Re: [OpenID] Signing method for XRD

2009-06-12 Thread =nat
. Now, here is another question then. If libraries with decent API becomes available to each language, written in that language, and is tested for compatibility to each other, would you be amiable to this constrained form of XML DSig? =nat On Thu, 11 Jun 2009 16:14:56 +0200, David Garcia

Re: [OpenID] Signing method for XRD

2009-06-12 Thread Nat Sakimura
. If it is not there, then we need to evaluate how easy is it to do that, and perhaps create a project to make them. Cheers, =nat On Sat, Jun 13, 2009 at 3:01 AM, David Garcia dave...@gmail.com wrote: Hi, Sure I'll do it, but let me make an in-depth analisis of alternatives before pointing to a concrete

Re: [OpenID] Signing method for XRD

2009-06-11 Thread Nat Sakimura
: do people implement it? My Concern about supporting both are: 1. Is it going to be too much to ask library writers to support both XML Dsig and Simple Sign? As a ever indecisive person, I tend to opt for Both option, but what do you guys think of it? =nat On Thu, Jun 11, 2009 at 2:01 PM

Re: [OpenID] Signing method for XRD

2009-06-11 Thread Nat Sakimura
-inc.com wrote: Hi Nat, Generating signatures is tricky, and XMLDSig is trickier than most. That being said, there are libraries that do it, and they do seem to work. First of all, I'd be happier to see something other than XML, but if XML has already been decided on, then I would not mind

OAuth Hybrid and UI ML?

2009-06-11 Thread Nat Sakimura
is the discussion being conducted right now? -- Nat Sakimura (=nat) http://www.sakimura.org/en/ ___ specs mailing list specs@openid.net http://openid.net/mailman/listinfo/specs

Re: Requiring Pseudonymous Identifier

2009-05-13 Thread Nat Sakimura
, as some of you points out. Regards, =nat On Tue, May 12, 2009 at 5:55 PM, Dick Hardt dick.ha...@gmail.com wrote: On 12-May-09, at 1:36 AM, Nat Sakimura wrote: Reason for using RP's Subject in XRD instead of simply using realm is to allow for something like group identifier. would you elaborate

Re: Requiring Pseudonymous Identifier

2009-05-13 Thread Nat Sakimura
is not directly related to the psudonym issue. So, shall we separate this topic into another thread with more appropriate subject? =nat ___ specs mailing list specs@openid.net http://openid.net/mailman/listinfo/specs

Re: Requiring Pseudonymous Identifier

2009-05-13 Thread Nat Sakimura
, etc. so I think it is useful. To indicate the quality of the identifier and the assertion, we should utilize PAPE. =nat On Thu, May 14, 2009 at 1:28 AM, George Fletcher gffle...@aol.com wrote: I'm perfectly fine with using RP discovery as a mechanism for the RP to specify what policy

Re: Identifier for group of individulas

2009-05-13 Thread Nat Sakimura
My interpretation is that the fragment does not necessarily mean a new user, but it just differentiate among different users. =nat On Thu, May 14, 2009 at 2:15 AM, Andrew Arnott andrewarn...@gmail.com wrote: Fragments are valid URI parts.  But they are unique in that a web browser never sends

Re: Identifier for group of individulas

2009-05-13 Thread Nat Sakimura
Well, I think this just says that the full URI MUST not be reassigned to different (group of) entities, that the verified identifier will be always this non-recycled full identifier. =nat On Thu, May 14, 2009 at 2:39 AM, Andrew Arnott andrewarn...@gmail.com wrote: From the spec: 11.5.1

Re: OpenID Security

2009-02-05 Thread Nat Sakimura
Actually, we have previously tested Fortify. As you have stated, it is not possible to use it without a professional service. It is merely a tool to assist the security analyst. =nat On Fri, Feb 6, 2009 at 5:48 AM, Darren Bounds dbou...@gmail.com wrote: I do not believe OWASP presently does any

Re: Suggested scoping for AX 2.0 WG

2009-02-03 Thread Nat
different design pattern then what AX does now. I have not seen the background on why this is in scope, so perhaps I can have a different view if someone cares to enlighten me. When Nat Sakimura wrote the contract exchange CX proposal, he included scope for exchanging validation/metadata about

Re: OpenID Mobile Profile?

2009-01-31 Thread Nat Sakimura
/ticket is created by the RP and OP goes and fetch the request from RP. I chose this design because RP can be inside the firewall when OP is on the internet which is a more likely use case for OpenID. =nat On Sat, Jan 31, 2009 at 3:21 AM, Johannes Ernst jernst+openid.net@ netmesh.us wrote: In which

OpenID Mobile Profile?

