<html><head><base href="x-msg://50/"></head><body style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space; ">That is a reasonable approach and can be done within the existing spec by best practices if OPs support checkID immediate. <div><br></div><div>the problem tends to be the scope of a logout button at the RP. </div><div><br></div><div>Should that:</div><div>a) only log the user out of the RP</div><div>b) The RP + the OP</div><div>c) The OP + all RP the user is logged into.</div><div><br></div><div>SAML has two methods for c using front channel using http redirects. This is unreliable because users tend to close browsers and this results in a unpredictable state. The other is to use a back channel approach where the OP directly messages each RP that the user has logged out. It works better but is more complicated.</div><div><br></div><div>A better approach would be for session cookies to be easily identifiable in the browser and give the user a reasonable UI for removing them.</div><div>That would be protocol independent.</div><div><br></div><div>Some RP are also hesitant to allow a 3rd party that is not the IdP to initiate the users logout.</div><div><br></div><div>What is Facebook could send a message logging out users from Google and Microsoft without the users consent?</div><div><br></div><div>SLO has traditionally been part of federations where it is covered by legal agreements.</div><div><br></div><div>The hardest part is getting the user to understand what is happening at a logout button. Login is much simpler conceptually.</div><div><br></div><div>I will have a look at your draft.</div><div><br></div><div>My option B may be something that we might want to scope however many large IdP don't want users to ever logout.</div><div><br></div><div>The complexities in SLO are more to do with user experience and politics than technology.</div><div><br></div><div>I am OK with taking it on if there is a desire, but it should not block other progress.</div><div><br></div><div>John B.</div><div><br></div><div><br><div><div>On 2010-05-23, at 8:18 PM, Paul E. Jones wrote:</div><br class="Apple-interchange-newline"><blockquote type="cite"><span class="Apple-style-span" style="border-collapse: separate; font-family: Helvetica; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: 2; text-indent: 0px; text-transform: none; white-space: normal; widows: 2; word-spacing: 0px; -webkit-border-horizontal-spacing: 0px; -webkit-border-vertical-spacing: 0px; -webkit-text-decorations-in-effect: none; -webkit-text-size-adjust: auto; -webkit-text-stroke-width: 0px; "><div lang="EN-US" link="blue" vlink="purple" style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space; "><div class="Section1"><div style="margin-top: 0in; margin-right: 0in; margin-bottom: 0.0001pt; margin-left: 0in; font-size: 12pt; font-family: 'Times New Roman', serif; "><span style="font-size: 11pt; font-family: Calibri, sans-serif; color: rgb(31, 73, 125); ">John,<o:p></o:p></span></div><div style="margin-top: 0in; margin-right: 0in; margin-bottom: 0.0001pt; margin-left: 0in; font-size: 12pt; font-family: 'Times New Roman', serif; "><span style="font-size: 11pt; font-family: Calibri, sans-serif; color: rgb(31, 73, 125); "><o:p> </o:p></span></div><div style="margin-top: 0in; margin-right: 0in; margin-bottom: 0.0001pt; margin-left: 0in; font-size: 12pt; font-family: 'Times New Roman', serif; "><span style="font-size: 11pt; font-family: Calibri, sans-serif; color: rgb(31, 73, 125); ">What I did on my own server is, when I log in, I have a check-box that asks whether I want to stay logged in all the time. If I check that box, I return a cookie (over TLS) with a 30-day duration. When I visit an OpenID-enabled site and enter my ID, I don’t get prompted for a password. Rather, the browser passes the cookie (again over TLS) and logs me in automatically. It also updates the TTL on the cookie. In effect, I stay logged in all the time.