Re: [OpenID board] Two Working Group Membership Votes Needed

[David Recordon]

Hey Brett,
Sorry it took so long getting your email to the list.  Responses  
inline...

--David

On Feb 21, 2009, at 7:33 AM, Brett McDowell wrote:

Quick process questions regarding these charters.

1) The OpenID and OAuth Hybrid Extension Working Group charter doesn't
include the same "Related work being done by other WGs or
organizations" section that the "Contract Exchange Extension Working
Group" charter has.  This that an oversight or intentional?  If it's
intentional I'd ask the Board to consider including that section as a
requirement in all future charters to help the members understand how
new work being proposed relates to other work that's going on
elsewhere or even in other OIDF WG's.  For example, it would be better
for that section to be included and simply say "no related work going
on anywhere else that we know of" then to simply omit the section
altogether.

I think this is more of an oversight than anything.  Background  
information does include related work and I'd ask Allen to add it for  
reference.


2) The OAuth Hybrid Extension Working Group charter includes a
reference to "This small project includes [...] Open Source
implementations which the proposers would like to finalize within the
OpenID Foundation".  Is that an editorial error?  Is the scope of the
charter inclusive of both the specification and the code, or just the
spec?  I didn't realize that OIDF was also an open source foundation
with a CLA for open source development.

No, the working groups only produce specifications.  My reading of it  
is that the proposers wanted to provide additional information as  
background that they'll also be implementing the specification  
elsewhere.


3) Is there a recognized method for receiving comments on proposed
charters... or am I doing precisely what I should do if I have
comments or questions (take them to the Board mailing list)?  It might
be easier for the members is this ability was built into the voting
tool.

Most proposals, including this one, are first discussed on the sp...@openid.net 
 mailing list before the proposers officially submit it to the Specs  
Council for their approval.  The Specs Council then has a fourteen day  
period to discuss the proposal and make their recommendation which is  
the second opportunity for anyone to provide feedback and involve  
themselves in the discussion.  We currently then have a seven day  
notification period before the membership vote.  So, the best time is  
before the WG proposal is finalized (by monitoring the  
sp...@openid.net list) and/or during the Specs Council discussion.


Thank you for your consideration of my process questions regarding the
two proposed charters.


Brett McDowell | +1.413.652.1248 | http://info.brettmcdowell.com


On Fri, Feb 20, 2009 at 5:51 AM, Nat Sakimura <sakim...@gmail.com>  
wrote:

Thanks David!

On 2/20/09, David Recordon <da...@sixapart.com> wrote:
I've just created these two membership votes.

--David

On Feb 16, 2009, at 5:52 PM, David Recordon wrote:

Brian,
Can you please setup the two following votes for the membership?

Thanks,
--David

Begin forwarded message:

From: David Recordon <da...@sixapart.com>
Date: February 1, 2009 11:02:15 AM GMT+13:00
To: sp...@openid.net
Subject: RECOMMENDED: Proposal to create the Contract Exchange
Extension working group

The Specifications Council recommends that the Foundation members
approve the creation of the Contract Exchange Extension working
group (http://openid.net/pipermail/specs-council/2009-January/000110.html

), as proposed below and found at
http://wiki.openid.net/Working_Groups%3AContract_Exchange_1
.

If you are a member of the OpenID Foundation, you'll be able to
login and vote on the creation of this new working group after  
this
14-day notice period.  The vote thus will be from Wednesday
Saturday 14th through Saturday February 21st.  All votes are held
in US Pacific Time.

--David
_______________________________________________
specs mailing list
sp...@openid.net
http://openid.net/mailman/listinfo/specs

Begin forwarded message:

From: David Recordon <da...@sixapart.com>
Date: February 1, 2009 11:03:02 AM GMT+13:00
To: OpenID Specs Mailing List <sp...@openid.net>
Subject: Re: RECOMMENDED: Proposal to create the OpenID and OAuth
Hybrid Extension working group

Unless there are any objections, I will change this voting period
to match that of the CX working group where the vote will open
Saturday February 14th.

--David

----- "David Recordon" <da...@sixapart.com> wrote:
The Specifications Council recommends that the Foundation members
approve the creation of the OpenID and OAuth Hybrid Extension
working group
(http://openid.net/pipermail/specs-council/2009-January/ 
000099.html
), as proposed below and found at
http://wiki.openid.net/OpenID-and-OAuth-Hybrid-Extension
.


