<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:x="urn:schemas-microsoft-com:office:excel" xmlns:p="urn:schemas-microsoft-com:office:powerpoint" xmlns:a="urn:schemas-microsoft-com:office:access" xmlns:dt="uuid:C2F41010-65B3-11d1-A29F-00AA00C14882" xmlns:s="uuid:BDC6E3F0-6DA3-11d1-A2A3-00AA00C14882" xmlns:rs="urn:schemas-microsoft-com:rowset" xmlns:z="#RowsetSchema" xmlns:b="urn:schemas-microsoft-com:office:publisher" xmlns:ss="urn:schemas-microsoft-com:office:spreadsheet" xmlns:c="urn:schemas-microsoft-com:office:component:spreadsheet" xmlns:oa="urn:schemas-microsoft-com:office:activation" xmlns:html="http://www.w3.org/TR/REC-html40" xmlns:q="http://schemas.xmlsoap.org/soap/envelope/" xmlns:D="DAV:" xmlns:x2="http://schemas.microsoft.com/office/excel/2003/xml" xmlns:ois="http://schemas.microsoft.com/sharepoint/soap/ois/" xmlns:dir="http://schemas.microsoft.com/sharepoint/soap/directory/" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:dsp="http://schemas.microsoft.com/sharepoint/dsp" xmlns:udc="http://schemas.microsoft.com/data/udc" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:sub="http://schemas.microsoft.com/sharepoint/soap/2002/1/alerts/" xmlns:ec="http://www.w3.org/2001/04/xmlenc#" xmlns:sp="http://schemas.microsoft.com/sharepoint/" xmlns:sps="http://schemas.microsoft.com/sharepoint/soap/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:udcxf="http://schemas.microsoft.com/data/udc/xmlfile" xmlns:wf="http://schemas.microsoft.com/sharepoint/soap/workflow/" xmlns:mver="http://schemas.openxmlformats.org/markup-compatibility/2006" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns:mrels="http://schemas.openxmlformats.org/package/2006/relationships" xmlns:ex12t="http://schemas.microsoft.com/exchange/services/2006/types" xmlns:ex12m="http://schemas.microsoft.com/exchange/services/2006/messages" xmlns:Z="urn:schemas-microsoft-com:" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv=Content-Type content="text/html; charset=utf-8">
<meta name=Generator content="Microsoft Word 12 (filtered medium)">
<style>
<!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Verdana;
panose-1:2 11 6 4 3 5 4 4 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri","sans-serif";}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
p.clauselevel1, li.clauselevel1, div.clauselevel1
{mso-style-name:clauselevel1;
margin-top:0in;
margin-right:0in;
margin-bottom:6.0pt;
margin-left:0in;
text-align:justify;
text-indent:0in;
mso-list:l0 level1 lfo2;
font-size:9.0pt;
font-family:"Verdana","sans-serif";}
p.clauselevel2, li.clauselevel2, div.clauselevel2
{mso-style-name:clauselevel2;
margin-top:0in;
margin-right:0in;
margin-bottom:6.0pt;
margin-left:0in;
text-align:justify;
text-indent:.35in;
mso-list:l0 level2 lfo2;
font-size:9.0pt;
font-family:"Verdana","sans-serif";}
p.clauselevel3, li.clauselevel3, div.clauselevel3
{mso-style-name:clauselevel3;
margin-top:0in;
margin-right:0in;
margin-bottom:6.0pt;
margin-left:0in;
text-align:justify;
text-indent:.7in;
mso-list:l0 level3 lfo2;
font-size:9.0pt;
font-family:"Verdana","sans-serif";}
p.clauselevel4, li.clauselevel4, div.clauselevel4
{mso-style-name:clauselevel4;
margin-top:0in;
margin-right:0in;
margin-bottom:6.0pt;
margin-left:0in;
text-align:justify;
text-indent:1.05in;
mso-list:l0 level4 lfo2;
font-size:9.0pt;
font-family:"Verdana","sans-serif";}
span.emailstyle17
{mso-style-name:emailstyle17;
font-family:"Calibri","sans-serif";}
span.EmailStyle22
{mso-style-type:personal;
font-family:"Calibri","sans-serif";
color:windowtext;}
span.EmailStyle23
{mso-style-type:personal;
font-family:"Calibri","sans-serif";
color:#1F497D;}
span.EmailStyle24
{mso-style-type:personal-reply;
font-family:"Calibri","sans-serif";
color:#1F497D;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page Section1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.Section1
{page:Section1;}
/* List Definitions */
@list l0
{mso-list-id:2120446173;
mso-list-template-ids:2037165994;}
@list l0:level1
{mso-level-text:%1;
mso-level-tab-stop:.35in;
mso-level-number-position:left;
margin-left:0in;
text-indent:0in;
mso-ansi-font-size:9.0pt;
font-family:"Verdana","sans-serif";
mso-ansi-font-weight:bold;
mso-ansi-font-style:normal;}
@list l0:level2
{mso-level-text:"%1\.%2";
mso-level-tab-stop:.7in;
mso-level-number-position:left;
margin-left:0in;
text-indent:.35in;
mso-ansi-font-size:9.0pt;
font-family:"Verdana","sans-serif";
mso-ansi-font-weight:bold;
mso-ansi-font-style:normal;}
@list l0:level3
