<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40"><head><meta http-equiv=Content-Type content="text/html; charset=us-ascii"><meta name=Generator content="Microsoft Word 14 (filtered medium)"><style><!--
/* Font Definitions */
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Tahoma;
panose-1:2 11 6 4 3 5 4 4 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Times New Roman","serif";}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
p.MsoListParagraph, li.MsoListParagraph, div.MsoListParagraph
{mso-style-priority:34;
mso-margin-top-alt:auto;
margin-right:0in;
mso-margin-bottom-alt:auto;
margin-left:0in;
font-size:12.0pt;
font-family:"Times New Roman","serif";}
span.EmailStyle18
{mso-style-type:personal-reply;
font-family:"Calibri","sans-serif";
color:#1F497D;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]--></head><body lang=EN-US link=blue vlink=purple><div class=WordSection1><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>Some questions<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>></span> enable aggregation of attributes from multiple verifiable sources<o:p></o:p></p><p class=MsoNormal>Not sure that this should be limited to verifiable sources as verification can be done later<o:p></o:p></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>></span> enable support for controlled release of attributes,<o:p></o:p></p><p class=MsoNormal>From the IdP or User ?<o:p></o:p></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal>> define an extension mechanism<o:p></o:p></p><p class=MsoNormal>For what?<o:p></o:p></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal>> complement OAuth 2.0<o:p></o:p></p><p class=MsoNormal>Does this mean work well, integrate, allow OpenID attributes to be used in OAuth flow?<span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'><o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'><o:p> </o:p></span></p><div><div style='border:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt 0in 0in 0in'><p class=MsoNormal><b><span style='font-size:10.0pt;font-family:"Tahoma","sans-serif"'>From:</span></b><span style='font-size:10.0pt;font-family:"Tahoma","sans-serif"'> openid-specs-bounces@lists.openid.net [mailto:openid-specs-bounces@lists.openid.net] <b>On Behalf Of </b>Dick Hardt<br><b>Sent:</b> Wednesday, May 19, 2010 8:37 AM<br><b>To:</b> OpenID Specs Mailing List<br><b>Subject:</b> OpenID v.Next Core Protocol Charter<o:p></o:p></span></p></div></div><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'>At IIW yesterday I held a session on bashing the OpenID v.Nest Core Protocol Charter. Below is the current draft. Comments and/or questions welcome. Anyone interested in being a fellow proposer please let me know and I will add you.<o:p></o:p></p><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'>-- Dick<o:p></o:p></p><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><b>(a)</b><b> <i><u>Charter</u></i>.</b><o:p></o:p></p><p class=MsoNormal style='mso-margin-top-alt:0in;margin-right:0in;margin-bottom:2.0pt;margin-left:.5in;text-indent:-27.0pt'><b>(i)</b> <b>WG name:</b> OpenID v.Next Core Protocol.<o:p></o:p></p><p class=MsoNormal style='mso-margin-top-alt:0in;margin-right:0in;margin-bottom:2.0pt;margin-left:.5in;text-indent:-27.0pt'><b>(ii)</b> <b>Purpose:</b> Produce a core protocol specification or family of specifications for OpenID v.Next that address the limitations and drawbacks present in the OpenID 2.0 that limit OpenID’s applicability, adoption, usability, privacy, and security. Specific goals are:<o:p></o:p></p><p class=MsoListParagraphCxSpFirst style='mso-margin-top-alt:0in;margin-right:0in;margin-bottom:2.0pt;margin-left:45.0pt;mso-add-space:auto;text-indent:-.25in'><span style='font-family:Symbol'>·</span><span style='font-size:7.0pt'> </span>define message flows and verification methods,<o:p></o:p></p><p class=MsoListParagraphCxSpMiddle style='mso-margin-top-alt:0in;margin-right:0in;margin-bottom:2.0pt;margin-left:45.0pt;mso-add-space:auto;text-indent:-.25in'><span style='font-family:Symbol'>·</span><span style='font-size:7.0pt'> </span>enable