<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
</head>
<body bgcolor="#ffffff" text="#000000">
As I think of 'policy', everything here meets the definition, ie
prescribed processes and technologies<br>
<br>
it sounds like what you want is specific test putting 'privacy policy'
in scope for the certification checklists? <br>
<br>
or the possibility of a 'privacy focused profile'? <br>
<br>
paul<br>
<br>
On 03/06/2010 4:26 PM, Anthony Nadalin wrote:
<blockquote
cite="mid:A08279DC79B11C48AD587060CD93977125F7E00C@TK5EX14MBXC101.redmond.corp.microsoft.com"
type="cite">
<meta http-equiv="Content-Type"
content="text/html; charset=ISO-8859-1">
<meta name="Generator" content="Microsoft Word 14 (filtered medium)">
<style><!--
/* Font Definitions */
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Tahoma;
panose-1:2 11 6 4 3 5 4 4 2 4;}
@font-face
{font-family:Consolas;
panose-1:2 11 6 9 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Times New Roman","serif";
color:black;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
pre
{mso-style-priority:99;
mso-style-link:"HTML Preformatted Char";
margin:0in;
margin-bottom:.0001pt;
font-size:10.0pt;
font-family:"Courier New";
color:black;}
p.MsoAcetate, li.MsoAcetate, div.MsoAcetate
{mso-style-priority:99;
mso-style-link:"Balloon Text Char";
margin:0in;
margin-bottom:.0001pt;
font-size:8.0pt;
font-family:"Tahoma","sans-serif";
color:black;}
span.BalloonTextChar
{mso-style-name:"Balloon Text Char";
mso-style-priority:99;
mso-style-link:"Balloon Text";
font-family:"Tahoma","sans-serif";}
span.EmailStyle19
{mso-style-type:personal;
font-family:"Calibri","sans-serif";
color:#1F497D;}
span.HTMLPreformattedChar
{mso-style-name:"HTML Preformatted Char";
mso-style-priority:99;
mso-style-link:"HTML Preformatted";
font-family:Consolas;
color:black;}
span.EmailStyle22
{mso-style-type:personal-reply;
font-family:"Calibri","sans-serif";
color:#1F497D;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
<div class="WordSection1">
<p class="MsoNormal"><span
style="font-size: 11pt; font-family: "Calibri","sans-serif"; color: rgb(31, 73, 125);">So
I agree, but not sure if we don’t have people thinking about the policy
aspects that we will do a good job in this area, thus just having a
conformance I don’t think will promote those thoughts<o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size: 11pt; font-family: "Calibri","sans-serif"; color: rgb(31, 73, 125);"><o:p> </o:p></span></p>
<div>
<div
style="border-style: solid none none; border-color: rgb(181, 196, 223) -moz-use-text-color -moz-use-text-color; border-width: 1pt medium medium; padding: 3pt 0in 0in;">
<p class="MsoNormal"><b><span
style="font-size: 10pt; font-family: "Tahoma","sans-serif"; color: windowtext;">From:</span></b><span
style="font-size: 10pt; font-family: "Tahoma","sans-serif"; color: windowtext;">
<a class="moz-txt-link-abbreviated" href="mailto:openid-specs-bounces@lists.openid.net">openid-specs-bounces@lists.openid.net</a>
[<a class="moz-txt-link-freetext" href="mailto:openid-specs-bounces@lists.openid.net">mailto:openid-specs-bounces@lists.openid.net</a>]
<b>On Behalf Of </b>Paul Madsen<br>
<b>Sent:</b> Thursday, June 03, 2010 12:28 PM<br>
<b>To:</b> <a class="moz-txt-link-abbreviated" href="mailto:openid-specs@lists.openid.net">openid-specs@lists.openid.net</a><br>
<b>Subject:</b> Re: Draft charter for OpenID Certification working
group<o:p></o:p></span></p>
</div>
</div>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">Tony, any of the checklists could stipulate