<o:p></o:p></span></div><div style="margin-top: 0in; margin-right: 0in; margin-bottom: 0.0001pt; margin-left: 0in; font-size: 12pt; font-family: 'Times New Roman', serif; "><span style="font-size: 11pt; font-family: Calibri, sans-serif; color: rgb(31, 73, 125); "><o:p> </o:p></span></div><div style="margin-top: 0in; margin-right: 0in; margin-bottom: 0.0001pt; margin-left: 0in; font-size: 12pt; font-family: 'Times New Roman', serif; "><span style="font-size: 11pt; font-family: Calibri, sans-serif; color: rgb(31, 73, 125); ">If I visit my OpenID URL, the server sees that I’m logged in and puts a “log off” button on the page. I can click that and the browser cookies get deleted and the server deletes the associated data. This works pretty well as a means of logging off. However, one still has to remember to log off from each application that might also utilize cookies to keep you logged in. If web sites only used session cookies with a relatively short TTL and OPs used cookies like I do, then clicking “log off” on the user’s OpenID page and the closing the browser should effectively serve as a log off for all applications.<o:p></o:p></span></div><div style="margin-top: 0in; margin-right: 0in; margin-bottom: 0.0001pt; margin-left: 0in; font-size: 12pt; font-family: 'Times New Roman', serif; "><span style="font-size: 11pt; font-family: Calibri, sans-serif; color: rgb(31, 73, 125); "><o:p> </o:p></span></div><div style="margin-top: 0in; margin-right: 0in; margin-bottom: 0.0001pt; margin-left: 0in; font-size: 12pt; font-family: 'Times New Roman', serif; "><span style="font-size: 11pt; font-family: Calibri, sans-serif; color: rgb(31, 73, 125); ">It does make use of “cookies” and some people feel cookies are terribly evil, but for managing session state (i.e., associating users with browser), it seems to be a fairly reasonable solution – especially if the cookies are secure. TLS provides that, though we need something better for HTTP. I wrote a draft for that, but it’s not moved too far in the IETF (yet):<o:p></o:p></span></div><div style="margin-top: 0in; margin-right: 0in; margin-bottom: 0.0001pt; margin-left: 0in; font-size: 12pt; font-family: 'Times New Roman', serif; "><span style="font-size: 11pt; font-family: Calibri, sans-serif; color: rgb(31, 73, 125); "><a href="http://tools.ietf.org/html/draft-salgueiro-secure-state-management" style="color: blue; text-decoration: underline; ">http://tools.ietf.org/html/draft-salgueiro-secure-state-management</a><o:p></o:p></span></div><div style="margin-top: 0in; margin-right: 0in; margin-bottom: 0.0001pt; margin-left: 0in; font-size: 12pt; font-family: 'Times New Roman', serif; "><span style="font-size: 11pt; font-family: Calibri, sans-serif; color: rgb(31, 73, 125); "><o:p> </o:p></span></div><div style="margin-top: 0in; margin-right: 0in; margin-bottom: 0.0001pt; margin-left: 0in; font-size: 12pt; font-family: 'Times New Roman', serif; "><span style="font-size: 11pt; font-family: Calibri, sans-serif; color: rgb(31, 73, 125); ">Paul<o:p></o:p></span></div><div style="margin-top: 0in; margin-right: 0in; margin-bottom: 0.0001pt; margin-left: 0in; font-size: 12pt; font-family: 'Times New Roman', serif; "><span style="font-size: 11pt; font-family: