<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:x="urn:schemas-microsoft-com:office:excel" xmlns:p="urn:schemas-microsoft-com:office:powerpoint" xmlns:a="urn:schemas-microsoft-com:office:access" xmlns:dt="uuid:C2F41010-65B3-11d1-A29F-00AA00C14882" xmlns:s="uuid:BDC6E3F0-6DA3-11d1-A2A3-00AA00C14882" xmlns:rs="urn:schemas-microsoft-com:rowset" xmlns:z="#RowsetSchema" xmlns:b="urn:schemas-microsoft-com:office:publisher" xmlns:ss="urn:schemas-microsoft-com:office:spreadsheet" xmlns:c="urn:schemas-microsoft-com:office:component:spreadsheet" xmlns:oa="urn:schemas-microsoft-com:office:activation" xmlns:html="http://www.w3.org/TR/REC-html40" xmlns:q="http://schemas.xmlsoap.org/soap/envelope/" xmlns:D="DAV:" xmlns:x2="http://schemas.microsoft.com/office/excel/2003/xml" xmlns:ois="http://schemas.microsoft.com/sharepoint/soap/ois/" xmlns:dir="http://schemas.microsoft.com/sharepoint/soap/directory/" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:dsp="http://schemas.microsoft.com/sharepoint/dsp" xmlns:udc="http://schemas.microsoft.com/data/udc" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:sub="http://schemas.microsoft.com/sharepoint/soap/2002/1/alerts/" xmlns:ec="http://www.w3.org/2001/04/xmlenc#" xmlns:sp="http://schemas.microsoft.com/sharepoint/" xmlns:sps="http://schemas.microsoft.com/sharepoint/soap/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:udcxf="http://schemas.microsoft.com/data/udc/xmlfile" xmlns:st1="urn:schemas-microsoft-com:office:smarttags" xmlns="http://www.w3.org/TR/REC-html40"
xmlns:ns1="http://schemas.microsoft.com/sharepoint/soap/workflow/"
xmlns:ns2="http://schemas.openxmlformats.org/markup-compatibility/2006"
xmlns:ns0="http://schemas.microsoft.com/office/2004/12/omml"
xmlns:ns3="http://schemas.openxmlformats.org/package/2006/relationships"
xmlns:ns4="http://schemas.microsoft.com/exchange/services/2006/types"
xmlns:ns5="http://schemas.microsoft.com/exchange/services/2006/messages"
xmlns:ns6="urn:schemas-microsoft-com:">
<head>
<meta http-equiv=Content-Type content="text/html; charset=utf-8">
<meta name=Generator content="Microsoft Word 11 (filtered medium)">
<!--[if !mso]>
<style>
v\:* {behavior:url(#default#VML);}
o\:* {behavior:url(#default#VML);}
w\:* {behavior:url(#default#VML);}
.shape {behavior:url(#default#VML);}
</style>
<![endif]--><o:SmartTagType
namespaceuri="urn:schemas-microsoft-com:office:smarttags" name="PersonName"/>
<!--[if !mso]>
<style>
st1\:*{behavior:url(#default#ieooui) }
</style>
<![endif]-->
<style>
<!--a:link
{mso-style-priority:99;}
span.MSOHYPERLINK
{mso-style-priority:99;}
a:visited
{mso-style-priority:99;}
span.MSOHYPERLINKFOLLOWED
{mso-style-priority:99;}
/* Font Definitions */
@font-face
{font-family:Tahoma;
panose-1:2 11 6 4 3 5 4 4 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Verdana;
panose-1:2 11 6 4 3 5 4 4 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:Calibri;}
a:link, span.MsoHyperlink
{color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{color:purple;
text-decoration:underline;}
p.clauselevel1, li.clauselevel1, div.clauselevel1
{margin-top:0in;
margin-right:0in;
margin-bottom:6.0pt;
margin-left:0in;
text-align:justify;
text-indent:0in;
mso-list:l0 level1 lfo2;
font-size:9.0pt;
font-family:Verdana;}
p.clauselevel2, li.clauselevel2, div.clauselevel2
{margin-top:0in;
margin-right:0in;
margin-bottom:6.0pt;
margin-left:0in;
text-align:justify;
text-indent:.35in;
mso-list:l0 level2 lfo2;
font-size:9.0pt;
font-family:Verdana;}
p.clauselevel3, li.clauselevel3, div.clauselevel3
{margin-top:0in;
margin-right:0in;
margin-bottom:6.0pt;
margin-left:0in;
text-align:justify;
text-indent:.7in;
mso-list:l0 level3 lfo2;
font-size:9.0pt;
font-family:Verdana;}
p.clauselevel4, li.clauselevel4, div.clauselevel4
{margin-top:0in;
margin-right:0in;
