RECOMMENDED: Proposal to create the PAPE working group
Dick Hardt
dick at sxip.com
Thu May 22 21:15:45 PDT 2008
The specifications council recommends that the Foundation members
approve the creation of the Provider Authentication Policy Extension
(PAPE) working group, as proposed below.
-- Dick
On 22-May-08, at 3:25 PM, Mike Jones wrote:
> This message is being sent to revise the proposal to create the PAPE
> working group, changing only one word, so that the projected
> completion date is July 2008, rather than May 2008. The complete
> text of the revised proposal follows.
>
> --- Mike
>
> In accordance with the OpenID Foundation IPR policies and procedures
> this note proposes the formation of a new working group chartered to
> produce an OpenID specification. As per Section 4.1 of the
> Policies, the specifics of the proposed working group are:
>
> Proposal:
> (a) Charter.
> (i) WG name: Provider Authentication Policy
> Extension (PAPE)
> (ii) Purpose: Produce a standard OpenID extension
> to the OpenID Authentication protocol that: provides a mechanism by
> which a Relying Party can request that particular authentication
> policies be applied by the OpenID Provider when authenticating an
> End User and provides a mechanism by which an OpenID Provider may
> inform a Relying Party which authentication policies were used. Thus
> a Relying Party can request that the End User authenticate, for
> example, using a phishing-resistant and/or multi-factor
> authentication method.
> (iii) Scope: Produce a revision of the PAPE 1.0
> Draft 2 specification that clarifies its intent, while maintaining
> compatibility for existing Draft 2 implementations. Adding any
> support for communicating requests for or the use of specific
> authentication methods (as opposed to authentication policies) is
> explicitly out of scope.
> (iv) Proposed List of Specifications: Provider
> Authentication Policy Extension 1.0, spec completion expected during
> July 2008.
> (v) Anticipated audience or users of the work:
> Implementers of OpenID Providers and Relying Parties – especially
> those interested in mitigating the phishing vulnerabilities of
> logging into OpenID providers with passwords.
> (vi) Language in which the WG will conduct
> business: English.
> (vii) Method of work: E-mail discussions on the
> working group mailing list, working group conference calls, and
> possibly a face-to-face meeting at the Internet Identity Workshop.
> (viii) Basis for determining when the work of the
> WG is completed: Proposed changes to draft 2 will be evaluated on
> the basis of whether they increase or decrease consensus within the
> working group. The work will be completed once it is apparent that
> maximal consensus on the draft has been achieved, consistent with
> the purpose and scope.
> (b) Background Information.
> (i) Related work being done in other WGs or
> organizations: (1) Assurance Levels as defined by the National
> Institute of Standards and Technology (NIST) in Special Publication
> 800-63 (Burr, W., Dodson, D., and W. Polk, Ed., “Electronic
> Authentication Guideline,” April 2006.) [NIST_SP800‑63]. This
> working group is needed to enable authentication policy statements
> to be exchanged by OpenID endpoints. No coordination is needed with
> NIST, as the PAPE specification uses elements of the NIST
> specification in the intended fashion.
> (ii) Proposers:
> Michael B. Jones, mbj at microsoft.com,
> Microsoft Corporation
> David Recordon,
> drecordon at sixapart.com, Six Apart Corporation
> Ben Laurie, benl at google.com, Google
> Corporation
> Drummond Reed, drummond.reed at cordance.net
> , Cordance Corporation
> John Bradley,
> john.bradley at wingaa.com, Wingaa Corporation
> Johnny Bufu, johnny.bufu at gmail.com,
> Independent
> Dick Hardt, dick at sxip.com, Sxip
> Identity Corporation
> Editors:
> Michael B. Jones, mbj at microsoft.com,
> Microsoft Corporation
> David Recordon,
> drecordon at sixapart.com, Six Apart Corporation
> (iii) Anticipated Contributions: None.
>
> _______________________________________________
> specs mailing list
> specs at openid.net
> http://openid.net/mailman/listinfo/specs
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://openid.net/pipermail/specs/attachments/20080522/8db9fe6f/attachment-0001.htm
More information about the specs
mailing list