Calibri, sans-serif; color: rgb(31, 73, 125); "><o:p> </o:p></span></div><div style="border-top-style: none; border-right-style: none; border-bottom-style: none; border-width: initial; border-color: initial; border-left-style: solid; border-left-color: blue; border-left-width: 1.5pt; padding-top: 0in; padding-right: 0in; padding-bottom: 0in; padding-left: 4pt; "><div><div style="border-right-style: none; border-bottom-style: none; border-left-style: none; border-width: initial; border-color: initial; border-top-style: solid; border-top-color: rgb(181, 196, 223); border-top-width: 1pt; padding-top: 3pt; padding-right: 0in; padding-bottom: 0in; padding-left: 0in; "><div style="margin-top: 0in; margin-right: 0in; margin-bottom: 0.0001pt; margin-left: 0in; font-size: 12pt; font-family: 'Times New Roman', serif; "><b><span style="font-size: 10pt; font-family: Tahoma, sans-serif; ">From:</span></b><span style="font-size: 10pt; font-family: Tahoma, sans-serif; "><span class="Apple-converted-space"> </span><a href="mailto:openid-specs-bounces@lists.openid.net" style="color: blue; text-decoration: underline; ">openid-specs-bounces@lists.openid.net</a><span class="Apple-converted-space"> </span>[mailto:openid-specs-bounces@lists.openid.net]<span class="Apple-converted-space"> </span><b>On Behalf Of<span class="Apple-converted-space"> </span></b>John Bradley<br><b>Sent:</b><span class="Apple-converted-space"> </span>Saturday, May 22, 2010 12:58 PM<br><b>To:</b><span class="Apple-converted-space"> </span>Dick Hardt<br><b>Cc:</b><span class="Apple-converted-space"> </span>OpenID Specs Mailing List<br><b>Subject:</b><span class="Apple-converted-space"> </span>Re: OpenID v.Next Core Protocol Charter<o:p></o:p></span></div></div></div><div style="margin-top: 0in; margin-right: 0in; margin-bottom: 0.0001pt; margin-left: 0in; font-size: 12pt; font-family: 'Times New Roman', serif; "><o:p> </o:p></div><div style="margin-top: 0in; margin-right: 0in; margin-bottom: 0.0001pt; margin-left: 0in; font-size: 12pt; font-family: 'Times New Roman', serif; ">Single logout is notoriously difficult to get correct. SAML has never managed it. <o:p></o:p></div><div><div style="margin-top: 0in; margin-right: 0in; margin-bottom: 0.0001pt; margin-left: 0in; font-size: 12pt; font-family: 'Times New Roman', serif; "><o:p> </o:p></div></div><div><div style="margin-top: 0in; margin-right: 0in; margin-bottom: 0.0001pt; margin-left: 0in; font-size: 12pt; font-family: 'Times New Roman', serif; ">I support looking at it as a option or extension, but would not want to hold up the core spec for it.<o:p></o:p></div></div><div><div style="margin-top: 0in; margin-right: 0in; margin-bottom: 0.0001pt; margin-left: 0in; font-size: 12pt; font-family: 'Times New Roman', serif; "><o:p> </o:p></div></div><div><div style="margin-top: 0in; margin-right: 0in; margin-bottom: 0.0001pt; margin-left: 0in; font-size: 12pt; font-family: 'Times New Roman', serif; ">Other protocols have expended large amounts of time on it without a solution that can be understood by the users properly.<o:p></o:p></div></div><div><div style="margin-top: 0in; margin-right: 0in; margin-bottom: 0.0001pt; margin-left: 0in; font-size: 12pt; font-family: 'Times New Roman', serif; "><o:p> </o:p></div></div><div><div style="margin-top: 0in; margin-right: 0in; margin-bottom: 0.0001pt; margin-left: 0in; font-size: 12pt; font-family: 'Times New Roman', serif; ">John B.