Re: Draft charter for OpenID Certification working group

[Paul Madsen]

As I think of 'policy', everything here meets the definition, ie 
prescribed processes and technologies

it sounds like what you want is specific test putting 'privacy policy' 
in scope for the certification checklists?

or the possibility of a 'privacy focused profile'?

paul

On 03/06/2010 4:26 PM, Anthony Nadalin wrote:

So I agree, but not sure if we don't have people thinking about the 
policy aspects that we will do a good job in this area, thus just 
having a conformance I don't think will promote those thoughts

*From:* openid-specs-boun...@lists.openid.net 
[mailto:openid-specs-boun...@lists.openid.net] *On Behalf Of *Paul Madsen
*Sent:* Thursday, June 03, 2010 12:28 PM
*To:* openid-specs@lists.openid.net
*Subject:* Re: Draft charter for OpenID Certification working group

Tony, any of the checklists could stipulate requirements for consent 
policy

As does the draft for the trusted email profile

'show at most one page in 99% of the consent flows once the user is 
authenticated'

paul

On 03/06/2010 2:42 PM, Anthony Nadalin wrote:

So it seems that Policy was dropped out of the original description of 
the charter. The problem is that not factoring in policy concerns more 
generally in OpenID v.Next could hurt adoption. An example would be 
the lack of prior informed consent for the linking that might occur as 
OpenID v.Next goes up the assurance scale, but maybe no one is 
interested in OpenID going beyond Level 1.

*From:* openid-specs-boun...@lists.openid.net 
<mailto:openid-specs-boun...@lists.openid.net> 
[mailto:openid-specs-boun...@lists.openid.net] *On Behalf Of *Eric Sachs
*Sent:* Friday, May 14, 2010 9:48 AM
*To:* openid-specs
*Subject:* Draft charter for OpenID Certification working group

Resending because a few people complained this message ended up in 
their SPAMI Folder.

---------- Forwarded message ----------
From: *Eric Sachs* <esa...@google.com <mailto:esa...@google.com>>
Date: Mon, May 10, 2010 at 10:14 AM
Subject: Draft OpenID Certification working group charter
To: openid-specs <openid-specs@lists.openid.net 
<mailto:openid-specs@lists.openid.net>>
Cc: Allen Tom <a...@yahoo-inc.com <mailto:a...@yahoo-inc.com>>


What follows is a draft charter for the OpenID Certification working 
group.  Feedback is welcome, as are potential working group 
participants.  There is also a draft of some specific certification 
check lists 
<http://docs.google.com/View?id=ajkhp5hpp3tt_72gtng7zff> that I hope 
will spawn feedback.


(a)  Charter.


(i) WG name:  OpenID Certification

    (ii) Purpose:  Produce certification checklists for the use of
    OpenID in different use-cases so that neutral certification bodies
    such as OIX can validate IDPs against them as opposed to requiring
    each RP to individual perform such an analysis of each potential
    IDP. Specific goals are:

Define the checklist for at least one use-case

Have at least one IDP certified against that checklist by a 
certification body

Have at least one RP who will dynamically support the published list 
of IDP(s) that have been certified

    (iii) Scope:  Produce a list of certification use-cases, and
    checklists for them.  We expect this work will identify the need
    for additional enhancements to the technical standards, but in
    general this WG will not directly develop those standards, but
    will coordinate with other OpenID WGs to define the necessary
    standards.

    (iv) Proposed List of Use-Cases: The initial targeted use-cases
    are listed below based on discussion
    <https://sites.google.com/site/oauthgoog/UXFedLogin/whitelisting> from
    the April 2010 OpenID Summit and a later draft proposal
    <http://docs.google.com/View?id=ajkhp5hpp3tt_72gtng7zff>.

Trused Email Profile

Email Validation Profile

Untrusted Email Profile

URL only Profile

Email Hosting Profile

    (v) Anticipated audience or users of the work:  Implementers of
    OpenID Providers, Relying Parties, and certification bodies.

    (vi) Language in which the WG will conduct business:  English.
    (vii) Method of work:  E-mail discussions on the working group
    mailing list, working group conference calls, and face-to-face
    meetings at the Internet Identity Workshop and OpenID summits.

    (viii) Basis for determining when the work of the WG is completed:
     Work will not be deemed to be complete until there is a consensus
    that the resulting set of use-caess (and checklists) are
    sufficient to meet the market needs for OpenID certification.
    Additional proposed use-cases behond the initial list are expected.

(b)  Background Information.


(i) Related work being done in other WGs or organizations:  ICAM, 
InCommon, Open Identity Exchange (OIX), Kantara

    (ii) Proposers:

        Eric Sachs, esa...@google.com <mailto:esa...@google.com>,
        Google (chair)
        Allen Tom, a...@yahoo-inc.com <mailto:a...@yahoo-inc.com>

        Additional proposers to be added here

    (iii) Anticipated Contributions:  None.

  
  
_______________________________________________
specs mailing list
sp...@lists.openid.net  <mailto:sp...@lists.openid.net>
http://lists.openid.net/mailman/listinfo/openid-specs
   
  
  
  
No virus found in this incoming message.
Checked by AVG -www.avg.com  <http://www.avg.com>  
Version: 9.0.819 / Virus Database: 271.1.1/2915 - Release Date: 06/03/10 02:25:00
  
   



No virus found in this incoming message.
Checked by AVG - www.avg.com
Version: 9.0.819 / Virus Database: 271.1.1/2915 - Release Date: 06/03/10 
02:25:00

   
_______________________________________________
specs mailing list
sp...@lists.openid.net
http://lists.openid.net/mailman/listinfo/openid-specs