<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=us-ascii">
<meta name="Generator" content="Microsoft Word 14 (filtered medium)">
<style><!--
/* Font Definitions */
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Tahoma;
panose-1:2 11 6 4 3 5 4 4 2 4;}
@font-face
{font-family:Consolas;
panose-1:2 11 6 9 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Times New Roman","serif";
color:black;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
pre
{mso-style-priority:99;
mso-style-link:"HTML Preformatted Char";
margin:0in;
margin-bottom:.0001pt;
font-size:10.0pt;
font-family:"Courier New";
color:black;}
p.MsoAcetate, li.MsoAcetate, div.MsoAcetate
{mso-style-priority:99;
mso-style-link:"Balloon Text Char";
margin:0in;
margin-bottom:.0001pt;
font-size:8.0pt;
font-family:"Tahoma","sans-serif";
color:black;}
span.BalloonTextChar
{mso-style-name:"Balloon Text Char";
mso-style-priority:99;
mso-style-link:"Balloon Text";
font-family:"Tahoma","sans-serif";}
span.EmailStyle19
{mso-style-type:personal;
font-family:"Calibri","sans-serif";
color:#1F497D;}
span.HTMLPreformattedChar
{mso-style-name:"HTML Preformatted Char";
mso-style-priority:99;
mso-style-link:"HTML Preformatted";
font-family:Consolas;
color:black;}
span.EmailStyle22
{mso-style-type:personal-reply;
font-family:"Calibri","sans-serif";
color:#1F497D;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
</head>
<body bgcolor="white" lang="EN-US" link="blue" vlink="purple">
<div class="WordSection1">
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">So I agree, but not sure if we don’t have people thinking about the policy aspects that we will do a good job in this area, thus just having a conformance I
don’t think will promote those thoughts<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"><o:p> </o:p></span></p>
<div>
<div style="border:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt 0in 0in 0in">
<p class="MsoNormal"><b><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif";color:windowtext">From:</span></b><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif";color:windowtext"> openid-specs-bounces@lists.openid.net [mailto:openid-specs-bounces@lists.openid.net]
<b>On Behalf Of </b>Paul Madsen<br>
<b>Sent:</b> Thursday, June 03, 2010 12:28 PM<br>
<b>To:</b> openid-specs@lists.openid.net<br>
<b>Subject:</b> Re: Draft charter for OpenID Certification working group<o:p></o:p></span></p>
</div>
</div>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">Tony, any of the checklists could stipulate requirements for consent policy<br>
<br>
As does the draft for the trusted email profile<br>
<br>
'<span style="font-size:10.0pt">show at most one page in 99% of the consent flows once the user is authenticated</span>'<br>
<br>
paul<br>
<br>
On 03/06/2010 2:42 PM, Anthony Nadalin wrote: <o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">So it seems that Policy was dropped out of the original description of the charter. The problem is that not factoring in policy concerns more generally in OpenID
v.Next could hurt adoption. An example would be the lack of prior informed consent for the linking that might occur as OpenID v.Next goes up the assurance scale, but maybe no one is interested in OpenID going beyond Level 1.</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"> </span><o:p></o:p></p>
<p class="MsoNormal"><b><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif"">From:</span></b><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif"">
<a href="mailto:openid-specs-bounces@lists.openid.net">openid-specs-bounces@lists.openid.net</a> [<a href="mailto:openid-specs-bounces@lists.openid.net">mailto:openid-specs-bounces@lists.openid.net</a>]
<b>On Behalf Of </b>Eric Sachs<br>
<b>Sent:</b> Friday, May 14, 2010 9:48 AM<br>
<b>To:</b> openid-specs<br>
<b>Subject:</b> Draft charter for OpenID Certification working group</span><o:p></o:p></p>
<p class="MsoNormal"> <o:p></o:p></p>
<p class="MsoNormal">Resending because a few people complained this message ended up in their SPAMI Folder.<o:p></o:p></p>
<div>
<p class="MsoNormal" style="margin-bottom:12.0pt"> <o:p></o:p></p>
<div>