margin-bottom:6.0pt;
margin-left:0in;
text-align:justify;
text-indent:1.05in;
mso-list:l0 level4 lfo2;
font-size:9.0pt;
font-family:Verdana;}
span.emailstyle17
{font-family:Calibri;}
span.EmailStyle22
{mso-style-type:personal;
font-family:Calibri;
color:windowtext;}
span.EmailStyle23
{mso-style-type:personal;
font-family:Calibri;
color:#1F497D;}
span.EmailStyle24
{mso-style-type:personal;
font-family:Calibri;
color:#1F497D;}
span.EmailStyle25
{mso-style-type:personal-reply;
font-family:Arial;
color:navy;
font-weight:normal;
font-style:normal;
text-decoration:none none;}
@page Section1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.Section1
{page:Section1;}
/* List Definitions */
@list l0
{mso-list-id:2120446173;
mso-list-template-ids:2037165994;}
@list l0:level1
{mso-level-text:%1;
mso-level-tab-stop:.35in;
mso-level-number-position:left;
margin-left:0in;
text-indent:0in;
mso-ansi-font-size:9.0pt;
font-family:Verdana;
mso-ansi-font-weight:bold;
mso-ansi-font-style:normal;}
@list l0:level2
{mso-level-text:"%1\.%2";
mso-level-tab-stop:.7in;
mso-level-number-position:left;
margin-left:0in;
text-indent:.35in;
mso-ansi-font-size:9.0pt;
font-family:Verdana;
mso-ansi-font-weight:bold;
mso-ansi-font-style:normal;}
@list l0:level3
{mso-level-number-format:alpha-lower;
mso-level-text:"\(%3\)";
mso-level-tab-stop:1.05in;
mso-level-number-position:left;
margin-left:0in;
text-indent:.7in;
mso-ansi-font-size:9.0pt;
font-family:Verdana;
mso-ansi-font-weight:bold;
mso-ansi-font-style:normal;}
@list l0:level4
{mso-level-number-format:roman-lower;
mso-level-text:"\(%4\)";
mso-level-tab-stop:1.4in;
mso-level-number-position:left;
margin-left:0in;
text-indent:1.05in;
mso-ansi-font-size:9.0pt;
font-family:Verdana;
mso-ansi-font-weight:bold;
mso-ansi-font-style:normal;}
@list l0:level5
{mso-level-number-format:alpha-lower;
mso-level-text:"\(%5\)";
mso-level-tab-stop:none;
mso-level-number-position:left;
margin-left:1.25in;
text-indent:-.25in;}
@list l0:level6
{mso-level-number-format:roman-lower;
mso-level-text:"\(%6\)";
mso-level-tab-stop:none;
mso-level-number-position:left;
margin-left:1.5in;
text-indent:-.25in;}
@list l0:level7
{mso-level-tab-stop:none;
mso-level-number-position:left;
margin-left:1.75in;
text-indent:-.25in;}
@list l0:level8
{mso-level-number-format:alpha-lower;
mso-level-tab-stop:none;
mso-level-number-position:left;
margin-left:2.0in;
text-indent:-.25in;}
@list l0:level9
{mso-level-number-format:roman-lower;
mso-level-tab-stop:none;
mso-level-number-position:left;
margin-left:2.25in;
text-indent:-.25in;}
ol
{margin-bottom:0in;}
ul
{margin-bottom:0in;}
-->
</style>
<!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang=EN-US link=blue vlink=purple>
<div class=Section1>
<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:navy'>I'm pleased to report that Dick Hardt has
also added his name to the list of proposers for this working group. The list
is now:<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Calibri><span style='font-size:11.0pt'>
Michael B. Jones, <a href="mailto:mbj@microsoft.com">mbj@microsoft.com</a>, <st1:PersonName
w:st="on">Microsoft</st1:PersonName> Corporation<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Calibri><span style='font-size:11.0pt'>
<st1:PersonName w:st="on">David Recordon</st1:PersonName>, <a
href="mailto:drecordon@sixapart.com">drecordon@sixapart.com</a>, Six Apart
Corporation<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Calibri><span style='font-size:11.0pt'>
<st1:PersonName w:st="on">Ben Laurie</st1:PersonName>, <a
href="mailto:benl@google.com">benl@google.com</a>, Google Corporation<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Calibri><span style='font-size:11.0pt'>
<st1:PersonName w:st="on">Drummond Reed</st1:PersonName>, <a
