Draft charter for OpenID Certification working group
Paul Madsen
paulmadsen at rogers.com
Thu Jun 3 21:26:30 UTC 2010
As I think of 'policy', everything here meets the definition, ie
prescribed processes and technologies
it sounds like what you want is specific test putting 'privacy policy'
in scope for the certification checklists?
or the possibility of a 'privacy focused profile'?
paul
On 03/06/2010 4:26 PM, Anthony Nadalin wrote:
>
> So I agree, but not sure if we don't have people thinking about the
> policy aspects that we will do a good job in this area, thus just
> having a conformance I don't think will promote those thoughts
>
> *From:* openid-specs-bounces at lists.openid.net
> [mailto:openid-specs-bounces at lists.openid.net] *On Behalf Of *Paul Madsen
> *Sent:* Thursday, June 03, 2010 12:28 PM
> *To:* openid-specs at lists.openid.net
> *Subject:* Re: Draft charter for OpenID Certification working group
>
> Tony, any of the checklists could stipulate requirements for consent
> policy
>
> As does the draft for the trusted email profile
>
> 'show at most one page in 99% of the consent flows once the user is
> authenticated'
>
> paul
>
> On 03/06/2010 2:42 PM, Anthony Nadalin wrote:
>
> So it seems that Policy was dropped out of the original description of
> the charter. The problem is that not factoring in policy concerns more
> generally in OpenID v.Next could hurt adoption. An example would be
> the lack of prior informed consent for the linking that might occur as
> OpenID v.Next goes up the assurance scale, but maybe no one is
> interested in OpenID going beyond Level 1.
>
> *From:* openid-specs-bounces at lists.openid.net
> <mailto:openid-specs-bounces at lists.openid.net>
> [mailto:openid-specs-bounces at lists.openid.net] *On Behalf Of *Eric Sachs
> *Sent:* Friday, May 14, 2010 9:48 AM
> *To:* openid-specs
> *Subject:* Draft charter for OpenID Certification working group
>
> Resending because a few people complained this message ended up in
> their SPAMI Folder.
>
> ---------- Forwarded message ----------
> From: *Eric Sachs* <esachs at google.com <mailto:esachs at google.com>>
> Date: Mon, May 10, 2010 at 10:14 AM
> Subject: Draft OpenID Certification working group charter
> To: openid-specs <openid-specs at lists.openid.net
> <mailto:openid-specs at lists.openid.net>>
> Cc: Allen Tom <atom at yahoo-inc.com <mailto:atom at yahoo-inc.com>>
>
>
> What follows is a draft charter for the OpenID Certification working
> group. Feedback is welcome, as are potential working group
> participants. There is also a draft of some specific certification
> check lists
> <http://docs.google.com/View?id=ajkhp5hpp3tt_72gtng7zff> that I hope
> will spawn feedback.
>
>
> (a) Charter.
>
>
> (i) WG name: OpenID Certification
>
> (ii) Purpose: Produce certification checklists for the use of
> OpenID in different use-cases so that neutral certification bodies
> such as OIX can validate IDPs against them as opposed to requiring
> each RP to individual perform such an analysis of each potential
> IDP. Specific goals are:
>
> Define the checklist for at least one use-case
>
> Have at least one IDP certified against that checklist by a
> certification body
>
> Have at least one RP who will dynamically support the published list
> of IDP(s) that have been certified
>
> (iii) Scope: Produce a list of certification use-cases, and
> checklists for them. We expect this work will identify the need
> for additional enhancements to the technical standards, but in
> general this WG will not directly develop those standards, but
> will coordinate with other OpenID WGs to define the necessary
> standards.
>
> (iv) Proposed List of Use-Cases: The initial targeted use-cases
> are listed below based on discussion
> <https://sites.google.com/site/oauthgoog/UXFedLogin/whitelisting> from
> the April 2010 OpenID Summit and a later draft proposal
> <http://docs.google.com/View?id=ajkhp5hpp3tt_72gtng7zff>.
>
> Trused Email Profile
>
> Email Validation Profile
>
> Untrusted Email Profile
>
> URL only Profile
>
> Email Hosting Profile
>
> (v) Anticipated audience or users of the work: Implementers of
> OpenID Providers, Relying Parties, and certification bodies.
>
> (vi) Language in which the WG will conduct business: English.
> (vii) Method of work: E-mail discussions on the working group
> mailing list, working group conference calls, and face-to-face
> meetings at the Internet Identity Workshop and OpenID summits.
>
> (viii) Basis for determining when the work of the WG is completed:
> Work will not be deemed to be complete until there is a consensus
> that the resulting set of use-caess (and checklists) are
> sufficient to meet the market needs for OpenID certification.
> Additional proposed use-cases behond the initial list are expected.
>
> (b) Background Information.
>
>
> (i) Related work being done in other WGs or organizations: ICAM,
> InCommon, Open Identity Exchange (OIX), Kantara
>
> (ii) Proposers:
>
> Eric Sachs, esachs at google.com <mailto:esachs at google.com>,
> Google (chair)
> Allen Tom, atom at yahoo-inc.com <mailto:atom at yahoo-inc.com>
>
> Additional proposers to be added here
>
> (iii) Anticipated Contributions: None.
>
>
>
> _______________________________________________
> specs mailing list
> specs at lists.openid.net <mailto:specs at lists.openid.net>
> http://lists.openid.net/mailman/listinfo/openid-specs
>
>
>
>
> No virus found in this incoming message.
> Checked by AVG -www.avg.com <http://www.avg.com>
> Version: 9.0.819 / Virus Database: 271.1.1/2915 - Release Date: 06/03/10 02:25:00
>
>
>
>
>
> No virus found in this incoming message.
> Checked by AVG - www.avg.com
> Version: 9.0.819 / Virus Database: 271.1.1/2915 - Release Date: 06/03/10 02:25:00
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs/attachments/20100603/b0c6a4eb/attachment-0001.html>
More information about the specs
mailing list