<html><head></head><body style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space; "><!--StartFragment--><p class="MsoNormal">At IIW yesterday I held a session on bashing the OpenID v.Nest Core Protocol Charter. Below is the current draft. Comments and/or questions welcome. Anyone interested in being a fellow proposer please let me know and I will add you.</p><p class="MsoNormal">-- Dick</p><p class="MsoNormal"><b>(a)</b><b style="mso-bidi-font-weight:normal"> <i><u>Charter</u></i>.</b></p><p class="MsoNormal" style="margin-top:0cm;margin-right:0cm;margin-bottom:2.0pt;
margin-left:36.0pt;text-indent:-27.0pt"><b>(i)</b><span style="mso-tab-count:
1"> </span><b style="mso-bidi-font-weight:normal">WG name:</b> OpenID v.Next Core
Protocol.</p><p class="MsoNormal" style="margin-top:0cm;margin-right:0cm;margin-bottom:2.0pt;
margin-left:36.0pt;text-indent:-27.0pt"><b>(ii)</b><span style="mso-tab-count:
1"> </span><b style="mso-bidi-font-weight:normal">Purpose:</b> Produce a core protocol
specification or family of specifications for OpenID v.Next that address the
limitations and drawbacks present in the OpenID 2.0 that limit OpenID’s
applicability, adoption, usability, privacy, and security.<span style="mso-spacerun: yes"> </span>Specific goals are:</p><p class="MsoListParagraphCxSpFirst" style="margin-top:0cm;margin-right:0cm;
margin-bottom:2.0pt;margin-left:45.0pt;mso-add-space:auto;text-indent:-18.0pt;
mso-list:l0 level1 lfo1"><span style="font-family:Symbol;
mso-fareast-font-family:Symbol;mso-bidi-font-family:Symbol"><span style="mso-list:Ignore">·<span style="font:7.0pt "Times New Roman"">
</span></span></span>define message flows and verification methods,</p><p class="MsoListParagraphCxSpMiddle" style="margin-top:0cm;margin-right:0cm;
margin-bottom:2.0pt;margin-left:45.0pt;mso-add-space:auto;text-indent:-18.0pt;
mso-list:l0 level1 lfo1"><span style="font-family:Symbol;
mso-fareast-font-family:Symbol;mso-bidi-font-family:Symbol"><span style="mso-list:Ignore">·<span style="font:7.0pt "Times New Roman"">
</span></span></span>enable support for controlled release of
attributes,</p><p class="MsoListParagraphCxSpMiddle" style="margin-top:0cm;margin-right:0cm;
margin-bottom:2.0pt;margin-left:45.0pt;mso-add-space:auto;text-indent:-18.0pt;
mso-list:l0 level1 lfo1"><span style="font-family:Symbol;
mso-fareast-font-family:Symbol;mso-bidi-font-family:Symbol"><span style="mso-list:Ignore">·<span style="font:7.0pt "Times New Roman"">
</span></span></span>enable aggregation of attributes from multiple verifiable
sources,</p><p class="MsoListParagraphCxSpMiddle" style="margin-top:0cm;margin-right:0cm;
margin-bottom:2.0pt;margin-left:45.0pt;mso-add-space:auto;text-indent:-18.0pt;
mso-list:l0 level1 lfo1"><span style="font-family:Symbol;
mso-fareast-font-family:Symbol;mso-bidi-font-family:Symbol"><span style="mso-list:Ignore">·<span style="font:7.0pt "Times New Roman"">
</span></span></span>enable support for a spectrum of clients,
including passive clients per current usage, thin active clients, and active
clients with OP functionality,</p><p class="MsoListParagraphCxSpMiddle" style="margin-top:0cm;margin-right:0cm;
margin-bottom:2.0pt;margin-left:45.0pt;mso-add-space:auto;text-indent:-18.0pt;
mso-list:l0 level1 lfo1"><span style="font-family:Symbol;
mso-fareast-font-family:Symbol;mso-bidi-font-family:Symbol"><span style="mso-list:Ignore">·<span style="font:7.0pt "Times New Roman"">
</span></span></span>enable authentication to and use of attributes
by non-browser applications,</p><p class="MsoListParagraphCxSpMiddle" style="margin-top:0cm;margin-right:0cm;
margin-bottom:2.0pt;margin-left:45.0pt;mso-add-space:auto;text-indent:-18.0pt;
mso-list:l0 level1 lfo1"><span style="font-family:Symbol;
mso-fareast-font-family:Symbol;mso-bidi-font-family:Symbol"><span style="mso-list:Ignore">·<span style="font:7.0pt "Times New Roman"">
</span></span></span>enable the use of public key technology to
enhance scalability and performance,</p><p class="MsoListParagraphCxSpMiddle" style="margin-top:0cm;margin-right:0cm;
