<HTML>
<HEAD>
<TITLE>Re: Artifact Binding Charter OK?</TITLE>
</HEAD>
<BODY>
<FONT FACE="Calibri, Verdana, Helvetica, Arial"><SPAN STYLE='font-size:11pt'>Not just mobile devices have problems with large payloads, even regular desktop browsers have problems with URLs over 2KB.<BR>
<BR>
Is the assumption that Artifact Binding will be compatible with all the existing extensions – including PAPE, AX, SREG, User Inteface, and Hybrid?<BR>
<BR>
Allen<BR>
<BR>
<BR>
<BR>
On 11/21/09 4:54 PM, "Dick Hardt" <<a href="Dick.Hardt@microsoft.com">Dick.Hardt@microsoft.com</a>> wrote:<BR>
<BR>
</SPAN></FONT><BLOCKQUOTE><FONT FACE="Calibri, Verdana, Helvetica, Arial"><SPAN STYLE='font-size:11pt'>Hi Nat, here is some suggested rewording of the charter, feel free to use, change. modify or discard:<BR>
<BR>
<BR>
</SPAN><FONT SIZE="2"><SPAN STYLE='font-size:10pt'><B>II. Statement of Purpose<BR>
</B>Produce an OpenID specification that enables large payloads to move directly between the RP and OP. This will address bandwidth and payload limits for mobile devices.<BR>
<B><BR>
III. Scope<BR>
</B>Develop a mechanism for an RP and OP to communicate large payloads directly and securely after the transaction has been initiated and approved by the user at their device.<BR>
<BR>
</SPAN></FONT><SPAN STYLE='font-size:11pt'>Original:<BR>
<BR>
</SPAN><FONT SIZE="2"><SPAN STYLE='font-size:10pt'><B>II. Statement of Purpose<BR>
</B>Produce a binding of OpenID requests and response (assertion) that uses direct communication for main payload and indirect communication for a small reference data called Artifact to cope with long URL limits experienced by man<BR>
</SPAN></FONT><SPAN STYLE='font-size:11pt'><HR ALIGN=CENTER SIZE="3" WIDTH="100%"></SPAN><FONT SIZE="2"><SPAN STYLE='font-size:10pt'><B>III. Scope<BR>
</B>Create the Artifact Binding to support the identified needs. Currently identified: <BR>
</SPAN></FONT></FONT><UL><LI><FONT FACE="Calibri, Verdana, Helvetica, Arial"><SPAN STYLE='font-size:11pt'>Cope with long url problem, especially for mobile browsers.
</SPAN></FONT><LI><FONT FACE="Calibri, Verdana, Helvetica, Arial"><SPAN STYLE='font-size:11pt'>Cope with the security problems of non-encrypted payload to go through the user agents which may act as a man-in-the-middle. <BR>
</SPAN></FONT></UL><FONT FACE="Calibri, Verdana, Helvetica, Arial"><SPAN STYLE='font-size:11pt'><BR>
On 2009-11-20, at 6:05 PM, Nat Sakimura wrote:<BR>
<BR>
</SPAN></FONT><BLOCKQUOTE><FONT FACE="Calibri, Verdana, Helvetica, Arial"><SPAN STYLE='font-size:11pt'>Hi <BR>
<BR>
The other thread almost got entirely on AX, but in the first post, there was a link to Artifact Binding as well. <BR>
Does the artifact binding charter sounds ok to you? <BR>
<BR>
<a href="http://wiki.openid.net/Artifact_Binding">http://wiki.openid.net/Artifact_Binding</a><BR>
</SPAN></FONT></BLOCKQUOTE></BLOCKQUOTE>
</BODY>
</HTML>