<html>
<head>
<meta http-equiv="Content-Type" content="text/html;
charset=windows-1252">
</head>
<body text="#000000" bgcolor="#FFFFFF">
<p>Thank you Mike for sharing this, especially your insight about
federation. Very useful.</p>
<p>Vladimir<br>
</p>
<br>
<div class="moz-cite-prefix">On 13/07/18 20:21, Mike Schwartz via
Openid-specs-ab wrote:<br>
</div>
<blockquote type="cite"
cite="mid:7a8a706722a67ac3c1856f4eaa3995d7@gluu.org">Nat,
<br>
<br>
I looked at this quite extensively a while back. There are a few
SaaS providers that are issuing Open Badges, like Cred.ly,
Badgr.io. Salesforce is actually the largest issuer of badges:
<a class="moz-txt-link-freetext" href="https://trailhead.salesforce.com/">https://trailhead.salesforce.com/</a>
<br>
<br>
The JSON-LD signature stuff is draft, and it doesn't seem like
it's going to ever go final. Manu Sporny would be a good one to
ask about that.
<br>
<br>
Perhaps an alternative to signing the JSON-LD object is to write
it to a blockchain, and reference it via DID. Also, this community
has some experience signing JSON objects...
<br>
<br>
I don't think we need signing to make badges useful. The badge is
a type of JSON assertion. It includes:
<br>
<br>
1. subject (recipient)
<br>
2. issuer
<br>
3. badge info (what type of badge, how do you get it, etc.)
<br>
<br>
Some interesting questions arise about this kind of assertion:
like how do you know the presenter of the badge is the same person
as the recipient? Who defines badges? How do organizations issue
them? How is badge interoperability achieved?
<br>
<br>
The spec is pretty weak on identity--the recipient is identified
by an email address in the assertion. Could the recipient field be
an id_token instead? Or perhaps a signed Userinfo JWT? Or a DID?
<br>
<br>
I'm very interested in OpenBadges as a kind of "pushed claim
token" as defined by UMA. An UMA client can push an identity
assertion like an id_token or SAML assertion while obtaining a
token at the UMA token endpoint (i.e. RPT endpoint). But pushing
an Open Badge (or a DID reference to a badge) also could provide
useful information to determine if a client should be given access
to an UMA protected API. For example, if you're trying to call a
law enforcement API, maybe you need to provide a badge that you're
a police officer.
<br>
<br>
Gluu implemented an Open Badge API server as part of a pilot for
DHS, called ERASMUS. Attached is a screenshot from that project.
Badges need to be defined, and a workflow for issuance also needs
to be defined. In the ERASMUS pilot, we proposed that an
organization which is a member of a federation define badges, and
that the badge publishing infrastructure is hosted by the
federation. Unfortunately, funding for this pilot was cancelled
(it was deemed not innovative enough), and no further progress has
been made. The github for the ERASMUS project is here:
<br>
<a class="moz-txt-link-freetext" href="https://github.com/GluuFederation/erasmus">https://github.com/GluuFederation/erasmus</a>
<br>
<br>
Net-net, I think this is a really interesting topic. I was a
speaker at the Badge Summit in 2017
(<a class="moz-txt-link-freetext" href="https://badgesummit.weebly.com/">https://badgesummit.weebly.com/</a>), and my appraisal of the
community is that they are quite unaware of trends in federated
identity. In my talk, I made the case that badges with a stronger
identity backing could increase the number of organizations that
*consume* badges. One of the issues facing their industry is that
there are more issuers of badges then consumers. Perhaps that's
because specifying the recipient only by email inhibits the
usefulness.
<br>
<br>
- Mike
<br>
<br>
<br>
------------------------
<br>
Michael Schwartz
<br>
Gluu
<br>
Founder / CEO
<br>
<a class="moz-txt-link-abbreviated" href="mailto:mike@gluu.org">mike@gluu.org</a>
<br>
<a class="moz-txt-link-freetext" href="https://www.linkedin.com/in/nynymike/">https://www.linkedin.com/in/nynymike/</a>
<br>
<br>
On 2018-07-12 07:00, <a class="moz-txt-link-abbreviated" href="mailto:openid-specs-ab-request@lists.openid.net">openid-specs-ab-request@lists.openid.net</a>
wrote:
<br>
<blockquote type="cite">Send Openid-specs-ab mailing list
submissions to
<br>
<a class="moz-txt-link-abbreviated" href="mailto:openid-specs-ab@lists.openid.net">openid-specs-ab@lists.openid.net</a>
<br>
<br>
To subscribe or unsubscribe via the World Wide Web, visit
<br>
<a class="moz-txt-link-freetext" href="http://lists.openid.net/mailman/listinfo/openid-specs-ab">http://lists.openid.net/mailman/listinfo/openid-specs-ab</a>
<br>
or, via email, send a message with subject or body 'help' to
<br>
<a class="moz-txt-link-abbreviated" href="mailto:openid-specs-ab-request@lists.openid.net">openid-specs-ab-request@lists.openid.net</a>
<br>
<br>
You can reach the person managing the list at
<br>
<a class="moz-txt-link-abbreviated" href="mailto:openid-specs-ab-owner@lists.openid.net">openid-specs-ab-owner@lists.openid.net</a>
<br>
<br>
When replying, please edit your Subject line so it is more
specific
<br>
than "Re: Contents of Openid-specs-ab digest..."