requirements for consent policy<br>
<br>
As does the draft for the trusted email profile<br>
<br>
'<span style="font-size: 10pt;">show at most one page in 99% of the
consent flows once the user is authenticated</span>'<br>
<br>
paul<br>
<br>
On 03/06/2010 2:42 PM, Anthony Nadalin wrote: <o:p></o:p></p>
<p class="MsoNormal"><span
style="font-size: 11pt; font-family: "Calibri","sans-serif"; color: rgb(31, 73, 125);">So
it seems that Policy was dropped out of the original description of the
charter. The problem is that not factoring in policy concerns more
generally in OpenID v.Next could hurt adoption. An example would be the
lack of prior informed consent for the linking that might occur as
OpenID v.Next goes up the assurance scale, but maybe no one is
interested in OpenID going beyond Level 1.</span><o:p></o:p></p>
<p class="MsoNormal"><span
style="font-size: 11pt; font-family: "Calibri","sans-serif"; color: rgb(31, 73, 125);"> </span><o:p></o:p></p>
<p class="MsoNormal"><b><span
style="font-size: 10pt; font-family: "Tahoma","sans-serif";">From:</span></b><span
style="font-size: 10pt; font-family: "Tahoma","sans-serif";">
<a moz-do-not-send="true"
href="mailto:openid-specs-bounces@lists.openid.net">openid-specs-bounces@lists.openid.net</a>
[<a moz-do-not-send="true"
href="mailto:openid-specs-bounces@lists.openid.net">mailto:openid-specs-bounces@lists.openid.net</a>]
<b>On Behalf Of </b>Eric Sachs<br>
<b>Sent:</b> Friday, May 14, 2010 9:48 AM<br>
<b>To:</b> openid-specs<br>
<b>Subject:</b> Draft charter for OpenID Certification working group</span><o:p></o:p></p>
<p class="MsoNormal"> <o:p></o:p></p>
<p class="MsoNormal">Resending because a few people complained this
message ended up in their SPAMI Folder.<o:p></o:p></p>
<div>
<p class="MsoNormal" style="margin-bottom: 12pt;"> <o:p></o:p></p>
<div>
<p class="MsoNormal" style="margin-bottom: 12pt;">----------
Forwarded message ----------<br>
From: <b>Eric Sachs</b> <<a moz-do-not-send="true"
href="mailto:esachs@google.com">esachs@google.com</a>><br>
Date: Mon, May 10, 2010 at 10:14 AM<br>
Subject: Draft OpenID Certification working group charter<br>
To: openid-specs <<a moz-do-not-send="true"
href="mailto:openid-specs@lists.openid.net">openid-specs@lists.openid.net</a>><br>
Cc: Allen Tom <<a moz-do-not-send="true"
href="mailto:atom@yahoo-inc.com">atom@yahoo-inc.com</a>><br>
<br>
<br>
<o:p></o:p></p>
<div>
<div>
<p class="MsoNormal"><span
style="font-size: 10pt; font-family: "Arial","sans-serif";">What
follows is a draft charter for the OpenID Certification working group.
Feedback is welcome, as are potential working group participants.
There is also a draft of some specific <a moz-do-not-send="true"
href="http://docs.google.com/View?id=ajkhp5hpp3tt_72gtng7zff"
target="_blank"><span style="color: rgb(0, 0, 204);">certification
check lists</span></a> that I hope will spawn feedback.</span><o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><span
style="font-size: 10pt; font-family: "Arial","sans-serif";"> </span><o:p></o:p></p>
</div>
<p class="MsoNormal"><span
style="font-size: 10pt; font-family: "Arial","sans-serif";"><br>
(a) Charter.<br>
<br>
<br>
</span><o:p></o:p></p>
<p class="MsoNormal"><span
style="font-size: 10pt; font-family: "Arial","sans-serif";">(i) WG
name: OpenID Certification</span><o:p></o:p></p>
<blockquote style="margin: 5pt 0in 5pt 30pt;">
<p class="MsoNormal"><span
style="font-size: 10pt; font-family: "Arial","sans-serif";">(ii)
Purpose: Produce certification checklists for the use of OpenID in