margin-bottom:2.0pt;margin-left:45.0pt;mso-add-space:auto;text-indent:-18.0pt;
mso-list:l0 level1 lfo1"><span style="font-family:Symbol;
mso-fareast-font-family:Symbol;mso-bidi-font-family:Symbol"><span style="mso-list:Ignore">·<span style="font:7.0pt "Times New Roman"">
</span></span></span>enable optimized protocol flows combining
authentication, attribute release, and resource authorization,</p><p class="MsoListParagraphCxSpMiddle" style="margin-top:0cm;margin-right:0cm;
margin-bottom:2.0pt;margin-left:45.0pt;mso-add-space:auto;text-indent:-18.0pt;
mso-list:l0 level1 lfo1"><span style="font-family:Symbol;
mso-fareast-font-family:Symbol;mso-bidi-font-family:Symbol"><span style="mso-list:Ignore">·<span style="font:7.0pt "Times New Roman"">
</span></span></span>define profiles and support features intended to
enable OpenID to be used at levels of assurance higher than NIST SP800-63 v2 level
1 ,</p><p class="MsoListParagraphCxSpMiddle" style="margin-top:0cm;margin-right:0cm;
margin-bottom:2.0pt;margin-left:45.0pt;mso-add-space:auto;text-indent:-18.0pt;
mso-list:l0 level1 lfo1"><span style="font-family:Symbol;
mso-fareast-font-family:Symbol;mso-bidi-font-family:Symbol"><span style="mso-list:Ignore">·<span style="font:7.0pt "Times New Roman"">
</span></span></span>define an extension mechanism</p><p class="MsoListParagraphCxSpMiddle" style="margin-top:0cm;margin-right:0cm;
margin-bottom:2.0pt;margin-left:45.0pt;mso-add-space:auto;text-indent:-18.0pt;
mso-list:l0 level1 lfo1"><span style="font-family:Symbol;
mso-fareast-font-family:Symbol;mso-bidi-font-family:Symbol"><span style="mso-list:Ignore">·<span style="font:7.0pt "Times New Roman"">
</span></span></span>ensure the use of OpenID on mobile devices,</p><p class="MsoListParagraphCxSpMiddle" style="margin-top:0cm;margin-right:0cm;
margin-bottom:2.0pt;margin-left:45.0pt;mso-add-space:auto;text-indent:-18.0pt;
mso-list:l0 level1 lfo1"><span style="font-family:Symbol;
mso-fareast-font-family:Symbol;mso-bidi-font-family:Symbol"><span style="mso-list:Ignore">·<span style="font:7.0pt "Times New Roman"">
</span></span></span>ensure the use of OpenID on existing browsers
with URL length restrictions,</p><p class="MsoListParagraphCxSpMiddle" style="margin-top:0cm;margin-right:0cm;
margin-bottom:2.0pt;margin-left:45.0pt;mso-add-space:auto;text-indent:-18.0pt;
mso-list:l0 level1 lfo1"><span style="font-family:Symbol;
mso-fareast-font-family:Symbol;mso-bidi-font-family:Symbol"><span style="mso-list:Ignore">·<span style="font:7.0pt "Times New Roman"">
</span></span></span>complement OAuth 2.0</p><p class="MsoListParagraphCxSpMiddle" style="margin-top:0cm;margin-right:0cm;
margin-bottom:2.0pt;margin-left:45.0pt;mso-add-space:auto;text-indent:-18.0pt;
mso-list:l0 level1 lfo1"><span style="font-family:Symbol;
mso-fareast-font-family:Symbol;mso-bidi-font-family:Symbol"><span style="mso-list:Ignore">·<span style="font:7.0pt "Times New Roman"">
</span></span></span>minimize migration effort from OpenID 2.0</p><p class="MsoListParagraphCxSpLast" style="margin-top:0cm;margin-right:0cm;
margin-bottom:2.0pt;margin-left:45.0pt;mso-add-space:auto;text-indent:-18.0pt;
mso-list:l0 level1 lfo1"><span style="font-family:Symbol;
mso-fareast-font-family:Symbol;mso-bidi-font-family:Symbol"><span style="mso-list:Ignore">·<span style="font:7.0pt "Times New Roman"">
</span></span></span>seamlessly integrate with and complement the
other OpenID v.Next specifications.</p><p class="MsoNormal" style="margin-top:0cm;margin-right:0cm;margin-bottom:2.0pt;
margin-left:36.0pt;text-indent:-27.0pt"><span style="mso-bidi-font-weight:bold"><span style="mso-tab-count:1"> </span>Compatibility
with OpenID 2.0 is an explicit non-goal for this work.<o:p></o:p></span></p><p class="MsoNormal" style="margin-top:0cm;margin-right:0cm;margin-bottom:2.0pt;
margin-left:36.0pt;text-indent:-27.0pt"><b>(iii)</b><span style="mso-tab-count:
1"> </span><b style="mso-bidi-font-weight:normal">Scope:</b> Produce a next generation
OpenID core protocol specification or specifications, consistent with the
purpose statement.</p><p class="MsoNormal" style="margin-top:0cm;margin-right:0cm;margin-bottom:2.0pt;