{mso-level-number-format:alpha-lower;
mso-level-text:"\(%3\)";
mso-level-tab-stop:1.05in;
mso-level-number-position:left;
margin-left:0in;
text-indent:.7in;
mso-ansi-font-size:9.0pt;
font-family:"Verdana","sans-serif";
mso-ansi-font-weight:bold;
mso-ansi-font-style:normal;}
@list l0:level4
{mso-level-number-format:roman-lower;
mso-level-text:"\(%4\)";
mso-level-tab-stop:1.4in;
mso-level-number-position:left;
margin-left:0in;
text-indent:1.05in;
mso-ansi-font-size:9.0pt;
font-family:"Verdana","sans-serif";
mso-ansi-font-weight:bold;
mso-ansi-font-style:normal;}
@list l0:level5
{mso-level-number-format:alpha-lower;
mso-level-text:"\(%5\)";
mso-level-tab-stop:none;
mso-level-number-position:left;
margin-left:1.25in;
text-indent:-.25in;}
@list l0:level6
{mso-level-number-format:roman-lower;
mso-level-text:"\(%6\)";
mso-level-tab-stop:none;
mso-level-number-position:left;
margin-left:1.5in;
text-indent:-.25in;}
@list l0:level7
{mso-level-tab-stop:none;
mso-level-number-position:left;
margin-left:1.75in;
text-indent:-.25in;}
@list l0:level8
{mso-level-number-format:alpha-lower;
mso-level-tab-stop:none;
mso-level-number-position:left;
margin-left:2.0in;
text-indent:-.25in;}
@list l0:level9
{mso-level-number-format:roman-lower;
mso-level-tab-stop:none;
mso-level-number-position:left;
margin-left:2.25in;
text-indent:-.25in;}
ol
{margin-bottom:0in;}
ul
{margin-bottom:0in;}
-->
</style>
<!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang=EN-US link=blue vlink=purple>
<div class=Section1>
<p class=MsoNormal>In accordance with the OpenID Foundation <a
href="http://openid.net/foundation/intellectual-property/">IPR policies and
procedures</a> this note proposes the formation of a new working group
chartered to produce an OpenID specification. As per Section 4.1 of the
Policies, the specifics of the proposed working group are:<o:p></o:p></p>
<p class=MsoNormal><o:p> </o:p></p>
<p class=MsoNormal><b>Proposal:<o:p></o:p></b></p>
<p class=MsoNormal><b>(a)</b> <i><u>Charter</u></i>.<o:p></o:p></p>
<p class=MsoNormal>
<b>(i)</b> WG name: Provider Authentication Policy Extension (PAPE)<o:p></o:p></p>
<p class=MsoNormal>
<b>(ii)</b> Purpose: Produce a standard OpenID extension to the
OpenID Authentication protocol that: provides a mechanism by which a
Relying Party can request that particular authentication policies be applied by
the OpenID Provider when authenticating an End User and provides a mechanism by
which an OpenID Provider may inform a Relying Party which authentication
policies were used. Thus a Relying Party can request that the End User
authenticate, for example, using a phishing-resistant and/or multi-factor
authentication method.<o:p></o:p></p>
<p class=MsoNormal>
<b>(iii)</b> Scope: Produce a revision of the PAPE 1.0 Draft 2
specification that clarifies its intent, while maintaining compatibility for
existing Draft 2 implementations. Adding any support for communicating
requests for or the use of specific authentication methods (as opposed to
authentication policies) is explicitly out of scope.<o:p></o:p></p>
<p class=MsoNormal>
<b>(iv)</b> Proposed List of Specifications: Provider
Authentication Policy Extension 1.0, spec completion expected during May 2008.<o:p></o:p></p>
<p class=MsoNormal>
<b>(v)</b> Anticipated audience or users of the work: Implementers
of OpenID Providers and Relying Parties – especially those interested in
mitigating the phishing vulnerabilities of logging into OpenID providers with
passwords.<o:p></o:p></p>
<p class=MsoNormal>
<b>(vi)</b> Language in which the WG will conduct business:
English.<o:p></o:p></p>
<p class=MsoNormal>
<b>(vii)</b> Method of work: E-mail discussions on the working
group mailing list, working group conference calls, and possibly a face-to-face
meeting at the Internet Identity Workshop.<o:p></o:p></p>
<p class=MsoNormal>
<b>(viii)</b> Basis for determining when the work of the WG is
completed: Proposed changes to draft 2 will be evaluated on the basis of
whether they increase or decrease consensus within the working group. The
work will be completed once it is apparent that maximal consensus on the draft
has been achieved, consistent with the purpose and scope.<o:p></o:p></p>
<p class=MsoNormal><b>(b)</b> <i><u>Background Information</u></i>.<o:p></o:p></p>
<p class=MsoNormal>
<b>(i)</b> Related work being done in other WGs or organizations:
(1) Assurance Levels as defined by the National Institute of Standards and
Technology (NIST) in Special Publication 800-63 (Burr, W., Dodson, D., and W.
