'Calibri','sans-serif'; FONT-SIZE: 11pt"><o:p></o:p></SPAN></P></DIV></DIV>
<P class=MsoNormal><SPAN
style="FONT-FAMILY: 'Helvetica','sans-serif'; FONT-SIZE: 13.5pt">_______________________________________________<BR>general
mailing list<BR><A
href="mailto:general@lists.openid.net">general@lists.openid.net</A><BR><A
href="http://lists.openid.net/mailman/listinfo/openid-general">http://lists.openid.net/mailman/listinfo/openid-general</A><o:p></o:p></SPAN></P></DIV></DIV>
<P class=MsoNormal><o:p> </o:p></P></DIV></DIV></BODY></HTML>
<pre>DISCLAIMER:
This communication, along with any documents, files or attachments, is intended only for the use of the addressee and may contain legally privileged and confidential information. If you are not the intended recipient, you are hereby notified that any dissemination, distribution or copying of any information contained in or attached to this communication is strictly prohibited. If you have received this message in error, please notify the sender immediately and destroy the original communication and its attachments without reading, printing or saving in any manner. This communication does not form any contractual obligation on behalf of the sender or Wildman, Harrold, Allen & Dixon LLP. Unless expressly stated otherwise, any tax advice in this message is not intended or written to be used, and cannot be used by a taxpayer, for the purpose of avoiding penalties that may be imposed on the taxpayer. Please consult your tax attorney regarding the form of tax advice that may be relied upon to avoid penalties under the Internal Revenue Code.