margin-left:36.0pt;text-indent:-27.0pt"><b>(iv)</b><span style="mso-tab-count:
1"> </span><b style="mso-bidi-font-weight:normal">Proposed List of Specifications</b>: OpenID
v.Next Core Protocol and possibly related specifications.</p><p class="MsoNormal" style="margin-top:0cm;margin-right:0cm;margin-bottom:2.0pt;
margin-left:36.0pt;text-indent:-27.0pt"><b>(v)</b><span style="mso-tab-count:
1"> </span><b style="mso-bidi-font-weight:normal">Anticipated audience or users of the work:</b>
Implementers of OpenID Providers, Relying Parties, Active Clients, and
non-browser applications utilizing OpenID.</p><p class="MsoNormal" style="margin-top:0cm;margin-right:0cm;margin-bottom:2.0pt;
margin-left:36.0pt;text-indent:-27.0pt"><b>(vi)</b><span style="mso-tab-count:
1"> </span><b style="mso-bidi-font-weight:normal">Language in which the WG will conduct
business</b>: English.</p><p class="MsoNormal" style="margin-top:0cm;margin-right:0cm;margin-bottom:2.0pt;
margin-left:36.0pt;text-indent:-27.0pt"><b>(vii)</b><span style="mso-tab-count:
1"> </span><b style="mso-bidi-font-weight:normal">Method of work: </b>E-mail
discussions on the working group mailing list, working group conference calls,
and face-to-face meetings at the Internet Identity Workshop and OpenID summits.</p><p class="MsoNormal" style="margin-top:0cm;margin-right:0cm;margin-bottom:2.0pt;
margin-left:36.0pt;text-indent:-27.0pt"><b>(viii)</b><span style="mso-tab-count:
1"> </span><b style="mso-bidi-font-weight:normal">Basis for determining when the work of the
WG is completed:</b> Work will not be deemed to be complete until there
is a consensus that the resulting protocol specification or family of
specifications fulfills the working group goals.<span style="mso-spacerun:
yes"> </span>Additional proposed changes beyond that initial consensus will
be evaluated on the basis of whether they increase or decrease consensus within
the working group. The work will be completed once it is apparent that
maximal consensus on the draft has been achieved, consistent with the purpose
and scope.</p><p class="MsoNormal"><b>(b)</b><b style="mso-bidi-font-weight:normal"> <i><u>Background
Information</u></i>.<o:p></o:p></b></p><p class="MsoNormal" style="margin-top:0cm;margin-right:0cm;margin-bottom:2.0pt;
margin-left:36.0pt;text-indent:-27.0pt"><b>(i)</b><span style="mso-tab-count:
1"> </span><b style="mso-bidi-font-weight:normal">Related work being done in other WGs or
organizations</b>: OpenID Authentication 2.0 and related specifications,
including Attribute Exchange (AX), Contract Exchange (CX), Provider Authentication
Policy Extension (PAPE), and the draft User Interface (UI) Extension.<span style="mso-spacerun: yes"> </span>OAuth, OAuth WRAP, and OAuth 2.0.<span style="mso-spacerun: yes"> </span>OpenID Connect proposal. SAML 2.0 Core
and SAML Authn Context.</p><p class="MsoNormal" style="margin-top:0cm;margin-right:0cm;margin-bottom:2.0pt;
margin-left:36.0pt;text-indent:-27.0pt"><b>(ii)</b><span style="mso-tab-count:
1"> </span><b style="mso-bidi-font-weight:normal">Proposers:</b> </p><p class="MsoNormal" style="margin-left:36.0pt">Dick Hardt, <a href="mailto:dick.hardt@gmail.com">dick.hardt@gmail.com</a> (chair)</p><p class="MsoNormal" style="margin-left:36.0pt">Michael B. Jones, <a href="mailto:mbj@microsoft.com">mbj@microsoft.com</a></p><p class="MsoNormal" style="margin-left:36.0pt">Breno de Medeiros, <a href="mailto:breno@google.com">breno@google.com</a></p><p class="MsoNormal" style="margin-left:36.0pt">Ashish Jain, <a href="mailto:Ashish.Jain@paypal.com">Ashish.Jain@paypal.com</a></p><p class="MsoNormal" style="margin-left:36.0pt">George Fletcher, <a href="mailto:gffletch@aol.com">gffletch@aol.com</a></p><p class="MsoNormal" style="margin-top:0cm;margin-right:0cm;margin-bottom:2.0pt;
margin-left:36.0pt;text-indent:-27.0pt"><b><span style="mso-spacerun:
yes"> </span>(iii)</b><span style="mso-tab-count:1"> </span><b style="mso-bidi-font-weight:normal">Anticipated Contributions</b>: None.</p><p class="MsoNormal"><o:p> </o:p></p>
<!--EndFragment-->
</body></html>