No subject


Fri Aug 15 16:49:43 PDT 2008 

signature.<br>
<br>
&gt; &quot;A Public Key Cryptography based digital signature method&quot;, =
but
isn't it already<br>
&gt; defined how to sign chunks of XML? &nbsp;Why would the working group b=
e
developing<br>
&gt; a new signature mechanism?<br>
Let me explain on it.<br>
<br>
CX is not XML based. It is tag-value based. I do not think there is any
generalized public key based signature algorithm that enables one to sign
tag-value based on name spaces. What is defined in OAuth comes close, but i=
t
needs generalization as it is specific to OAuth. If there s a generalized s=
uch
method, please point it to me. I understand that AuthN 2.1 would be looking=
 at
doing it. However, it is not there yet so it cannot be cited. Once it gets
citable, I envision that it will be citing it instead of incorporating it i=
nto
the CX spec.<br>
<br>
For other points, it would be appreciated very much if you could explicitly
state the points. Then, I would be replying to them.<br>
<br>
By the way, from the process point, I believe that the specs council needs =
to
be stating one of the reason stated in &quot;4.2 Review&quot;. It needs to =
be
one of<br>
<br>
(a) &nbsp; &nbsp;an incomplete Proposal (i.e., failure to comply with =1B$B=
!x=1B(B4.1);<br>
<br>
(b) &nbsp; &nbsp;a determination that the proposal contravenes the OpenID
community's purpose;<br>
<br>
(c) &nbsp; &nbsp; a determination that the proposed WG does not have suffic=
ient
support to succeed<br>
&nbsp; &nbsp; &nbsp; &nbsp; or to deliver proposed deliverables within
projected completion dates; or<br>
<br>
(d) &nbsp; &nbsp;a &nbsp;determination that the proposal is likely to cause
legal liability for the OIDF or others.<br>
<br>
On what point the current proposal falls into?<br>
<br>
Regards,<br>
<br>
=3Dnat<br>
<br>
<br>
<br>
________________________________<br>
<span lang=3DZH-TW>=1B$B:9=3DP?M=1B(B</span>: David Recordon [<a
href=3D"mailto:recordond at gmail.com">recordond at gmail.com</a>]<br>
<span lang=3DZH-TW>=1B$BAw?.F|;~=1B(B</span>: 2008<span lang=3DZH-TW>=1B$BG=
/=1B(B</span>12<span lang=3DZH-TW>=1B$B7n=1B(B</span>24<span
lang=3DZH-TW>=1B$BF|=1B(B</span> 2:54<br>
<span lang=3DZH-TW>=1B$B08 at h=1B(B</span>: Mike Jones<br>
CC: Sakimura Nat; <a href=3D"mailto:specs-council at openid.net">specs-council=
@openid.net</a><br>
<span lang=3DZH-TW>=1B$B7oL>=1B(B</span>: Re: [OIDFSC] FW: Proposal to crea=
te the TX working
group<br>
<br>
I think that's a reasonable recommendation, though would like to first appr=
oach
Nat to see if the charter can be made to address these concerns and then
resubmitted for review.<br>
<br>
--David<o:p></o:p></p>

</div>

</div>

<div>

<p class=3DMsoNormal style=3D'margin-bottom:12.0pt'>On Mon, Dec 22, 2008 at=
 9:20
PM, Mike Jones &lt;<a href=3D"mailto:Michael.Jones at microsoft.com">Michael.J=
ones at microsoft.com</a>&lt;mailto:<a
href=3D"mailto:Michael.Jones at microsoft.com">Michael.Jones at microsoft.com</a>=
&gt;&gt;
wrote:<br>
<br>
I have to agree with David that this charter is far from minimal or specifi=
c in
many respects. &nbsp;One of my concerns is the same as David's below &#8211=
; when
XMLDSIG and other signature algorithms already exist, it is incumbent upon =
the
proposers to justify the creation of yet another, incompatible signature
algorithm.<br>
<br>
<br>
<br>
It is therefore my recommendation that the specifications council communica=
te
something like this position to the membership to guide their vote about th=
is
working group:<br>
<br>
<br>
<br>
The OpenID Specifications Council recommends that members reject this propo=
sal
to create a working group because the charter is excessively broad, it seem=
s to
propose the creation of new mechanisms that unnecessarily create new ways t=
o do
accomplish existing tasks, such as digital signatures, and it the proposal =
is
not sufficiently clear on whether it builds upon existing mechanisms such a=
s AX
1.0 in a compatible manner, or whether it requires breaking changes to thes=
e
underlying protocols.<br>
<br>
<br>
<br>
We, as a specs council, have an obligation to promptly produce a recommenda=
tion
prior to the membership vote. &nbsp;My stab at our recommendation is above.
&nbsp;Wordsmithing welcome. &nbsp;If you disagree, please supply alternate
wording that you think we should use instead.<br>
<br>
<br>
<br>
&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp=
;
&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp=
;
&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;-- Mik=
e<br>
<br>
<br>
<br>
<br>
<o:p></o:p></p>