If you are a member of the OpenID Foundation, you'll be able to
login and vote on the creation of this new working group after  
this
14-day notice period.  The vote thus will be from Wednesday
February 11th through Wednesday February 18th.  All votes are held
in US Pacific Time.


--David




Background Information
OpenID has always been focused on how to enable user- 
authentication
within the browser.  Over the last year, OAuth has been developed
to allow authorization either from within a browser, desktop
software, or mobile devices. Obviously there has been interest in
using OpenID and OAuth together allowing a user to share their
identity as well as grant a Relying Party access to an OAuth
protected resource in a single step. A small group of people have
been working on developing an extension to OpenID which makes this
possible in a collaborative fashion within
http://code.google.com/p/step2/
. This small project includes a draft spec and Open Source
implementations which the proposers would like to finalize within
the OpenID Foundation.


Working Group Name
OpenID OAuth Hybrid Working Group


Purpose
Produce a standard OpenID extension to the OpenID Authentication
protocol that provides a mechanism to embed an OAuth approval
request into an OpenID authentication request to permit combined
user approval. The extension addresses the use case where the
OpenID Provider and OAuth Service Provider are the same service.  
To
provide good user experience, it is important to present a  
combined
authentication and authorization screen for the two protocols.


Scope
The proposed work is as follows:


  * Extend the OpenID authentication request/response and the
assertion verification mechanism, to embed an OAuth approval
request into an OpenID authentication request. Assuming  the  
OpenID
Provider and OAuth Service Provider are the same service.
  * Insulation of each protocol from the other, both for backwards
compatibility as well as to enable OpenID and OAuth to evolve and
incorporate additional features without requiring reviews of the
combined usage. Especially, to allow future support for
unregistered OAuth consumers.
  * Security analysis and best practices


Out of scope


  * The OpenID extension does not define an unregistered OAuth
consumers mode, but instead ensures that such support would be
possible by protocol insulation. The unregistered consumers mode
should be defined separately in the OAuth specifications.


Anticipated Contributions
Finalize the OpenID OAuth Extension spec
(http://step2.googlecode.com/svn/spec/openid_oauth_extension/drafts/0/openid_oauth_extension.html

) as an official OpenID Extension.


Proposed List of Specifications
OpenID OAuth Extension 1.0. Specification completion by Q1 2009.


Anticipated audience or users of the work
  * OpenID Providers and Relying Parties
  * OAuth Consumers and Service Providers
  * Implementers of OpenID Providers and Relying Parties


Language in which the WG will conduct business
English.


Method of work
E-mail discussions on the working group mailing list and working
group conference calls.


Basis for determining when the work of the WG is completed
The work will be completed once it is apparent that maximal
consensus on the protocol proposal has been achieved within the
working group, consistent with the purpose and scope.


Proposers
  * Ben Laurie, b...@google.com, Google
  * Breno de Medeiros, br...@google.com, Google
  * David Recordon, drecor...@sixapart.com, Six Apart
  * Dirk Balfanz, balf...@google.com, Google
  * Joseph Smarr, jsm...@plaxo.com, Plaxo
  * Yariv Adan, ya...@google.com, Google
  * Allen Tom, a...@yahoo-inc.com , Yahoo
  * Josh Hoyt, j...@janrain.com , JanRain


Initial Editors
  * Dirk Balfanz, balf...@google.com, Google
  * Breno de Medeiros, br...@google.com, Google



_______________________________________________ specs mailing
list sp...@openid.net http://openid.net/mailman/listinfo/specs
_______________________________________________
specs mailing list
sp...@openid.net
http://openid.net/mailman/listinfo/specs

_______________________________________________
board mailing list
board@openid.net
http://openid.net/mailman/listinfo/board

_______________________________________________
board mailing list
board@openid.net
http://openid.net/mailman/listinfo/board



--
Nat Sakimura (=nat)
http://www.sakimura.org/en/
_______________________________________________
board mailing list
board@openid.net
http://openid.net/mailman/listinfo/board
_______________________________________________
board mailing list
board@openid.net
http://openid.net/mailman/listinfo/board

_______________________________________________
board mailing list
board@openid.net
http://openid.net/mailman/listinfo/board