different use-cases so that neutral certification bodies such as OIX
can validate IDPs against them as opposed to requiring each RP to
individual perform such an analysis of each potential IDP. Specific
goals are:</span><o:p></o:p></p>
</blockquote>
<p class="MsoNormal"
style="margin-left: 83.25pt; text-indent: -0.25in;"><span
style="font-size: 10pt; font-family: "Arial","sans-serif";">Define the
checklist for at least one use-case</span><o:p></o:p></p>
<p class="MsoNormal"
style="margin-left: 83.25pt; text-indent: -0.25in;"><span
style="font-size: 10pt; font-family: "Arial","sans-serif";">Have at
least one IDP certified against that checklist by a certification body</span><o:p></o:p></p>
<p class="MsoNormal"
style="margin-left: 83.25pt; text-indent: -0.25in;"><span
style="font-size: 10pt; font-family: "Arial","sans-serif";">Have at
least one RP who will dynamically support the published list of IDP(s)
that have been certified</span><o:p></o:p></p>
<blockquote style="margin: 5pt 0in 5pt 30pt;">
<p class="MsoNormal"><span
style="font-size: 10pt; font-family: "Arial","sans-serif";">(iii)
Scope: Produce a list of certification use-cases, and checklists for
them. We expect this work will identify the need for additional
enhancements to the technical standards, but in general this WG will
not directly develop those standards, but will coordinate with other
OpenID WGs to define the necessary standards.</span><o:p></o:p></p>
</blockquote>
<blockquote style="margin: 5pt 0in 5pt 30pt;">
<p class="MsoNormal"><span
style="font-size: 10pt; font-family: "Arial","sans-serif";">(iv)
Proposed List of Use-Cases: The initial targeted use-cases are listed
below based on <a moz-do-not-send="true"
href="https://sites.google.com/site/oauthgoog/UXFedLogin/whitelisting"
target="_blank"><span style="color: rgb(0, 0, 204);">discussion</span></a> from
the April 2010 OpenID Summit and a <a moz-do-not-send="true"
href="http://docs.google.com/View?id=ajkhp5hpp3tt_72gtng7zff"
target="_blank"><span style="color: rgb(0, 0, 204);">later draft
proposal</span></a>.</span><o:p></o:p></p>
</blockquote>
<p class="MsoNormal"
style="margin-left: 83.25pt; text-indent: -0.25in;"><span
style="font-size: 10pt; font-family: "Arial","sans-serif";">Trused
Email Profile</span><o:p></o:p></p>
<p class="MsoNormal"
style="margin-left: 83.25pt; text-indent: -0.25in;"><span
style="font-size: 10pt; font-family: "Arial","sans-serif";">Email
Validation Profile</span><o:p></o:p></p>
<p class="MsoNormal"
style="margin-left: 83.25pt; text-indent: -0.25in;"><span
style="font-size: 10pt; font-family: "Arial","sans-serif";">Untrusted
Email Profile</span><o:p></o:p></p>
<p class="MsoNormal"
style="margin-left: 83.25pt; text-indent: -0.25in;"><span
style="font-size: 10pt; font-family: "Arial","sans-serif";">URL only
Profile</span><o:p></o:p></p>
<p class="MsoNormal"
style="margin-left: 83.25pt; text-indent: -0.25in;"><span
style="font-size: 10pt; font-family: "Arial","sans-serif";">Email
Hosting Profile</span><o:p></o:p></p>
<blockquote style="margin: 5pt 0in 5pt 30pt;">
<p class="MsoNormal"><span
style="font-size: 10pt; font-family: "Arial","sans-serif";">(v)
Anticipated audience or users of the work: Implementers of OpenID
Providers, Relying Parties, and certification bodies.</span><o:p></o:p></p>
</blockquote>
<blockquote style="margin: 5pt 0in 5pt 30pt;">
<p class="MsoNormal"><span
style="font-size: 10pt; font-family: "Arial","sans-serif";">(vi)
Language in which the WG will conduct business: English.<br>
(vii) Method of work: E-mail discussions on the working group mailing