</div>

<p class=3DMsoNormal>From: David Recordon [mailto:<a
href=3D"mailto:recordond at gmail.com">recordond at gmail.com</a>&lt;mailto:<a
href=3D"mailto:recordond at gmail.com">recordond at gmail.com</a>&gt;]<o:p></o:p>=
</p>

<div>

<p class=3DMsoNormal><br>
Sent: Monday, December 22, 2008 10:20 AM<br>
To: Nat Sakimura<o:p></o:p></p>

</div>

<p class=3DMsoNormal>Cc: Mike Jones; <a href=3D"mailto:specs-council at openid=
.net">specs-council at openid.net</a>&lt;mailto:<a
href=3D"mailto:specs-council at openid.net">specs-council at openid.net</a>&gt;<o=
:p></o:p></p>

<div>

<p class=3DMsoNormal style=3D'margin-bottom:12.0pt'>Subject: Re: [OIDFSC] F=
W:
Proposal to create the TX working group<br>
<br>
<br>
<br>
To update Nat's note, the proposal is actually at <a
href=3D"http://wiki.openid.net/Working_Groups%3AContract_Exchange_1"
target=3D"_blank">http://wiki.openid.net/Working_Groups%3AContract_Exchange=
_1</a>
(the wiki doesn't like periods in URLs).<br>
<br>
While the number of specifications listed has been reduced, it still feels
nebulous in terms of what will be produced as laid out by the purpose and
scope. &nbsp;For example, the scope says that the working group will develo=
p
&quot;A Public Key Cryptography based digital signature method&quot;, but i=
sn't
it already defined how to sign chunks of XML? &nbsp;Why would the working g=
roup
be developing a new signature mechanism?<br>
<br>
--David<o:p></o:p></p>

</div>

<div>

<p class=3DMsoNormal style=3D'margin-bottom:12.0pt'>On Thu, Dec 18, 2008 at=
 9:09
PM, Nat Sakimura &lt;<a href=3D"mailto:n-sakimura at nri.co.jp">n-sakimura at nri=
.co.jp</a>&lt;mailto:<a
href=3D"mailto:n-sakimura at nri.co.jp">n-sakimura at nri.co.jp</a>&gt;&gt; wrote=
:<br>
<br>
The most current version is here: <a
href=3D"http://wiki.openid.net/Working_Groups:Contract_Exchange_1.0"
target=3D"_blank">http://wiki.openid.net/Working_Groups:Contract_Exchange_1=
.0</a><br>
<br>
Since AX 2.0 WG is spinning up, I have removed it from the possible output =
of
this WG.<br>
<br>
=3Dnat<br>
<br>
Mike Jones wrote:<br>
<br>
Forwarding this note to the list to kick off the actual specs council work =
on
this spec=1B$B!D=1B(B<br>
<br>
<br>
[Deleted the rest of the thread to bring the message below the current 40K =
list
size limit]<br>
<br>
<br>
<o:p></o:p></p>

</div>

<p class=3DMsoNormal>_______________________________________________<br>
general mailing list<br>
<a href=3D"mailto:general at openid.net">general at openid.net</a><br>
<a href=3D"http://openid.net/mailman/listinfo/general" target=3D"_blank">ht=
tp://openid.net/mailman/listinfo/general</a><o:p></o:p></p>

</div>

<p class=3DMsoNormal><br>
<br clear=3Dall>
<br>
-- <br>
Nat Sakimura (=3Dnat)<br>
<a href=3D"http://www.sakimura.org/en/">http://www.sakimura.org/en/</a><o:p=
></o:p></p>

</div>

</body>

</html>

--_000_C11F8A453DFFBE49A9F0D75873F554462A784D7721NAEXMSGC118re_--

More information about the specs-council mailing list