<o:p></o:p></div><div><div><div style="margin-top: 0in; margin-right: 0in; margin-bottom: 0.0001pt; margin-left: 0in; font-size: 12pt; font-family: 'Times New Roman', serif; ">On 2010-05-22, at 8:47 AM, Dick Hardt wrote:<o:p></o:p></div></div><div style="margin-top: 0in; margin-right: 0in; margin-bottom: 0.0001pt; margin-left: 0in; font-size: 12pt; font-family: 'Times New Roman', serif; "><br><br><o:p></o:p></div><div><div style="margin-top: 0in; margin-right: 0in; margin-bottom: 0.0001pt; margin-left: 0in; font-size: 12pt; font-family: 'Times New Roman', serif; ">Great point Torsten. If there is interest in exploring single logout, then it likely belongs in this WG.<o:p></o:p></div><div><div style="margin-top: 0in; margin-right: 0in; margin-bottom: 0.0001pt; margin-left: 0in; font-size: 12pt; font-family: 'Times New Roman', serif; "><o:p> </o:p></div></div><div><div style="margin-top: 0in; margin-right: 0in; margin-bottom: 0.0001pt; margin-left: 0in; font-size: 12pt; font-family: 'Times New Roman', serif; ">Are others interested in exploring single logout?<o:p></o:p></div></div><div><div style="margin-top: 0in; margin-right: 0in; margin-bottom: 0.0001pt; margin-left: 0in; font-size: 12pt; font-family: 'Times New Roman', serif; "><o:p> </o:p></div></div><div><div style="margin-top: 0in; margin-right: 0in; margin-bottom: 0.0001pt; margin-left: 0in; font-size: 12pt; font-family: 'Times New Roman', serif; ">-- Dick<o:p></o:p></div></div><div><div style="margin-top: 0in; margin-right: 0in; margin-bottom: 0.0001pt; margin-left: 0in; font-size: 12pt; font-family: 'Times New Roman', serif; "><o:p> </o:p></div><div><div><div style="margin-top: 0in; margin-right: 0in; margin-bottom: 0.0001pt; margin-left: 0in; font-size: 12pt; font-family: 'Times New Roman', serif; ">On 2010-05-22, at 2:30 AM, Torsten Lodderstedt wrote:<o:p></o:p></div></div><div style="margin-top: 0in; margin-right: 0in; margin-bottom: 0.0001pt; margin-left: 0in; font-size: 12pt; font-family: 'Times New Roman', serif; "><br><br><o:p></o:p></div><div><div style="margin-top: 0in; margin-right: 0in; margin-bottom: 0.0001pt; margin-left: 0in; font-size: 12pt; font-family: 'Times New Roman', serif; ">does this or another group consider to incorporate some kind of single logout support into OpenId?<br><br>regards,<br>Torsten.<br><br><br><o:p></o:p></div><div style="margin-top: 0in; margin-right: 0in; margin-bottom: 0.0001pt; margin-left: 0in; font-size: 12pt; font-family: 'Times New Roman', serif; ">At IIW yesterday I held a session on bashing the OpenID v.Nest Core Protocol Charter. Below is the current draft. Comments and/or questions welcome. Anyone interested in being a fellow proposer please let me know and I will add you.<o:p></o:p></div><div style="margin-top: 0in; margin-right: 0in; margin-bottom: 0.0001pt; margin-left: 0in; font-size: 12pt; font-family: 'Times New Roman', serif; ">-- Dick<o:p></o:p></div><div style="margin-top: 0in; margin-right: 0in; margin-bottom: 0.0001pt; margin-left: 0in; font-size: 12pt; font-family: 'Times New Roman', serif; "><b>(a) <span class="Apple-converted-space"> </span><i><u>Charter</u></i>.</b><o:p></o:p></div><p class="MsoNormal" style="margin-top: 0in; margin-right: 0in; margin-bottom: 2pt; margin-left: 0.5in; font-size: 12pt; font-family: 'Times New Roman', serif; text-indent: -27pt; "><b>(i)</b> <span class="Apple-converted-space"> </span><b>WG name:</b> OpenID v.Next Core Protocol.