Hi Nat,<br>I read Josh's email as agreeing with Mike's statement of:<br><blockquote style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;" class="gmail_quote">The OpenID Specifications Council recommends that members reject this proposal to create a working group because the charter is excessively broad, it seems to propose the creation of new mechanisms that unnecessarily create new ways to do accomplish existing tasks, such as digital signatures, and it the proposal is not sufficiently clear on whether it builds upon existing mechanisms such as AX 1.0 in a compatible manner, or whether it requires breaking changes to these underlying protocols.</blockquote>
<div><br>While you have clarified that you don't intend to create a new XML signature mechanism, OAuth describes a mechanism to use public keys to sign these sorts of parameters. Signatures aside, as Mike said other aspects of the charter seem quite broad and it is unclear how it will build upon AX 1.0 and other underlying existing OpenID technologies.<br>
<br>Given the draft charter at <a href="http://wiki.openid.net/Working_Groups%3AContract_Exchange_1">http://wiki.openid.net/Working_Groups%3AContract_Exchange_1</a>:<br>1) The purpose of producing a series of extensions seems too broad. OpenID was born on the idea of doing one simple thing and we've seen success with OpenID and related technologies when they are made up of small pieces loosely joined. OpenID Authentication 2.0 broke this rule in some areas and we're now seeing the repercussions of doing so.<br>
<br>2) In what jurisdictions are these contracts legally binding? Is "arbitrary parties to create and exchange a mutually-digitally-signed legally binding 'contract'" a justifiable statement or should it be toned down? It should also be kept in mind that since OpenID's creation it has been very clear that OpenID does not provide trust, but rather trust can be built on top of identity. I'm not saying that OpenID should never deal with trust, just trying to understand if this Working Group intends to change how OpenID currently does not create this form of trust.<br>
<br>3) The purpose says that the Working Group intends to possibly extend AX and create a series of specifications. It does not seem prudent to give a Working Group the ability to arbitrarily extend an existing extension or create an unlimited number of specifications.<br>
<br>4) The Scope section is still not clear as to what the Working Group will actually be producing. I would prefer to see the section rewritten, maybe mimicking the structure currently being considered for the specification.<br>
<br>As to if you wish to force this proposal forward, I do not believe that it currently has sufficient support within the OpenID community to succeed and that its broad scope contravenes the community's purpose. This is why I'm really hoping that the proposal can be refined to something which will be successful that a broad community can get behind!<br>
<br>--David<br></div><br><div class="gmail_quote">On Tue, Dec 30, 2008 at 9:03 PM, Nat Sakimura <span dir="ltr"><<a href="mailto:sakimura@gmail.com">sakimura@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
<div>Hi Josh, </div><div><br></div><div>To which statement did you agree?</div><div><br></div><div>There has been a several things that has been pointed out, but I think I have answered to them. </div><div><br></div><div>
For example, for XML Sig, I have stated that this spec is not for XML, etc. </div>
<div>For modularization, yes, that is a possibility but a scope needs to be able to cover a field that it requires, even if it ends up not covering that field. </div><div>It is impossible to widen the scope though narrowing it down at a later date is easy. </div>
<div><br></div><div>Unfortunately, I have not heard back any concrete response for amendments. It would be more constructive to have those. </div><div><br></div><div>Also, if you are giving advise to the membership an recommendation for not approving it, you need to state the reasons concretely. </div>
<div class="Ih2E3d">
<div><br></div><div>It needs to be one of </div><div><br></div></div><div><span style="border-collapse: collapse; color: rgb(80, 0, 80);"><div class="Ih2E3d"><div dir="ltr"><font face="Arial" size="2">(a) an incomplete Proposal (i.e., failure to comply with §4.1);<br>
(b) a determination that the proposal contravenes the OpenID community's purpose;<br>(c) a determination that the proposed WG does not have sufficient support to succeed</font></div><div dir="ltr"><font face="Arial" size="2"><font face="arial"> </font>or to deliver proposed deliverables within projected completion dates; or<br>
(d) a determination that the proposal is likely to cause legal liability for the OIDF or others. <br></font></div><div><br></div></div><div>and should state why the proposal falls into one of the criteria concretely and accountably. </div>
<div><br></div><div>Regards, </div><div><br></div><font color="#888888"><div>=nat</div></font></span></div><div><div></div><div class="Wj3C7c"><span style="border-collapse: collapse;"><div style="color: rgb(80, 0, 80);">
<div dir="ltr"><br></div>
</div></span><div class="gmail_quote">On Wed, Dec 31, 2008 at 7:58 AM, Josh Hoyt <span dir="ltr"><<a href="mailto:josh@janrain.com" target="_blank">josh@janrain.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
On Tue, Dec 30, 2008 at 12:17 PM, Mike Jones<br>
<div><<a href="mailto:Michael.Jones@microsoft.com" target="_blank">Michael.Jones@microsoft.com</a>> wrote:<br>
</div><div>> I realize it was Christmas week but it's been a week and we've heard nothing<br>
> from any of the other specs council members on this proposal (or the other<br>
> one as well).<br>
<br>
</div>I agree with the statement that you made about this proposal.<br>
<font color="#888888"><br>
Josh<br>
</font></blockquote></div><br><br clear="all"><br></div></div><div><div></div><div class="Wj3C7c">-- <br>Nat Sakimura (=nat)<br><a href="http://www.sakimura.org/en/" target="_blank">http://www.sakimura.org/en/</a><br>
</div></div></blockquote></div><br>