2009-01-29 Thread Nat Sakimura
. SAML world has defined artifact binding to cope with it. IMHO, OpenID should define something like that also. In Japan, there are bunch of people (including mobile carriers) who wants to do it. Are there interest here as well? -- Nat Sakimura (=nat) http://www.sakimura.org/en

Re: OpenID Mobile Profile?

2009-01-29 Thread Nat Sakimura
or per handset class (e.g., mid-p enabled phones, etc.), I think. =nat On Fri, Jan 30, 2009 at 2:56 PM, Johannes Ernst jernst+openid.net@ netmesh.us wrote: Are you talking about URL length limitations for the identifiers that users need to enter, or for URLs that are being sent around as part

Re: CX proposal update

2009-01-22 Thread Nat
Nat, Can you define the term contract? Is it legally binding? It is just a signed set of attributes? Who are the parties involved with signing the contract? The RP, OP, and user? Instead of defining a new CX extension, would it just be sufficient to define new attributes using AX? Would

Re: CX proposal update

2009-01-22 Thread Nat Sakimura
the UI. Whatever is the appropriate UI in the jurisdiction, the proof of the consent and the wrokflow (such as, if proxy signing is done, the proxy agreement must precedes the signing etc.) will probably stay the same most of the time. =nat On Fri, Jan 23, 2009 at 11:03 AM, Allen Tom a...@yahoo-inc.com

CX proposal update

2009-01-13 Thread Nat Sakimura
I have edited the Contract Exchange Proposal on the wiki. http://wiki.openid.net/Working_Groups%3AContract_Exchange_1 It is substantially shorter and easier to parse, hopefully. Please discuss. -- Nat Sakimura (=nat) http://www.sakimura.org/en

Re: Separation of Discovery from AuthN (was Proposal to form Discovery Working Group)

2009-01-11 Thread Nat Sakimura
I think so. =nat On Sun, Jan 11, 2009 at 8:14 AM, Breno de Medeiros br...@google.com wrote: Well, Eran published a draft of the full XRD discovery standard yesterday. That changes things, because puts discovery on much more solid ground. The biggest remaining issue to be addressed

Re: Separation of Discovery from AuthN (was Proposal to form Discovery Working Group)

2009-01-06 Thread Nat Sakimura
But I suppose it is worthwhile to make the spec clearler. It can be clearer by decomposeing the notion of OP into Discovery Service and Authentication Service than collectively calling it as OP. That will facilitate a better understanding of the strength and weakness of the protocol as well. =nat

Re: [OIDFSC] FW: Proposal to create the TX working group

2009-01-02 Thread Nat Sakimura
Hi David, Since I am in the new years holiday (just when you got back from your holiday...), I will just comment on a few things inline to supplement Henrik and Drummond's comments. On Wed, Dec 31, 2008 at 5:33 PM, David Recordon record...@gmail.com wrote: Hi Nat, I read Josh's email

Re: Request for consideration of Working Group Charter Proposal

2008-12-19 Thread Nat Sakimura
Identity. * Breno de Medeiros, br...@google.com. Google, Inc. (editor) * Hideki Nara, hd...@ic-tact.co.jp, Tact Communications * Nat Sakimura, n-sakim...@nri.co.jp (editor) -- --Breno +1 (650) 214-1007 desk +1 (408) 212-0135 (Grand Central) MTV-41-3 : 383-A PST (GMT

Re: Request for consideration of Working Group Charter Proposal

2008-12-19 Thread Nat Sakimura
I noticed a typo. Dick's mail address is not skip.com it is d...@sxip.com. =nat On Sat, Dec 20, 2008 at 11:29 AM, Nat Sakimura sakim...@gmail.com wrote: +1 but where does the class in the earlier post of mine fits into in the scope? On Sat, Dec 20, 2008 at 6:16 AM, Breno de Medeiros br

Please process the WG proposals on the table (WAS The Specs Council and Process)

2008-12-17 Thread Nat Sakimura
believe, though the scope may seems a bit wide, the WG scope being wider than what it really needs to is not a bad thing. WG can always narrow the scope without any IPR consideration, but it is virtually impossible to widen the scope afterwards. =nat -- Nat Sakimura (=nat) http://www.sakimura.org/en

What is the status of AX 2.0 WG proposal?

2008-12-17 Thread Nat Sakimura
I am very interested in it, but have not heard about it for sometime. What is the status right now? -- Nat Sakimura (=nat) http://www.sakimura.org/en/ ___ specs mailing list specs@openid.net http://openid.net/mailman/listinfo/specs

Could you update me of the status of CX WG proposal?

2008-12-17 Thread Nat Sakimura
easily in my addressbook. I wanted to email to the entire spec council, really. -- Nat Sakimura (=nat) http://www.sakimura.org/en/ ___ specs mailing list specs@openid.net http://openid.net/mailman/listinfo/specs

Re: What is the status of AX 2.0 WG proposal?