<o:p></o:p></p><p class="MsoNormal" style="margin-top: 0in; margin-right: 0in; margin-bottom: 2pt; margin-left: 0.5in; font-size: 12pt; font-family: 'Times New Roman', serif; text-indent: -27pt; "><b>(ii)</b> <span class="Apple-converted-space"> </span><b>Purpose:</b> Produce a core protocol specification or family of specifications for OpenID v.Next that address the limitations and drawbacks present in the OpenID 2.0 that limit OpenID’s applicability, adoption, usability, privacy, and security. Specific goals are:<o:p></o:p></p><p class="MsoListParagraph" style="margin-right: 0in; margin-left: 45pt; font-size: 12pt; font-family: 'Times New Roman', serif; margin-bottom: 2pt; text-indent: -0.25in; "><span style="font-family: Symbol; ">·</span><span style="font-size: 7pt; "> <span class="Apple-converted-space"> </span></span>define message flows and verification methods,<o:p></o:p></p><p class="MsoListParagraph" style="margin-right: 0in; margin-left: 45pt; font-size: 12pt; font-family: 'Times New Roman', serif; margin-bottom: 2pt; text-indent: -0.25in; "><span style="font-family: Symbol; ">·</span><span style="font-size: 7pt; "> <span class="Apple-converted-space"> </span></span>enable support for controlled release of attributes,<o:p></o:p></p><p class="MsoListParagraph" style="margin-right: 0in; margin-left: 45pt; font-size: 12pt; font-family: 'Times New Roman', serif; margin-bottom: 2pt; text-indent: -0.25in; "><span style="font-family: Symbol; ">·</span><span style="font-size: 7pt; "> <span class="Apple-converted-space"> </span></span>enable aggregation of attributes from multiple verifiable sources,<o:p></o:p></p><p class="MsoListParagraph" style="margin-right: 0in; margin-left: 45pt; font-size: 12pt; font-family: 'Times New Roman', serif; margin-bottom: 2pt; text-indent: -0.25in; "><span style="font-family: Symbol; ">·</span><span style="font-size: 7pt; "> <span class="Apple-converted-space"> </span></span>enable support for a spectrum of clients, including passive clients per current usage, thin active clients, and active clients with OP functionality,<o:p></o:p></p><p class="MsoListParagraph" style="margin-right: 0in; margin-left: 45pt; font-size: 12pt; font-family: 'Times New Roman', serif; margin-bottom: 2pt; text-indent: -0.25in; "><span style="font-family: Symbol; ">·</span><span style="font-size: 7pt; "> <span class="Apple-converted-space"> </span></span>enable authentication to and use of attributes by non-browser applications,<o:p></o:p></p><p class="MsoListParagraph" style="margin-right: 0in; margin-left: 45pt; font-size: 12pt; font-family: 'Times New Roman', serif; margin-bottom: 2pt; text-indent: -0.25in; "><span style="font-family: Symbol; ">·</span><span style="font-size: 7pt; "> <span class="Apple-converted-space"> </span></span>enable the use of public key technology to enhance scalability and performance,<o:p></o:p></p><p class="MsoListParagraph" style="margin-right: 0in; margin-left: 45pt; font-size: 12pt; font-family: 'Times New Roman', serif; margin-bottom: 2pt; text-indent: -0.25in; "><span style="font-family: Symbol; ">·</span><span style="font-size: 7pt; "> <span class="Apple-converted-space"> </span></span>enable optimized protocol flows combining authentication, attribute release, and resource authorization,<o:p></o:p></p><p class="MsoListParagraph" style="margin-right: 0in; margin-left: 45pt; font-size: 12pt; font-family: 'Times New Roman', serif; margin-bottom: 2pt; text-indent: -0.25in; "><span style="font-family: Symbol; ">·</span><span style="font-size: 7pt; "> <span class="Apple-converted-space"> </span></span>define profiles and support features intended to enable OpenID to be used at levels of assurance higher than NIST SP800-63 v2 level 1 ,<o:p></o:p></p><p class="MsoListParagraph" style="margin-right: 0in; margin-left: 45pt; font-size: 12pt; font-family: 'Times New Roman', serif; margin-bottom: 