href="mailto:drummond.reed@cordance.net">drummond.reed@cordance.net</a>,
Cordance Corporation<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Calibri><span style='font-size:11.0pt'>
<st1:PersonName w:st="on">John Bradley</st1:PersonName>, <a
href="mailto:john.bradley@wingaa.com">john.bradley@wingaa.com</a>, Wingaa
Corporation<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 color="#1f497d" face=Calibri><span
style='font-size:11.0pt;color:#1F497D'>
</span></font><st1:PersonName w:st="on">Johnny Bufu</st1:PersonName>, <a
href="mailto:johnny.bufu@gmail.com">johnny.bufu@gmail.com</a>, Independent<o:p></o:p></p>
<p class=MsoNormal><font size=2 color="#1f497d" face=Calibri><span
style='font-size:11.0pt;color:#1F497D'>
</span></font>Dick Hardt, <a href="mailto:dick@sxip.com">dick@sxip.com</a>, Sxip
Identity Corporation<o:p></o:p></p>
<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:navy'><o:p> </o:p></span></font></p>
<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:navy'> --
Mike<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:navy'><o:p> </o:p></span></font></p>
<div>
<div class=MsoNormal align=center style='text-align:center'><font size=3
face="Times New Roman"><span style='font-size:12.0pt;font-family:"Times New Roman"'>
<hr size=2 width="100%" align=center tabindex=-1>
</span></font></div>
<p class=MsoNormal><b><font size=2 face=Tahoma><span style='font-size:10.0pt;
font-family:Tahoma;font-weight:bold'>From:</span></font></b><font size=2
face=Tahoma><span style='font-size:10.0pt;font-family:Tahoma'> <st1:PersonName
w:st="on">Mike Jones</st1:PersonName> <br>
<b><span style='font-weight:bold'>Sent:</span></b> Friday, April 25, 2008 1:36
PM<br>
<b><span style='font-weight:bold'>To:</span></b> specs@openid.net<br>
<b><span style='font-weight:bold'>Cc:</span></b> <st1:PersonName w:st="on">David
Recordon</st1:PersonName>; <st1:PersonName w:st="on">Ben Laurie</st1:PersonName>;
<st1:PersonName w:st="on">Drummond Reed</st1:PersonName>; <st1:PersonName
w:st="on">John Bradley</st1:PersonName>; <st1:PersonName w:st="on">Johnny Bufu</st1:PersonName><br>
<b><span style='font-weight:bold'>Subject:</span></b> Proposal to create the
PAPE working group</span></font><font size=3 face="Times New Roman"><span
style='font-size:12.0pt;font-family:"Times New Roman"'><o:p></o:p></span></font></p>
</div>
<p class=MsoNormal><font size=2 face=Calibri><span style='font-size:11.0pt'><o:p> </o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Calibri><span style='font-size:11.0pt'>In
accordance with the OpenID Foundation <a
href="http://openid.net/foundation/intellectual-property/">IPR policies and
procedures</a> this note proposes the formation of a new working group
chartered to produce an OpenID specification. As per Section 4.1 of the
Policies, the specifics of the proposed working group are:<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Calibri><span style='font-size:11.0pt'><o:p> </o:p></span></font></p>
<p class=MsoNormal><b><font size=2 face=Calibri><span style='font-size:11.0pt;
font-weight:bold'>Proposal:<o:p></o:p></span></font></b></p>
<p class=MsoNormal><b><font size=2 face=Calibri><span style='font-size:11.0pt;
font-weight:bold'>(a)</span></font></b> <i><u><span style='font-style:
italic'>Charter</span></u></i>.<o:p></o:p></p>
<p class=MsoNormal><font size=2 face=Calibri><span style='font-size:11.0pt'>
<b><span style='font-weight:bold'>(i)</span></b> WG name: Provider
Authentication Policy Extension (PAPE)<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Calibri><span style='font-size:11.0pt'>
<b><span style='font-weight:bold'>(ii)</span></b> Purpose: Produce
a standard OpenID extension to the OpenID Authentication protocol that:
provides a mechanism by which a Relying Party can request that particular