support for controlled release of attributes,<o:p></o:p></p><p class=MsoListParagraphCxSpMiddle style='mso-margin-top-alt:0in;margin-right:0in;margin-bottom:2.0pt;margin-left:45.0pt;mso-add-space:auto;text-indent:-.25in'><span style='font-family:Symbol'>·</span><span style='font-size:7.0pt'> </span>enable aggregation of attributes from multiple verifiable sources,<o:p></o:p></p><p class=MsoListParagraphCxSpMiddle style='mso-margin-top-alt:0in;margin-right:0in;margin-bottom:2.0pt;margin-left:45.0pt;mso-add-space:auto;text-indent:-.25in'><span style='font-family:Symbol'>·</span><span style='font-size:7.0pt'> </span>enable support for a spectrum of clients, including passive clients per current usage, thin active clients, and active clients with OP functionality,<o:p></o:p></p><p class=MsoListParagraphCxSpMiddle style='mso-margin-top-alt:0in;margin-right:0in;margin-bottom:2.0pt;margin-left:45.0pt;mso-add-space:auto;text-indent:-.25in'><span style='font-family:Symbol'>·</span><span style='font-size:7.0pt'> </span>enable authentication to and use of attributes by non-browser applications,<o:p></o:p></p><p class=MsoListParagraphCxSpMiddle style='mso-margin-top-alt:0in;margin-right:0in;margin-bottom:2.0pt;margin-left:45.0pt;mso-add-space:auto;text-indent:-.25in'><span style='font-family:Symbol'>·</span><span style='font-size:7.0pt'> </span>enable the use of public key technology to enhance scalability and performance,<o:p></o:p></p><p class=MsoListParagraphCxSpMiddle style='mso-margin-top-alt:0in;margin-right:0in;margin-bottom:2.0pt;margin-left:45.0pt;mso-add-space:auto;text-indent:-.25in'><span style='font-family:Symbol'>·</span><span style='font-size:7.0pt'> </span>enable optimized protocol flows combining authentication, attribute release, and resource authorization,<o:p></o:p></p><p class=MsoListParagraphCxSpMiddle style='mso-margin-top-alt:0in;margin-right:0in;margin-bottom:2.0pt;margin-left:45.0pt;mso-add-space:auto;text-indent:-.25in'><span style='font-family:Symbol'>·</span><span style='font-size:7.0pt'> </span>define profiles and support features intended to enable OpenID to be used at levels of assurance higher than NIST SP800-63 v2 level 1 ,<o:p></o:p></p><p class=MsoListParagraphCxSpMiddle style='mso-margin-top-alt:0in;margin-right:0in;margin-bottom:2.0pt;margin-left:45.0pt;mso-add-space:auto;text-indent:-.25in'><span style='font-family:Symbol'>·</span><span style='font-size:7.0pt'> </span>define an extension mechanism<o:p></o:p></p><p class=MsoListParagraphCxSpMiddle style='mso-margin-top-alt:0in;margin-right:0in;margin-bottom:2.0pt;margin-left:45.0pt;mso-add-space:auto;text-indent:-.25in'><span style='font-family:Symbol'>·</span><span style='font-size:7.0pt'> </span>ensure the use of OpenID on mobile devices,<o:p></o:p></p><p class=MsoListParagraphCxSpMiddle style='mso-margin-top-alt:0in;margin-right:0in;margin-bottom:2.0pt;margin-left:45.0pt;mso-add-space:auto;text-indent:-.25in'><span style='font-family:Symbol'>·</span><span style='font-size:7.0pt'> </span>ensure the use of OpenID on existing browsers with URL length restrictions,<o:p></o:p></p><p class=MsoListParagraphCxSpMiddle style='mso-margin-top-alt:0in;margin-right:0in;margin-bottom:2.0pt;margin-left:45.0pt;mso-add-space:auto;text-indent:-.25in'><span style='font-family:Symbol'>·</span><span style='font-size:7.0pt'> </span>complement OAuth 2.0<o:p></o:p></p><p class=MsoListParagraphCxSpMiddle style='mso-margin-top-alt:0in;margin-right:0in;margin-bottom:2.0pt;margin-left:45.0pt;mso-add-space:auto;text-indent:-.25in'><span style='font-family:Symbol'>·</span><span style='font-size:7.0pt'> </span>minimize migration effort from OpenID 2.0<o:p></o:p></p><p class=MsoListParagraphCxSpLast style='mso-margin-top-alt:0in;margin-right:0in;margin-bottom:2.0pt;margin-left:45.0pt;mso-add-space:auto;text-indent:-.25in'><span style='font-family:Symbol'>·</span><span style='font-size:7.0pt'> </span>seamlessly integrate with and complement the other OpenID v.Next specifications.<o:p></o:p></p><p class=MsoNormal style='mso-margin-top-alt:0in;margin-right:0in;margin-bottom:2.0pt;margin-left:.5in;text-indent:-27.0pt'> Compatibility with OpenID 2.0 is an explicit non-goal for this work.