2pt; text-indent: -0.25in; "><span style="font-family: Symbol; ">·</span><span style="font-size: 7pt; "> <span class="Apple-converted-space"> </span></span>define an extension mechanism<o:p></o:p></p><p class="MsoListParagraph" style="margin-right: 0in; margin-left: 45pt; font-size: 12pt; font-family: 'Times New Roman', serif; margin-bottom: 2pt; text-indent: -0.25in; "><span style="font-family: Symbol; ">·</span><span style="font-size: 7pt; "> <span class="Apple-converted-space"> </span></span>ensure the use of OpenID on mobile devices,<o:p></o:p></p><p class="MsoListParagraph" style="margin-right: 0in; margin-left: 45pt; font-size: 12pt; font-family: 'Times New Roman', serif; margin-bottom: 2pt; text-indent: -0.25in; "><span style="font-family: Symbol; ">·</span><span style="font-size: 7pt; "> <span class="Apple-converted-space"> </span></span>ensure the use of OpenID on existing browsers with URL length restrictions,<o:p></o:p></p><p class="MsoListParagraph" style="margin-right: 0in; margin-left: 45pt; font-size: 12pt; font-family: 'Times New Roman', serif; margin-bottom: 2pt; text-indent: -0.25in; "><span style="font-family: Symbol; ">·</span><span style="font-size: 7pt; "> <span class="Apple-converted-space"> </span></span>complement OAuth 2.0<o:p></o:p></p><p class="MsoListParagraph" style="margin-right: 0in; margin-left: 45pt; font-size: 12pt; font-family: 'Times New Roman', serif; margin-bottom: 2pt; text-indent: -0.25in; "><span style="font-family: Symbol; ">·</span><span style="font-size: 7pt; "> <span class="Apple-converted-space"> </span></span>minimize migration effort from OpenID 2.0<o:p></o:p></p><p class="MsoListParagraph" style="margin-right: 0in; margin-left: 45pt; font-size: 12pt; font-family: 'Times New Roman', serif; margin-bottom: 2pt; text-indent: -0.25in; "><span style="font-family: Symbol; ">·</span><span style="font-size: 7pt; "> <span class="Apple-converted-space"> </span></span>seamlessly integrate with and complement the other OpenID v.Next specifications.<o:p></o:p></p><p class="MsoNormal" style="margin-top: 0in; margin-right: 0in; margin-bottom: 2pt; margin-left: 0.5in; font-size: 12pt; font-family: 'Times New Roman', serif; text-indent: -27pt; "> Compatibility with OpenID 2.0 is an explicit non-goal for this work.<o:p></o:p></p><p class="MsoNormal" style="margin-top: 0in; margin-right: 0in; margin-bottom: 2pt; margin-left: 0.5in; font-size: 12pt; font-family: 'Times New Roman', serif; text-indent: -27pt; "><b>(iii)</b> <span class="Apple-converted-space"> </span><b>Scope:</b> Produce a next generation OpenID core protocol specification or specifications, consistent with the purpose statement.<o:p></o:p></p><p class="MsoNormal" style="margin-top: 0in; margin-right: 0in; margin-bottom: 2pt; margin-left: 0.5in; font-size: 12pt; font-family: 'Times New Roman', serif; text-indent: -27pt; "><b>(iv)</b> <span class="Apple-converted-space"> </span><b>Proposed List of Specifications</b>: OpenID v.Next Core Protocol and possibly related specifications.<o:p></o:p></p><p class="MsoNormal" style="margin-top: 0in; margin-right: 0in; margin-bottom: 2pt; margin-left: 0.5in; font-size: 12pt; font-family: 'Times New Roman', serif; text-indent: -27pt; "><b>(v)</b> <span class="Apple-converted-space"> </span><b>Anticipated audience or users of the work:</b> Implementers of OpenID Providers, Relying Parties, Active Clients, and non-browser applications utilizing OpenID.<o:p></o:p></p><p class="MsoNormal" style="margin-top: 0in; margin-right: 0in; margin-bottom: 2pt; margin-left: 0.5in; font-size: 12pt; font-family: 'Times New Roman', serif; text-indent: -27pt; "><b>(vi)</b> <span class="Apple-converted-space"> </span><b>Language in which the WG will conduct business</b>: English.