authentication policies be applied by the OpenID Provider when authenticating
an End User and provides a mechanism by which an OpenID Provider may inform a
Relying Party which authentication policies were used. Thus a Relying Party can
request that the End User authenticate, for example, using a phishing-resistant
and/or multi-factor authentication method.<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Calibri><span style='font-size:11.0pt'>
<b><span style='font-weight:bold'>(iii)</span></b> Scope: Produce a
revision of the PAPE 1.0 Draft 2 specification that clarifies its intent, while
maintaining compatibility for existing Draft 2 implementations. Adding
any support for communicating requests for or the use of specific
authentication methods (as opposed to authentication policies) is explicitly
out of scope.<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Calibri><span style='font-size:11.0pt'>
<b><span style='font-weight:bold'>(iv)</span></b> Proposed List of
Specifications: Provider Authentication Policy Extension 1.0, spec
completion expected during May 2008.<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Calibri><span style='font-size:11.0pt'>
<b><span style='font-weight:bold'>(v)</span></b> Anticipated audience or
users of the work: Implementers of OpenID Providers and Relying Parties –
especially those interested in mitigating the phishing vulnerabilities of
logging into OpenID providers with passwords.<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Calibri><span style='font-size:11.0pt'>
<b><span style='font-weight:bold'>(vi)</span></b> Language in which the
WG will conduct business: English.<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Calibri><span style='font-size:11.0pt'>
<b><span style='font-weight:bold'>(vii)</span></b> Method of work:
E-mail discussions on the working group mailing list, working group conference
calls, and possibly a face-to-face meeting at the Internet Identity Workshop.<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Calibri><span style='font-size:11.0pt'>
<b><span style='font-weight:bold'>(viii)</span></b> Basis for determining
when the work of the WG is completed: Proposed changes to draft 2 will be
evaluated on the basis of whether they increase or decrease consensus within
the working group. The work will be completed once it is apparent that
maximal consensus on the draft has been achieved, consistent with the purpose
and scope.<o:p></o:p></span></font></p>
<p class=MsoNormal><b><font size=2 face=Calibri><span style='font-size:11.0pt;
font-weight:bold'>(b)</span></font></b> <i><u><span style='font-style:
italic'>Background Information</span></u></i>.<o:p></o:p></p>
<p class=MsoNormal><font size=2 face=Calibri><span style='font-size:11.0pt'>
<b><span style='font-weight:bold'>(i)</span></b> Related work being done
in other WGs or organizations: (1) Assurance Levels as defined by the
National Institute of Standards and Technology (NIST) in Special Publication
800-63 (Burr, W., Dodson, D., and W. Polk, Ed., “Electronic Authentication
Guideline,” April 2006.) [NIST_SP800‑63]. This working group is needed to
enable authentication policy statements to be exchanged by OpenID
endpoints. No coordination is needed with NIST, as the PAPE specification
uses elements of the NIST specification in the intended fashion.<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Calibri><span style='font-size:11.0pt'>
<b><span style='font-weight:bold'>(ii)</span></b> Proposers: <o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Calibri><span style='font-size:11.0pt'>
Michael B. Jones, <a href="mailto:mbj@microsoft.com">mbj@microsoft.com</a>, <st1:PersonName
w:st="on">Microsoft</st1:PersonName> Corporation<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Calibri><span style='font-size:11.0pt'>
