I would like to say there is some hidden plan that explains it, but no
it is an error.
The tech writer will be reprimanded.
I will have that fixed.
Thanks
John B.
On 2009-09-11, at 7:15 PM, Tatsuki Sakushima wrote:
Hi John,
The document misses a reference to the PAPE spec in Appendix D.
Is that done on purpose until some errors in the spec will be fixed?
Tatsuki
Tatsuki Sakushima
NRI Pacific - Nomura Research Institute America, Inc.
(9/11/09 8:49 AM), John Bradley wrote:
The GSA profile for openID is available at:
http://www.idmanagement.gov/documents/ICAM_OpenID20Profile.pdf
Many things that are SHOULD in the openID 2.0 spec are now MUST in
the profile.
There are new PAPE URI and other modifications.
Most of the OP's supporting the profile will not be restricting it
to only Gov RP's.
Any RP may elect to use all or parts of this new profile for any
purpose they choose.
Also any OP is free to support it wether or not they are on the GSA
whitelist.
To get on the GSA white-list OP's must support the profile and be
audited against a Trust Framework. The OIDF has information
available an applying through it's program.
There are quite a number of requirements on the RP side, that need
to be met.
The sooner these features are in libraries the sooner government
agencies can move ahead with deployments.
If there is interest we can set up a google group where developers
can get there questions on implementing the profile answered.
If I can get to IIW in Nov, I would like to organize a session on
this for people.
There will be revisions to the profile in the future as we all gain
experience.
The people who worked on the profile tried to profile only the
existing specifications as written without inventing anything
incompatible with existing implementations.
The GSA's goal is to enable as many existing identities as possible
to have access to govenment resources without making people create
new username and password accounts at each of the thousands of
potential RP sites.
Extra attention was taken to allow openID to be used without
divulging ANY PII to the government.
This includes the use of a Pseudonymous openID identifier to allow
sites that can take no PII or do any correlation to still use openID.
The regulation on this is quite strict. We could not convert the
ID to a pseudonym on the RP side and adhere to the regulation.
We hope that the profile maximizes participation of OP's and RPs
alike, while not placing insurmountable burdens on developers.
RP's and OP's that don't intend to make use of the profile need to
make no changes at all.
I regret bot being able to share more of this with you sooner. The
OIDF and the other foundations were requested not to discuss this
publicly until after the government announcements.
Regards
John Bradley
_______________________________________________
specs mailing list
[email protected]
http://lists.openid.net/mailman/listinfo/openid-specs
_______________________________________________
specs mailing list
[email protected]
http://lists.openid.net/mailman/listinfo/openid-specs