<p class="MsoNormal" style="margin-bottom:12.0pt">---------- Forwarded message ----------<br>
From: <b>Eric Sachs</b> <<a href="mailto:esachs@google.com">esachs@google.com</a>><br>
Date: Mon, May 10, 2010 at 10:14 AM<br>
Subject: Draft OpenID Certification working group charter<br>
To: openid-specs <<a href="mailto:openid-specs@lists.openid.net">openid-specs@lists.openid.net</a>><br>
Cc: Allen Tom <<a href="mailto:atom@yahoo-inc.com">atom@yahoo-inc.com</a>><br>
<br>
<br>
<o:p></o:p></p>
<div>
<div>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Arial","sans-serif"">What follows is a draft charter for the OpenID Certification working group. Feedback is welcome, as are potential working group participants. There is also a draft of some
specific <a href="http://docs.google.com/View?id=ajkhp5hpp3tt_72gtng7zff" target="_blank"><span style="color:#0000CC">certification check lists</span></a> that I hope will spawn feedback.</span><o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Arial","sans-serif""> </span><o:p></o:p></p>
</div>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Arial","sans-serif""><br>
(a) Charter.<br>
<br>
<br>
</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Arial","sans-serif"">(i) WG name: OpenID Certification</span><o:p></o:p></p>
<blockquote style="margin-left:30.0pt;margin-top:5.0pt;margin-right:0in;margin-bottom:5.0pt">
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Arial","sans-serif"">(ii) Purpose: Produce certification checklists for the use of OpenID in different use-cases so that neutral certification bodies such as OIX can validate IDPs against them
as opposed to requiring each RP to individual perform such an analysis of each potential IDP. Specific goals are:</span><o:p></o:p></p>
</blockquote>
<p class="MsoNormal" style="margin-left:83.25pt;text-indent:-.25in"><span style="font-size:10.0pt;font-family:"Arial","sans-serif"">Define the checklist for at least one use-case</span><o:p></o:p></p>
<p class="MsoNormal" style="margin-left:83.25pt;text-indent:-.25in"><span style="font-size:10.0pt;font-family:"Arial","sans-serif"">Have at least one IDP certified against that checklist by a certification body</span><o:p></o:p></p>
<p class="MsoNormal" style="margin-left:83.25pt;text-indent:-.25in"><span style="font-size:10.0pt;font-family:"Arial","sans-serif"">Have at least one RP who will dynamically support the published list of IDP(s) that have been certified</span><o:p></o:p></p>
<blockquote style="margin-left:30.0pt;margin-top:5.0pt;margin-right:0in;margin-bottom:5.0pt">
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Arial","sans-serif"">(iii) Scope: Produce a list of certification use-cases, and checklists for them. We expect this work will identify the need for additional enhancements to the technical standards,
but in general this WG will not directly develop those standards, but will coordinate with other OpenID WGs to define the necessary standards.</span><o:p></o:p></p>
</blockquote>
<blockquote style="margin-left:30.0pt;margin-top:5.0pt;margin-right:0in;margin-bottom:5.0pt">
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Arial","sans-serif"">(iv) Proposed List of Use-Cases: The initial targeted use-cases are listed below based on <a href="https://sites.google.com/site/oauthgoog/UXFedLogin/whitelisting" target="_blank"><span style="color:#0000CC">discussion</span></a> from
the April 2010 OpenID Summit and a <a href="http://docs.google.com/View?id=ajkhp5hpp3tt_72gtng7zff" target="_blank"><span style="color:#0000CC">later draft proposal</span></a>.</span><o:p></o:p></p>
</blockquote>
<p class="MsoNormal" style="margin-left:83.25pt;text-indent:-.25in"><span style="font-size:10.0pt;font-family:"Arial","sans-serif"">Trused Email Profile</span><o:p></o:p></p>
<p class="MsoNormal" style="margin-left:83.25pt;text-indent:-.25in"><span style="font-size:10.0pt;font-family:"Arial","sans-serif"">Email Validation Profile</span><o:p></o:p></p>
<p class="MsoNormal" style="margin-left:83.25pt;text-indent:-.25in"><span style="font-size:10.0pt;font-family:"Arial","sans-serif"">Untrusted Email Profile</span><o:p></o:p></p>
<p class="MsoNormal" style="margin-left:83.25pt;text-indent:-.25in"><span style="font-size:10.0pt;font-family:"Arial","sans-serif"">URL only Profile</span><o:p></o:p></p>