<st1:PersonName w:st="on">David Recordon</st1:PersonName>, <a
href="mailto:drecordon@sixapart.com">drecordon@sixapart.com</a>, Six Apart
Corporation<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Calibri><span style='font-size:11.0pt'>
<st1:PersonName w:st="on">Ben Laurie</st1:PersonName>, <a
href="mailto:benl@google.com">benl@google.com</a>, Google Corporation<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Calibri><span style='font-size:11.0pt'>
<st1:PersonName w:st="on">Drummond Reed</st1:PersonName>, <a
href="mailto:drummond.reed@cordance.net">drummond.reed@cordance.net</a>,
Cordance Corporation<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Calibri><span style='font-size:11.0pt'>
<st1:PersonName w:st="on">John Bradley</st1:PersonName>, <a
href="mailto:john.bradley@wingaa.com">john.bradley@wingaa.com</a>, Wingaa
Corporation<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 color="#1f497d" face=Calibri><span
style='font-size:11.0pt;color:#1F497D'>
</span></font><st1:PersonName w:st="on">Johnny Bufu</st1:PersonName>, <a
href="mailto:johnny.bufu@gmail.com">johnny.bufu@gmail.com</a>, Independent<o:p></o:p></p>
<p class=MsoNormal><font size=2 face=Calibri><span style='font-size:11.0pt'>Editors:
<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Calibri><span style='font-size:11.0pt'>
Michael B. Jones, <a href="mailto:mbj@microsoft.com">mbj@microsoft.com</a>, <st1:PersonName
w:st="on">Microsoft</st1:PersonName> Corporation<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Calibri><span style='font-size:11.0pt'>
<st1:PersonName w:st="on">David Recordon</st1:PersonName>, <a
href="mailto:drecordon@sixapart.com">drecordon@sixapart.com</a>, Six Apart
Corporation<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Calibri><span style='font-size:11.0pt'>
<b><span style='font-weight:bold'>(iii)</span></b> Anticipated
Contributions: None.<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Calibri><span style='font-size:11.0pt'><o:p> </o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Calibri><span style='font-size:11.0pt'>====<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Calibri><span style='font-size:11.0pt'><o:p> </o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Calibri><span style='font-size:11.0pt'>(The
rest of this note is informational and not part of the proposal to create an
OpenID working group.)<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Calibri><span style='font-size:11.0pt'><o:p> </o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Calibri><span style='font-size:11.0pt'>Given
that the OpenID specification procedures call for votes of the membership, this
would be a good time for those wanting to influence the outcome of this
specification to join the OpenID Foundation. You can do so at <a
href="http://openid.net/foundation/join/">http://openid.net/foundation/join/</a>.
Should you wish to join the working group, you will also need to execute
the Contribution Agreement at <a
href="http://openid.net/foundation/intellectual-property/">http://openid.net/foundation/intellectual-property/</a>
once the working group formation has been approved by the membership.
After the Specifications Council has responded to this request to create a
working group (which must happen within 15 days) a separate message will be
sent asking those of you who are OpenID members to vote on the working group
creation, containing instructions for how to do so.<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Calibri><span style='font-size:11.0pt'><o:p> </o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Calibri><span style='font-size:11.0pt'>
-- Mike<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Calibri><span style='font-size:11.0pt'><o:p> </o:p></span></font></p>
</div>
</body>
</html>