<o:p></o:p></p><p class="MsoNormal" style="margin-top: 0in; margin-right: 0in; margin-bottom: 2pt; margin-left: 0.5in; font-size: 12pt; font-family: 'Times New Roman', serif; text-indent: -27pt; "><b>(vii)</b> <span class="Apple-converted-space"> </span><b>Method of work: <span class="Apple-converted-space"> </span></b>E-mail discussions on the working group mailing list, working group conference calls, and face-to-face meetings at the Internet Identity Workshop and OpenID summits.<o:p></o:p></p><p class="MsoNormal" style="margin-top: 0in; margin-right: 0in; margin-bottom: 2pt; margin-left: 0.5in; font-size: 12pt; font-family: 'Times New Roman', serif; text-indent: -27pt; "><b>(viii)</b> <span class="Apple-converted-space"> </span><b>Basis for determining when the work of the WG is completed:</b> Work will not be deemed to be complete until there is a consensus that the resulting protocol specification or family of specifications fulfills the working group goals. Additional proposed changes beyond that initial consensus will be evaluated on the basis of whether they increase or decrease consensus within the working group. The work will be completed once it is apparent that maximal consensus on the draft has been achieved, consistent with the purpose and scope.<o:p></o:p></p><div style="margin-top: 0in; margin-right: 0in; margin-bottom: 0.0001pt; margin-left: 0in; font-size: 12pt; font-family: 'Times New Roman', serif; "><b>(b) <span class="Apple-converted-space"> </span><i><u>Background Information</u></i>.</b><o:p></o:p></div><p class="MsoNormal" style="margin-top: 0in; margin-right: 0in; margin-bottom: 2pt; margin-left: 0.5in; font-size: 12pt; font-family: 'Times New Roman', serif; text-indent: -27pt; "><b>(i)</b> <span class="Apple-converted-space"> </span><b>Related work being done in other WGs or organizations</b>: OpenID Authentication 2.0 and related specifications, including Attribute Exchange (AX), Contract Exchange (CX), Provider Authentication Policy Extension (PAPE), and the draft User Interface (UI) Extension. OAuth, OAuth WRAP, and OAuth 2.0. OpenID Connect proposal. SAML 2.0 Core and SAML Authn Context.<o:p></o:p></p><p class="MsoNormal" style="margin-top: 0in; margin-right: 0in; margin-bottom: 2pt; margin-left: 0.5in; font-size: 12pt; font-family: 'Times New Roman', serif; text-indent: -27pt; "><b>(ii)</b> <span class="Apple-converted-space"> </span><b>Proposers:</b><o:p></o:p></p><div style="margin-top: 0in; margin-right: 0in; margin-bottom: 0.0001pt; margin-left: 0.5in; font-size: 12pt; font-family: 'Times New Roman', serif; ">Dick Hardt,<span class="Apple-converted-space"> </span><a href="mailto:dick.hardt@gmail.com" style="color: blue; text-decoration: underline; ">dick.hardt@gmail.com</a><span class="Apple-converted-space"> </span>(chair)<o:p></o:p></div><div style="margin-top: 0in; margin-right: 0in; margin-bottom: 0.0001pt; margin-left: 0.5in; font-size: 12pt; font-family: 'Times New Roman', serif; ">Michael B. Jones,<span class="Apple-converted-space"> </span><a href="mailto:mbj@microsoft.com" style="color: blue; text-decoration: underline; ">mbj@microsoft.com</a><o:p></o:p></div><div style="margin-top: 0in; margin-right: 0in; margin-bottom: 0.0001pt; margin-left: 0.5in; font-size: 12pt; font-family: 'Times New Roman', serif; ">Breno de Medeiros,<span class="Apple-converted-space"> </span><a href="mailto:breno@google.com" style="color: blue; text-decoration: