Can I vote neutral? While I'm very much +1 on the previously discussed OpenID/OAuth hybrid proposal, this one's more "meh" to me. I'm not against it, though. Its charter page doesn't even explain use cases or what a "contact" is (though I was amused to see it put in quotes and then later never explained.)<div>
<br></div><div><div><div><div class="gmail_quote">On Wed, Jan 28, 2009 at 11:09 AM, David Recordon <span dir="ltr"><<a href="mailto:recordond@gmail.com">recordond@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex;">
Since we've had so many different threads on this proposal, I'd like<br>
to have one final thread where there is a clear vote held on the<br>
latest revision of the proposal. The proposal can be found at<br>
<a href="http://wiki.openid.net/Working_Groups%3AContract_Exchange_1" target="_blank">http://wiki.openid.net/Working_Groups%3AContract_Exchange_1</a> and in the<br>
email below. If you're a member of the Specs Council, please respond<br>
ASAP.<br>
<br>
Thanks,<br>
--David<br>
<br>
(i) WG name<br>
Contract Exchange Extension Working Group<br>
<br>
(ii) Purpose<br>
The purpose of this WG is to produce a standard OpenID extension to<br>
the OpenID Authentication protocol that enables arbitrary parties to<br>
create and exchange a mutually-digitally-signed "contract". This<br>
contract can be both broadband and mobile friendly through appropriate<br>
bindings that will be defined for each use case.<br>
<br>
(iii) Scope<br>
Development of a specification that allows parties to exchange a<br>
mutually-digitally-signed contract leveraging on OpenID Authentication<br>
2.0 and OpenID Attribute Exchange 2.0 via the appropriate bindings<br>
defined in the specification.<br>
<br>
Out of scope<br>
<br>
* UI and user experience: The Working Group will develop the wire<br>
protocol and and any related processing mechanisms required to support<br>
it but user interface and experience is out of scope.<br>
* Public Key Discovery method: This functionality will be either<br>
defined in the XRD 1.0 specification currently in progress at the<br>
OASIS XRI TC or a mechanism that works with OpenID Authentication<br>
2.0/2.1 discovery will be defined independently.<br>
* Terms negotiation: Actual negotiation of the terms of a contract<br>
should be dealt with out-of-band or by other specifications.<br>
* Assurance: These will be handled by third-party assurance<br>
programs or other identity governance frameworks.<br>
* Trust hierarchies. It is the intent that this specification be<br>
usable by any trust community, whether it uses conventional PKI<br>
hierarchies, peer-to-peer trust mechanisms, reputation systems, or<br>
other forms of trust assurance. The specification of any particular<br>
trust root, trust hierarchy, or trust policy is explicitly out of<br>
scope.<br>
<br>
(iv) Proposed List of Specifications<br>
* Contract Exchange 1.0 - Expected completion of the first<br>
iteration is in Q1 2009.<br>
<br>
(v) Anticipated audience or users of the work<br>
Implementers of OpenID Providers and Relying Parties, especially those<br>
who require security and accountability features to exchange sensitive<br>
customer information (e.g. personally identifiable information and<br>
credit card numbers) responsibly among trusted parties.<br>
<br>
(vi) Language in which the WG will conduct business<br>
English.<br>
<br>
(vii) Method of work<br>
E-mail discussions on the working group mailing list, working group<br>
conference calls, and possibly face-to-face meetings at conferences.<br>
<br>
(viii) Basis for determining when the work of the WG is completed<br>
Drafts will be evaluated on the basis of whether they increase or<br>
decrease consensus within the working group. The work will be<br>
completed once it is apparent that maximal consensus on the drafts has<br>
been achieved, consistent with the purpose and scope.<br>
<br>
(b) Background Information.<br>
(i) Related work being done by other WGs or organizations<br>
* OpenID Authentication 2.1 [AN]<br>
* OpenID Attribute Exchange Extension 2.0 [AX]<br>
* LIberty Alliance Identity Governance Framework [IGF] 1.0 Draft<br>
* XML Advanced Electronic Signatures [XAdES]<br>
* WS-Trust 1.3 [WS-trust]<br>
* XRI 2.0 and XRI 3.0 [XRI]<br>
* XRD 1.0 [XRI]<br>
* XDI 1.0 [XDI]<br>
* Vendor Relationship Management [VRM]<br>
<br>
(ii) Proposers<br>
* Drummond Reed, =drummond, <a href="mailto:drummond.reed@parity.com">drummond.reed@parity.com</a>,<br>
Cordance/Parity/OASIS (U.S.A)<br>
* Henrik Biering, <a href="mailto:hb@netamia.com">hb@netamia.com</a>, Netamia (Denmark)<br>
* Hideki Nara, <a href="mailto:hdknr@ic-tact.co.jp">hdknr@ic-tact.co.jp</a>, Tact Communications (Japan)<br>
* John Bradeley, <a href="mailto:jbradley@mac.com">jbradley@mac.com</a>, OASIS IDTrust Member Section (Canada)<br>
* Mike Graves, <a href="mailto:mgraves@janrain.com">mgraves@janrain.com</a>, JanRain, Inc. (U.S.A.)<br>
* Nat Sakimura, <a href="mailto:n-sakimura@nri.co.jp">n-sakimura@nri.co.jp</a>, Nomura Research Institute, Ltd.(Japan)<br>
* Robert Ott, <a href="mailto:robert.ott@clavid.com">robert.ott@clavid.com</a>, Clavid (Switzerland)<br>
* Tatsuki Sakushima, <a href="mailto:tatsuki@nri.com">tatsuki@nri.com</a>, NRI America, Inc. (U.S.A.)<br>
* Toru Yamaguchi, <a href="mailto:trymch@gmail.com">trymch@gmail.com</a>, DeNA Co. Ltd. (Japan)<br>
<br>
Editors:<br>
Nat Sakimura, <a href="mailto:n-sakimura@nri.co.jp">n-sakimura@nri.co.jp</a>, Nomura Research Institute, Ltd.<br>
<br>
(iii) Anticipated Contributions<br>
* Sakimura, N., et. al "OpenID Trusted data eXchange Extention<br>
Specification (draft)", Oct. 2008. [TX2008].<br>
</blockquote></div><br></div></div></div>