<p class="MsoNormal" style="margin-left:83.25pt;text-indent:-.25in"><span style="font-size:10.0pt;font-family:"Arial","sans-serif"">Email Hosting Profile</span><o:p></o:p></p>
<blockquote style="margin-left:30.0pt;margin-top:5.0pt;margin-right:0in;margin-bottom:5.0pt">
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Arial","sans-serif"">(v) Anticipated audience or users of the work: Implementers of OpenID Providers, Relying Parties, and certification bodies.</span><o:p></o:p></p>
</blockquote>
<blockquote style="margin-left:30.0pt;margin-top:5.0pt;margin-right:0in;margin-bottom:5.0pt">
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Arial","sans-serif"">(vi) Language in which the WG will conduct business: English.<br>
(vii) Method of work: E-mail discussions on the working group mailing list, working group conference calls, and face-to-face meetings at the Internet Identity Workshop and OpenID summits.</span><o:p></o:p></p>
</blockquote>
<blockquote style="margin-left:30.0pt;margin-top:5.0pt;margin-right:0in;margin-bottom:5.0pt">
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Arial","sans-serif"">(viii) Basis for determining when the work of the WG is completed: Work will not be deemed to be complete until there is a consensus that the resulting set of use-caess (and
checklists) are sufficient to meet the market needs for OpenID certification. Additional proposed use-cases behond the initial list are expected.</span><o:p></o:p></p>
</blockquote>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Arial","sans-serif"">(b) Background Information.<br>
<br>
<br>
</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Arial","sans-serif"">(i) Related work being done in other WGs or organizations: ICAM, InCommon, Open Identity Exchange (OIX), Kantara</span><o:p></o:p></p>
<blockquote style="margin-left:30.0pt;margin-top:5.0pt;margin-right:0in;margin-bottom:5.0pt">
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Arial","sans-serif"">(ii) Proposers:</span><o:p></o:p></p>
</blockquote>
<blockquote style="margin-left:30.0pt;margin-top:5.0pt;margin-right:0in;margin-bottom:5.0pt">
<blockquote style="margin-left:30.0pt;margin-top:5.0pt;margin-right:0in;margin-bottom:5.0pt">
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Arial","sans-serif"">Eric Sachs, <a href="mailto:esachs@google.com" target="_blank"><span style="color:#0000CC">esachs@google.com</span></a>, Google (chair)<br>
Allen Tom, <a href="mailto:atom@yahoo-inc.com" target="_blank">atom@yahoo-inc.com</a></span><o:p></o:p></p>
</blockquote>
</blockquote>
<blockquote style="margin-left:30.0pt;margin-top:5.0pt;margin-right:0in;margin-bottom:5.0pt">
<blockquote style="margin-left:30.0pt;margin-top:5.0pt;margin-right:0in;margin-bottom:5.0pt">
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Arial","sans-serif"">Additional proposers to be added here</span><o:p></o:p></p>
</blockquote>
</blockquote>
<blockquote style="margin-left:30.0pt;margin-top:5.0pt;margin-right:0in;margin-bottom:5.0pt">
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Arial","sans-serif"">(iii) Anticipated Contributions: None.</span><o:p></o:p></p>
</blockquote>
<div>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Arial","sans-serif""> </span><o:p></o:p></p>
</div>
</div>
</div>
</div>
<pre><o:p> </o:p></pre>
<pre><o:p> </o:p></pre>
<pre>_______________________________________________<o:p></o:p></pre>
<pre>specs mailing list<o:p></o:p></pre>
<pre><a href="mailto:specs@lists.openid.net">specs@lists.openid.net</a><o:p></o:p></pre>
<pre><a href="http://lists.openid.net/mailman/listinfo/openid-specs">http://lists.openid.net/mailman/listinfo/openid-specs</a><o:p></o:p></pre>
<pre> <o:p></o:p></pre>
<pre><o:p> </o:p></pre>
<pre><o:p> </o:p></pre>
<pre><o:p> </o:p></pre>
<pre>No virus found in this incoming message.<o:p></o:p></pre>
<pre>Checked by AVG - <a href="http://www.avg.com">www.avg.com</a> <o:p></o:p></pre>
<pre>Version: 9.0.819 / Virus Database: 271.1.1/2915 - Release Date: 06/03/10 02:25:00<o:p></o:p></pre>
<pre><o:p> </o:p></pre>
<pre> <o:p></o:p></pre>
</div>
</body>
</html>