Re: OpenID v.Next Core Protocol Charter

Sat, 22 May 2010 09:25:50 -0700 

Yes, definitely!
a. For security reasons
b. To allow a consistent user experience at IDP's that need to support more protocols (eg. OpenID and SAML) for different relying parties. 

=henrik

Dick Hardt wrote

Great point Torsten. If there is interest in exploring single logout, 
then it likely belongs in this WG.


Are others interested in exploring single logout?

-- Dick

On 2010-05-22, at 2:30 AM, Torsten Lodderstedt wrote:


does this or another group consider to incorporate some kind of 
single logout support into OpenId?


regards,
Torsten.


At IIW yesterday I held a session on bashing the OpenID v.Nest Core 
Protocol Charter. Below is the current draft. Comments and/or 
questions welcome. Anyone interested in being a fellow proposer 
please let me know and I will add you.


-- Dick

*(a)**  /_Charter_/.*

*(i)*                  *WG name:*  OpenID v.Next Core Protocol.


*(ii)*                  *Purpose:*  Produce a core protocol 
specification or family of specifications for OpenID v.Next that 
address the limitations and drawbacks present in the OpenID 2.0 that 
limit OpenID’s applicability, adoption, usability, privacy, and 
security.  Specific goals are:


·       define message flows and verification methods,

·       enable support for controlled release of attributes,


·       enable aggregation of attributes from multiple verifiable 
sources,



·       enable support for a spectrum of clients, including passive 
clients per current usage, thin active clients, and active clients 
with OP functionality,



·       enable authentication to and use of attributes by 
non-browser applications,



·       enable the use of public key technology to enhance 
scalability and performance,



·       enable optimized protocol flows combining authentication, 
attribute release, and resource authorization,



·       define profiles and support features intended to enable 
OpenID to be used at levels of assurance higher than NIST SP800-63 
v2 level 1 ,


·       define an extension mechanism

·       ensure the use of OpenID on mobile devices,


·       ensure the use of OpenID on existing browsers with URL 
length restrictions,


·       complement OAuth 2.0

·       minimize migration effort from OpenID 2.0


·       seamlessly integrate with and complement the other OpenID 
v.Next specifications.



              Compatibility with OpenID 2.0 is an explicit non-goal 
for this work.



*(iii)*                  *Scope:*  Produce a next generation OpenID 
core protocol specification or specifications, consistent with the 
purpose statement.



*(iv)*                  *Proposed List of Specifications*:  OpenID 
v.Next Core Protocol and possibly related specifications.



*(v)*                  *Anticipated audience or users of the work:*  
Implementers of OpenID Providers, Relying Parties, Active Clients, 
and non-browser applications utilizing OpenID.



*(vi)*                  *Language in which the WG will conduct 
business*:  English.



*(vii)*                  *Method of work:  *E-mail discussions on 
the working group mailing list, working group conference calls, and 
face-to-face meetings at the Internet Identity Workshop and OpenID 
summits.



*(viii)*                  *Basis for determining when the work of 
the WG is completed:*  Work will not be deemed to be complete until 
there is a consensus that the resulting protocol specification or 
family of specifications fulfills the working group goals.  
Additional proposed changes beyond that initial consensus will be 
evaluated on the basis of whether they increase or decrease 
consensus within the working group.  The work will be completed once 
it is apparent that maximal consensus on the draft has been 
achieved, consistent with the purpose and scope.


*(b)**  /_Background Information_/.*


*(i)*                  *Related work being done in other WGs or 
organizations*:  OpenID Authentication 2.0 and related 
specifications, including Attribute Exchange (AX), Contract Exchange 
(CX), Provider Authentication Policy Extension (PAPE), and the draft 
User Interface (UI) Extension.  OAuth, OAuth WRAP, and OAuth 2.0.  
OpenID Connect proposal. SAML 2.0 Core and SAML Authn Context.


*(ii)*                  *Proposers:*

Dick Hardt, [email protected] <mailto:[email protected]> (chair)

Michael B. Jones, [email protected] <mailto:[email protected]>

Breno de Medeiros, [email protected] <mailto:[email protected]>

Ashish Jain, [email protected] <mailto:[email protected]>

George Fletcher, [email protected] <mailto:[email protected]>

* (iii)*                  *Anticipated Contributions*:  None.


 



_______________________________________________
specs mailing list
[email protected]
http://lists.openid.net/mailman/listinfo/openid-specs

  




------------------------------------------------------------------------

_______________________________________________
specs mailing list
[email protected]
http://lists.openid.net/mailman/listinfo/openid-specs

  

_______________________________________________
specs mailing list
[email protected]
http://lists.openid.net/mailman/listinfo/openid-specs























					Reply via email to