Draft charter for OpenID Certification working group

Paul Madsen paulmadsen at rogers.com
Thu Jun 3 19:27:54 UTC 2010 

Tony, any of the checklists could stipulate requirements for consent policy

As does the draft for the trusted email profile

'show at most one page in 99% of the consent flows once the user is 
authenticated'

paul

On 03/06/2010 2:42 PM, Anthony Nadalin wrote:
>
> So it seems that Policy was dropped out of the original description of 
> the charter. The problem is that not factoring in policy concerns more 
> generally in OpenID v.Next could hurt adoption. An example would be 
> the lack of prior informed consent for the linking that might occur as 
> OpenID v.Next goes up the assurance scale, but maybe no one is 
> interested in OpenID going beyond Level 1.
>
> *From:* openid-specs-bounces at lists.openid.net 
> [mailto:openid-specs-bounces at lists.openid.net] *On Behalf Of *Eric Sachs
> *Sent:* Friday, May 14, 2010 9:48 AM
> *To:* openid-specs
> *Subject:* Draft charter for OpenID Certification working group
>
> Resending because a few people complained this message ended up in 
> their SPAMI Folder.
>
> ---------- Forwarded message ----------
> From: *Eric Sachs* <esachs at google.com <mailto:esachs at google.com>>
> Date: Mon, May 10, 2010 at 10:14 AM
> Subject: Draft OpenID Certification working group charter
> To: openid-specs <openid-specs at lists.openid.net 
> <mailto:openid-specs at lists.openid.net>>
> Cc: Allen Tom <atom at yahoo-inc.com <mailto:atom at yahoo-inc.com>>
>
> What follows is a draft charter for the OpenID Certification working 
> group.  Feedback is welcome, as are potential working group 
> participants.  There is also a draft of some specific certification 
> check lists 
> <http://docs.google.com/View?id=ajkhp5hpp3tt_72gtng7zff> that I hope 
> will spawn feedback.
>
>
> (a)  Charter.
>
> (i) WG name:  OpenID Certification
>
>     (ii) Purpose:  Produce certification checklists for the use of
>     OpenID in different use-cases so that neutral certification bodies
>     such as OIX can validate IDPs against them as opposed to requiring
>     each RP to individual perform such an analysis of each potential
>     IDP. Specific goals are:
>
> o Define the checklist for at least one use-case
>
> o Have at least one IDP certified against that checklist by a 
> certification body
>
> o Have at least one RP who will dynamically support the published list 
> of IDP(s) that have been certified
>
>     (iii) Scope:  Produce a list of certification use-cases, and
>     checklists for them.  We expect this work will identify the need
>     for additional enhancements to the technical standards, but in
>     general this WG will not directly develop those standards, but
>     will coordinate with other OpenID WGs to define the necessary
>     standards.
>
>     (iv) Proposed List of Use-Cases: The initial targeted use-cases
>     are listed below based on discussion
>     <https://sites.google.com/site/oauthgoog/UXFedLogin/whitelisting> from
>     the April 2010 OpenID Summit and a later draft proposal
>     <http://docs.google.com/View?id=ajkhp5hpp3tt_72gtng7zff>.
>
> o Trused Email Profile
>
> o Email Validation Profile
>
> o Untrusted Email Profile
>
> o URL only Profile
>
> o Email Hosting Profile
>
>     (v) Anticipated audience or users of the work:  Implementers of
>     OpenID Providers, Relying Parties, and certification bodies.
>
>     (vi) Language in which the WG will conduct business:  English.
>     (vii) Method of work:  E-mail discussions on the working group
>     mailing list, working group conference calls, and face-to-face
>     meetings at the Internet Identity Workshop and OpenID summits.
>
>     (viii) Basis for determining when the work of the WG is completed:
>      Work will not be deemed to be complete until there is a consensus
>     that the resulting set of use-caess (and checklists) are
>     sufficient to meet the market needs for OpenID certification.
>     Additional proposed use-cases behond the initial list are expected.
>
> (b)  Background Information.
>
> (i) Related work being done in other WGs or organizations:  ICAM, 
> InCommon, Open Identity Exchange (OIX), Kantara
>
>     (ii) Proposers:
>
>         Eric Sachs, esachs at google.com <mailto:esachs at google.com>,
>         Google (chair)
>         Allen Tom, atom at yahoo-inc.com <mailto:atom at yahoo-inc.com>
>
>         Additional proposers to be added here
>
>     (iii) Anticipated Contributions:  None.
>
>
> _______________________________________________
> specs mailing list
> specs at lists.openid.net
> http://lists.openid.net/mailman/listinfo/openid-specs
>    
>
>
>
> No virus found in this incoming message.
> Checked by AVG - www.avg.com
> Version: 9.0.819 / Virus Database: 271.1.1/2915 - Release Date: 06/03/10 02:25:00
>
>    
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs/attachments/20100603/acef679f/attachment.html>

More information about the specs mailing list