Polk, Ed., “Electronic Authentication Guideline,” April 2006.) [NIST_SP800‑63].
This working group is needed to enable authentication policy statements to be
exchanged by OpenID endpoints. No coordination is needed with NIST, as
the PAPE specification uses elements of the NIST specification in the intended
fashion.<o:p></o:p></p>
<p class=MsoNormal>
<b>(ii)</b> Proposers: <o:p></o:p></p>
<p class=MsoNormal>
Michael B. Jones, <a href="mailto:mbj@microsoft.com">mbj@microsoft.com</a>,
Microsoft Corporation<o:p></o:p></p>
<p class=MsoNormal>
David Recordon, <a href="mailto:drecordon@sixapart.com">drecordon@sixapart.com</a>,
Six Apart Corporation<o:p></o:p></p>
<p class=MsoNormal>
Ben Laurie, <a href="mailto:benl@google.com">benl@google.com</a>, Google
Corporation<o:p></o:p></p>
<p class=MsoNormal>
Drummond Reed, <a href="mailto:drummond.reed@cordance.net">drummond.reed@cordance.net</a>,
Cordance Corporation<o:p></o:p></p>
<p class=MsoNormal>
John Bradley, <a href="mailto:john.bradley@wingaa.com">john.bradley@wingaa.com</a>,
Wingaa Corporation<o:p></o:p></p>
<p class=MsoNormal><span style='color:#1F497D'> </span>Johnny
Bufu, <a href="mailto:johnny.bufu@gmail.com">johnny.bufu@gmail.com</a>,
Independent<o:p></o:p></p>
<p class=MsoNormal>Editors: <o:p></o:p></p>
<p class=MsoNormal>
Michael B. Jones, <a href="mailto:mbj@microsoft.com">mbj@microsoft.com</a>,
Microsoft Corporation<o:p></o:p></p>
<p class=MsoNormal>
David Recordon, <a href="mailto:drecordon@sixapart.com">drecordon@sixapart.com</a>,
Six Apart Corporation<o:p></o:p></p>
<p class=MsoNormal>
<b>(iii)</b> Anticipated Contributions: None.<o:p></o:p></p>
<p class=MsoNormal><o:p> </o:p></p>
<p class=MsoNormal>====<o:p></o:p></p>
<p class=MsoNormal><o:p> </o:p></p>
<p class=MsoNormal>(The rest of this note is informational and not part of the
proposal to create an OpenID working group.)<o:p></o:p></p>
<p class=MsoNormal><o:p> </o:p></p>
<p class=MsoNormal>Given that the OpenID specification procedures call for votes
of the membership, this would be a good time for those wanting to influence the
outcome of this specification to join the OpenID Foundation. You can do
so at <a href="http://openid.net/foundation/join/">http://openid.net/foundation/join/</a>.
Should you wish to join the working group, you will also need to execute the
Contribution Agreement at <a
href="http://openid.net/foundation/intellectual-property/">http://openid.net/foundation/intellectual-property/</a>
once the working group formation has been approved by the membership. After
the Specifications Council has responded to this request to create a working
group (which must happen within 15 days) a separate message will be sent asking
those of you who are OpenID members to vote on the working group creation,
containing instructions for how to do so.<o:p></o:p></p>
<p class=MsoNormal><o:p> </o:p></p>
<p class=MsoNormal> --
Mike<o:p></o:p></p>
<p class=MsoNormal><o:p> </o:p></p>
</div>
</body>
</html>