<br>
<br>
<br>
Today's Topics:
<br>
<br>
1. Re: ITP2 response draft (Filip Skokan)
<br>
2. Open Badges / JSON-LD Signatures (n-sakimura)
<br>
<br>
<br>
----------------------------------------------------------------------
<br>
<br>
Message: 1
<br>
Date: Wed, 11 Jul 2018 21:45:36 +0200
<br>
From: Filip Skokan <a class="moz-txt-link-rfc2396E" href="mailto:panva.ip@gmail.com"><panva.ip@gmail.com></a>
<br>
To: <a class="moz-txt-link-abbreviated" href="mailto:vittorio.bertocci@auth0.com">vittorio.bertocci@auth0.com</a>
<br>
Cc: <a class="moz-txt-link-rfc2396E" href="mailto:openid-specs-ab@lists.openid.netAb">"openid-specs-ab@lists.openid.net Ab"</a>
<br>
<a class="moz-txt-link-rfc2396E" href="mailto:openid-specs-ab@lists.openid.net"><openid-specs-ab@lists.openid.net></a>
<br>
Subject: Re: [Openid-specs-ab] ITP2 response draft
<br>
Message-ID:
<br>
<a class="moz-txt-link-rfc2396E" href="mailto:CALAqi__ewZ+AG7mBH9L7O0kiiLv4-Nbt1D4uhU+J2w8ks5Cdig@mail.gmail.com"><CALAqi__ewZ+AG7mBH9L7O0kiiLv4-Nbt1D4uhU+J2w8ks5Cdig@mail.gmail.com></a>
<br>
Content-Type: text/plain; charset="utf-8"
<br>
<br>
Dear all,
<br>
<br>
We've had some good feedback so far, thank you so much. Since
there wasn't
<br>
much more coming the past few days I'm going to go ahead and
finalize the
<br>
response's language based on the feedback that we got so far
tomorrow.
<br>
<br>
If you didn't manage to review yet, I kindly ask that you do so
really soon.
<br>
<br>
Lastly, if your company or you as individuals wishes to be added
as signees
<br>
please let me know (email me, email the group or add yourself in
the draft,
<br>
either way works), the more the merrier.
<br>
<br>
Kind Regards,
<br>
*Filip Skokan*
<br>
<br>
<br>
On Tue, Jul 3, 2018 at 11:14 PM Vittorio Bertocci <
<br>
<a class="moz-txt-link-abbreviated" href="mailto:vittorio.bertocci@auth0.com">vittorio.bertocci@auth0.com</a>> wrote:
<br>
<br>
<blockquote type="cite">Dear all,
<br>
<br>
thanks for participating in the ITP2 impact discussion last
week at
<br>
Identiverse. It was great to see so many different vendors
come together
<br>
to brainstorm how to handle the situation as an industry.
<br>
<br>
As agreed, I took the action to write down a summary of the
possible
<br>
approaches we discussed - you can find a fully editable draft
at
<br>
<br>
<a class="moz-txt-link-freetext" href="https://docs.google.com/document/d/16Tg7k03RYHXiyBMAFAu0NK91ZvvjvmzbqWi5FFvK388/edit?usp=sharing">https://docs.google.com/document/d/16Tg7k03RYHXiyBMAFAu0NK91ZvvjvmzbqWi5FFvK388/edit?usp=sharing</a>
<br>
.
<br>
<br>
Please take a look at the draft, and comment & edit as you
see fit. Once
<br>
we converge to a text that works for everyone, we can discuss
how we
<br>
want to engage Apple.
<br>
<br>
I am about to get some time off: my colleague Filip Skokan,
whom many of
<br>
you already know for his work on OIDC compliance testing,
helped with
<br>
the document draft and will be the Auth0 representative in the
discussion.
<br>
<br>
Thanks!
<br>
<br>
Cheers,
<br>
<br>
V.
<br>
<br>
<br>
<br>
</blockquote>
-------------- next part --------------
<br>
An HTML attachment was scrubbed...