list, working group conference calls, and face-to-face meetings at the
Internet Identity Workshop and OpenID summits.</span><o:p></o:p></p>
</blockquote>
<blockquote style="margin: 5pt 0in 5pt 30pt;">
<p class="MsoNormal"><span
style="font-size: 10pt; font-family: "Arial","sans-serif";">(viii)
Basis for determining when the work of the WG is completed: Work will
not be deemed to be complete until there is a consensus that the
resulting set of use-caess (and checklists) are sufficient to meet the
market needs for OpenID certification. Additional proposed use-cases
behond the initial list are expected.</span><o:p></o:p></p>
</blockquote>
<p class="MsoNormal"><span
style="font-size: 10pt; font-family: "Arial","sans-serif";">(b)
Background Information.<br>
<br>
<br>
</span><o:p></o:p></p>
<p class="MsoNormal"><span
style="font-size: 10pt; font-family: "Arial","sans-serif";">(i)
Related work being done in other WGs or organizations: ICAM, InCommon,
Open Identity Exchange (OIX), Kantara</span><o:p></o:p></p>
<blockquote style="margin: 5pt 0in 5pt 30pt;">
<p class="MsoNormal"><span
style="font-size: 10pt; font-family: "Arial","sans-serif";">(ii)
Proposers:</span><o:p></o:p></p>
</blockquote>
<blockquote style="margin: 5pt 0in 5pt 30pt;">
<blockquote style="margin: 5pt 0in 5pt 30pt;">
<p class="MsoNormal"><span
style="font-size: 10pt; font-family: "Arial","sans-serif";">Eric
Sachs, <a moz-do-not-send="true" href="mailto:esachs@google.com"
target="_blank"><span style="color: rgb(0, 0, 204);">esachs@google.com</span></a>,
Google (chair)<br>
Allen Tom, <a moz-do-not-send="true" href="mailto:atom@yahoo-inc.com"
target="_blank">atom@yahoo-inc.com</a></span><o:p></o:p></p>
</blockquote>
</blockquote>
<blockquote style="margin: 5pt 0in 5pt 30pt;">
<blockquote style="margin: 5pt 0in 5pt 30pt;">
<p class="MsoNormal"><span
style="font-size: 10pt; font-family: "Arial","sans-serif";">Additional
proposers to be added here</span><o:p></o:p></p>
</blockquote>
</blockquote>
<blockquote style="margin: 5pt 0in 5pt 30pt;">
<p class="MsoNormal"><span
style="font-size: 10pt; font-family: "Arial","sans-serif";">(iii)
Anticipated Contributions: None.</span><o:p></o:p></p>
</blockquote>
<div>
<p class="MsoNormal"><span
style="font-size: 10pt; font-family: "Arial","sans-serif";"> </span><o:p></o:p></p>
</div>
</div>
</div>
</div>
<pre><o:p> </o:p></pre>
<pre><o:p> </o:p></pre>
<pre>_______________________________________________<o:p></o:p></pre>
<pre>specs mailing list<o:p></o:p></pre>
<pre><a moz-do-not-send="true" href="mailto:specs@lists.openid.net">specs@lists.openid.net</a><o:p></o:p></pre>
<pre><a moz-do-not-send="true"
href="http://lists.openid.net/mailman/listinfo/openid-specs">http://lists.openid.net/mailman/listinfo/openid-specs</a><o:p></o:p></pre>
<pre> <o:p></o:p></pre>
<pre><o:p> </o:p></pre>
<pre><o:p> </o:p></pre>
<pre><o:p> </o:p></pre>
<pre>No virus found in this incoming message.<o:p></o:p></pre>
<pre>Checked by AVG - <a moz-do-not-send="true"
href="http://www.avg.com">www.avg.com</a> <o:p></o:p></pre>
<pre>Version: 9.0.819 / Virus Database: 271.1.1/2915 - Release Date: 06/03/10 02:25:00<o:p></o:p></pre>
<pre><o:p> </o:p></pre>
<pre> <o:p></o:p></pre>
</div>
<pre wrap="">
<fieldset class="mimeAttachmentHeader"></fieldset>
No virus found in this incoming message.
Checked by AVG - <a class="moz-txt-link-abbreviated" href="http://www.avg.com">www.avg.com</a>
Version: 9.0.819 / Virus Database: 271.1.1/2915 - Release Date: 06/03/10 02:25:00
</pre>
</blockquote>
</body>
</html>