underline; ">breno@google.com</a><o:p></o:p></div><div style="margin-top: 0in; margin-right: 0in; margin-bottom: 0.0001pt; margin-left: 0.5in; font-size: 12pt; font-family: 'Times New Roman', serif; ">Ashish Jain,<span class="Apple-converted-space"> </span><a href="mailto:Ashish.Jain@paypal.com" style="color: blue; text-decoration: underline; ">Ashish.Jain@paypal.com</a><o:p></o:p></div><div style="margin-top: 0in; margin-right: 0in; margin-bottom: 0.0001pt; margin-left: 0.5in; font-size: 12pt; font-family: 'Times New Roman', serif; ">George Fletcher,<span class="Apple-converted-space"> </span><a href="mailto:gffletch@aol.com" style="color: blue; text-decoration: underline; ">gffletch@aol.com</a><o:p></o:p></div><p class="MsoNormal" style="margin-top: 0in; margin-right: 0in; margin-bottom: 2pt; margin-left: 0.5in; font-size: 12pt; font-family: 'Times New Roman', serif; text-indent: -27pt; "><b> (iii)</b> <span class="Apple-converted-space"> </span><b>Anticipated Contributions</b>: None.<o:p></o:p></p><div style="margin-top: 0in; margin-right: 0in; margin-bottom: 0.0001pt; margin-left: 0in; font-size: 12pt; font-family: 'Times New Roman', serif; "> <o:p></o:p></div><pre style="margin-top: 0in; margin-right: 0in; margin-bottom: 0.0001pt; margin-left: 0in; font-size: 10pt; font-family: 'Courier New'; "><o:p> </o:p></pre><pre style="margin-top: 0in; margin-right: 0in; margin-bottom: 0.0001pt; margin-left: 0in; font-size: 10pt; font-family: 'Courier New'; ">_______________________________________________<o:p></o:p></pre><pre style="margin-top: 0in; margin-right: 0in; margin-bottom: 0.0001pt; margin-left: 0in; font-size: 10pt; font-family: 'Courier New'; ">specs mailing list<o:p></o:p></pre><pre style="margin-top: 0in; margin-right: 0in; margin-bottom: 0.0001pt; margin-left: 0in; font-size: 10pt; font-family: 'Courier New'; "><a href="mailto:specs@lists.openid.net" style="color: blue; text-decoration: underline; ">specs@lists.openid.net</a><o:p></o:p></pre><pre style="margin-top: 0in; margin-right: 0in; margin-bottom: 0.0001pt; margin-left: 0in; font-size: 10pt; font-family: 'Courier New'; "><a href="http://lists.openid.net/mailman/listinfo/openid-specs" style="color: blue; text-decoration: underline; ">http://lists.openid.net/mailman/listinfo/openid-specs</a><o:p></o:p></pre><pre style="margin-top: 0in; margin-right: 0in; margin-bottom: 0.0001pt; margin-left: 0in; font-size: 10pt; font-family: 'Courier New'; "> <o:p></o:p></pre><div style="margin-top: 0in; margin-right: 0in; margin-bottom: 0.0001pt; margin-left: 0in; font-size: 12pt; font-family: 'Times New Roman', serif; "><o:p> </o:p></div></div></div><div style="margin-top: 0in; margin-right: 0in; margin-bottom: 0.0001pt; margin-left: 0in; font-size: 12pt; font-family: 'Times New Roman', serif; "><o:p> </o:p></div></div></div><div style="margin-top: 0in; margin-right: 0in; margin-bottom: 0.0001pt; margin-left: 0in; font-size: 12pt; font-family: 'Times New Roman', serif; ">_______________________________________________<br>specs mailing list<br><a href="mailto:specs@lists.openid.net" style="color: blue; text-decoration: underline; ">specs@lists.openid.net</a><br><a href="http://lists.openid.net/mailman/listinfo/openid-specs" style="color: blue; text-decoration: underline; ">http://lists.openid.net/mailman/listinfo/openid-specs</a><o:p></o:p></div></div><div style="margin-top: 0in; margin-right: 0in; margin-bottom: 0.0001pt; margin-left: 0in; font-size: 12pt; font-family: 'Times New Roman', serif; "><o:p> </o:p></div></div></div></div></div></span></blockquote></div><br></div></body></html>