<o:p></o:p></p><p class=MsoNormal style='mso-margin-top-alt:0in;margin-right:0in;margin-bottom:2.0pt;margin-left:.5in;text-indent:-27.0pt'><b>(iii)</b> <b>Scope:</b> Produce a next generation OpenID core protocol specification or specifications, consistent with the purpose statement.<o:p></o:p></p><p class=MsoNormal style='mso-margin-top-alt:0in;margin-right:0in;margin-bottom:2.0pt;margin-left:.5in;text-indent:-27.0pt'><b>(iv)</b> <b>Proposed List of Specifications</b>: OpenID v.Next Core Protocol and possibly related specifications.<o:p></o:p></p><p class=MsoNormal style='mso-margin-top-alt:0in;margin-right:0in;margin-bottom:2.0pt;margin-left:.5in;text-indent:-27.0pt'><b>(v)</b> <b>Anticipated audience or users of the work:</b> Implementers of OpenID Providers, Relying Parties, Active Clients, and non-browser applications utilizing OpenID.<o:p></o:p></p><p class=MsoNormal style='mso-margin-top-alt:0in;margin-right:0in;margin-bottom:2.0pt;margin-left:.5in;text-indent:-27.0pt'><b>(vi)</b> <b>Language in which the WG will conduct business</b>: English.<o:p></o:p></p><p class=MsoNormal style='mso-margin-top-alt:0in;margin-right:0in;margin-bottom:2.0pt;margin-left:.5in;text-indent:-27.0pt'><b>(vii)</b> <b>Method of work: </b>E-mail discussions on the working group mailing list, working group conference calls, and face-to-face meetings at the Internet Identity Workshop and OpenID summits.<o:p></o:p></p><p class=MsoNormal style='mso-margin-top-alt:0in;margin-right:0in;margin-bottom:2.0pt;margin-left:.5in;text-indent:-27.0pt'><b>(viii)</b> <b>Basis for determining when the work of the WG is completed:</b> Work will not be deemed to be complete until there is a consensus that the resulting protocol specification or family of specifications fulfills the working group goals. Additional proposed changes beyond that initial consensus will be evaluated on the basis of whether they increase or decrease consensus within the working group. The work will be completed once it is apparent that maximal consensus on the draft has been achieved, consistent with the purpose and scope.<o:p></o:p></p><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><b>(b)</b><b> <i><u>Background Information</u></i>.</b><o:p></o:p></p><p class=MsoNormal style='mso-margin-top-alt:0in;margin-right:0in;margin-bottom:2.0pt;margin-left:.5in;text-indent:-27.0pt'><b>(i)</b> <b>Related work being done in other WGs or organizations</b>: OpenID Authentication 2.0 and related specifications, including Attribute Exchange (AX), Contract Exchange (CX), Provider Authentication Policy Extension (PAPE), and the draft User Interface (UI) Extension. OAuth, OAuth WRAP, and OAuth 2.0. OpenID Connect proposal. SAML 2.0 Core and SAML Authn Context.<o:p></o:p></p><p class=MsoNormal style='mso-margin-top-alt:0in;margin-right:0in;margin-bottom:2.0pt;margin-left:.5in;text-indent:-27.0pt'><b>(ii)</b> <b>Proposers:</b> <o:p></o:p></p><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;margin-left:.5in'>Dick Hardt, <a href="mailto:dick.hardt@gmail.com">dick.hardt@gmail.com</a> (chair)<o:p></o:p></p><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;margin-left:.5in'>Michael B. Jones, <a href="mailto:mbj@microsoft.com">mbj@microsoft.com</a><o:p></o:p></p><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;margin-left:.5in'>Breno de Medeiros, <a href="mailto:breno@google.com">breno@google.com</a><o:p></o:p></p><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;margin-left:.5in'>Ashish Jain, <a href="mailto:Ashish.Jain@paypal.com">Ashish.Jain@paypal.com</a><o:p></o:p></p><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;margin-left:.5in'>George Fletcher, <a href="mailto:gffletch@aol.com">gffletch@aol.com</a><o:p></o:p></p><p class=MsoNormal style='mso-margin-top-alt:0in;margin-right:0in;margin-bottom:2.0pt;margin-left:.5in;text-indent:-27.0pt'><b> (iii)</b> <b>Anticipated Contributions</b>: None.<o:p></o:p></p><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'> <o:p></o:p></p></div></body></html>