<br>
URL:
<br>
<a class="moz-txt-link-rfc2396E" href="http://lists.openid.net/pipermail/openid-specs-ab/attachments/20180711/04e4a142/attachment-0001.html"><http://lists.openid.net/pipermail/openid-specs-ab/attachments/20180711/04e4a142/attachment-0001.html></a>
<br>
<br>
------------------------------
<br>
<br>
Message: 2
<br>
Date: Thu, 12 Jul 2018 03:57:28 +0000
<br>
From: n-sakimura <a class="moz-txt-link-rfc2396E" href="mailto:n-sakimura@nri.co.jp"><n-sakimura@nri.co.jp></a>
<br>
To: <a class="moz-txt-link-rfc2396E" href="mailto:openid-specs-ab@lists.openid.net">"openid-specs-ab@lists.openid.net"</a>
<br>
<a class="moz-txt-link-rfc2396E" href="mailto:openid-specs-ab@lists.openid.net"><openid-specs-ab@lists.openid.net></a>
<br>
Subject: [Openid-specs-ab] Open Badges / JSON-LD Signatures
<br>
Message-ID:
<br>
<a class="moz-txt-link-rfc2396E" href="mailto:TY2PR01MB2297463B91AE2D9AB9070500F9590@TY2PR01MB2297.jpnprd01.prod.outlook.com"><TY2PR01MB2297463B91AE2D9AB9070500F9590@TY2PR01MB2297.jpnprd01.prod.outlook.com></a>
<br>
<br>
Content-Type: text/plain; charset="iso-2022-jp"
<br>
<br>
Hi
<br>
<br>
Just came across to Open Badges, backed by Mozilla?
<br>
<br>
<br>
* <a class="moz-txt-link-freetext" href="https://openbadges.org/">https://openbadges.org/</a>
<br>
*
<a class="moz-txt-link-freetext" href="https://www.imsglobal.org/sites/default/files/Badges/OBv2p0/index.html">https://www.imsglobal.org/sites/default/files/Badges/OBv2p0/index.html</a>
<br>
<br>
It seems to be adopted by over 3000 organization.
<br>
<br>
It seems to use JSON-LD Signatures, which does some
canonicalization.
<br>
<br>
Anybody with some knowledge / experience / issues around it?
<br>
<br>
Nat Sakimura
<<a class="moz-txt-link-abbreviated" href="mailto:n-sakimura@nri.co.jp">n-sakimura@nri.co.jp</a><a class="moz-txt-link-rfc2396E" href="mailto:n-sakimura@nri.co.jp"><mailto:n-sakimura@nri.co.jp></a>>
<br>
<br>
PLEASE READ :This e-mail is confidential and intended for the
named
<br>
recipient only. If you are not an intended recipient, please
notify
<br>
the sender and delete this e-mail.
<br>
<br>
-------------- next part --------------
<br>
An HTML attachment was scrubbed...
<br>
URL:
<br>
<a class="moz-txt-link-rfc2396E" href="http://lists.openid.net/pipermail/openid-specs-ab/attachments/20180712/fe2583c0/attachment-0001.html"><http://lists.openid.net/pipermail/openid-specs-ab/attachments/20180712/fe2583c0/attachment-0001.html></a>
<br>
<br>
------------------------------
<br>
<br>
Subject: Digest Footer
<br>
<br>
_______________________________________________
<br>
Openid-specs-ab mailing list
<br>
<a class="moz-txt-link-abbreviated" href="mailto:Openid-specs-ab@lists.openid.net">Openid-specs-ab@lists.openid.net</a>
<br>
<a class="moz-txt-link-freetext" href="http://lists.openid.net/mailman/listinfo/openid-specs-ab">http://lists.openid.net/mailman/listinfo/openid-specs-ab</a>
<br>
<br>
<br>
------------------------------
<br>
<br>
End of Openid-specs-ab Digest, Vol 389, Issue 3
<br>
***********************************************<br>
</blockquote>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
Openid-specs-ab mailing list
<a class="moz-txt-link-abbreviated" href="mailto:Openid-specs-ab@lists.openid.net">Openid-specs-ab@lists.openid.net</a>
<a class="moz-txt-link-freetext" href="http://lists.openid.net/mailman/listinfo/openid-specs-ab">http://lists.openid.net/mailman/listinfo/openid-specs-ab</a>
</pre>
</blockquote>
<br>
<pre class="moz-signature" cols="72">--
Vladimir Dzhuvinov :: <a class="moz-txt-link-abbreviated" href="mailto:vladimir@connect2id.com">vladimir@connect2id.com</a></pre>
</body>
</html>