2008-12-17 Thread Nat Sakimura
I could start on it -- sorry. -- Dick On 17-Dec-08, at 4:56 PM, Nat Sakimura wrote: I am very interested in it, but have not heard about it for sometime. What is the status right now? -- Nat Sakimura (=nat) http://www.sakimura.org/en

Re: Could you update me of the status of CX WG proposal?

2008-12-17 Thread Nat Sakimura
Thanks Dick! I am looking forward to hear Go Ahead! from the spec council in a very near future for CX WG. =nat On Thu, Dec 18, 2008 at 11:30 AM, Dick Hardt dick.ha...@gmail.com wrote: On 17-Dec-08, at 6:17 PM, Nat Sakimura wrote: Hi. Could you kindly update me of the status of CX WG

Re: What is the status of AX 2.0 WG proposal?

2008-12-17 Thread Nat Sakimura
on and sign over only one class etc. Could we add something like this to the scope as well? =nat On Thu, Dec 18, 2008 at 1:00 PM, Nat Sakimura sakim...@gmail.com wrote: I am looking foward to it! On Thu, Dec 18, 2008 at 12:00 PM, Dick Hardt dick.ha...@gmail.com wrote: Breno, if you have time

Re: What is the status of AX 2.0 WG proposal?

2008-12-17 Thread Nat Sakimura
Added implication is that, by defining sreg class, we can effectively roll sreg into AX. =nat On Thu, Dec 18, 2008 at 1:10 PM, Nat Sakimura sakim...@gmail.com wrote: P.S. I and Hide Nara was talking the other day that it probably would be very useful for the AX to be able to define a class

Re: A Working Groups Wiki Page

2008-12-16 Thread Nat Sakimura
Indeed. From the spec works point of view, since a WG can always narrow the scope but not exand, it would be better to get it in the scope at the beginning. That's why I have put it there. We can always drop it later. =nat On Fri, Dec 5, 2008 at 10:14 AM, Breno de Medeiros br...@google.com

Re: Proposal to create the TX working group

2008-12-04 Thread Nat Sakimura
version of the charter proposal. http://wiki.openid.net/Working_Groups:Contract_Exchange_1.0 Hope this one is finally acceptable. On Thu, Dec 4, 2008 at 10:42 PM, Nat Sakimura [EMAIL PROTECTED] wrote: I have discussed with Dick at iiw to see if it is possible to build on AX. It seems it is inevitable

Re: A Working Groups Wiki Page

2008-12-04 Thread Nat Sakimura
Thanks David, I have put the CX page onto it. Regards, =nat On Thu, Dec 4, 2008 at 4:40 PM, David Recordon [EMAIL PROTECTED]wrote: We now have a wiki page for Working Groups! http://wiki.openid.net/Working_Groups I've listed the current PAPE WG as well as the groups that I know have been

Re: PC Insurance Carriers

2008-12-04 Thread Nat Sakimura
That sounds interesting. We have some member companies from PC insurance in OpenID Japan as well, so I might able to cordinate something with you. =nat On Fri, Dec 5, 2008 at 4:31 AM, McGovern, James F (HTSC, IT) [EMAIL PROTECTED] wrote: I am attempting to put together a discussion amongst

Re: A Working Groups Wiki Page

2008-12-04 Thread Nat Sakimura
of view, it might be better to define dsig separately and reference it from the core spec.) =nat On Fri, Dec 5, 2008 at 2:20 AM, Breno de Medeiros [EMAIL PROTECTED] wrote: Hi Nat, I see that as part of your scope you are discussing an OpenID D-Sign deliverable. Is this really necessary

Re: PAPE and NIST level policies.

2008-11-25 Thread Nat
The proposal on the table has generalized NIST thing, I believe. As to the upstream hint is concerned, I think it is a good idea but it was out of scope of the current WG. It belongs to the future spec I guess. [EMAIL PROTECTED] via iPhone On 2008/11/25, at 18:10, Martin Paljak [EMAIL

Re: Proposal to create the TX working group

2008-11-13 Thread Nat Sakimura
I was pointed out by Dick that Key Exchnage really should be Key Discovery. I agree. So, I would do s/Key Exchange/Key Discovery/g. Cheers, =nat On Thu, Nov 13, 2008 at 4:02 PM, Nat Sakimura [EMAIL PROTECTED] wrote: Hi. Here is the modified version of the charter based on the discussion

Re: Proposal to create the TX working group

2008-11-12 Thread Nat Sakimura
Hi. Here is the modified version of the charter based on the discussion at IIW. I chose Contract Exchange instead of Contract Negotiation since detailed negotiation is out of scope. Cheers, =nat *Contract Exchange WG Charter (formally TX). * In accordance with the OpenID Foundation IPR

Re: Proposal to create the TX working group

2008-11-09 Thread Nat Sakimura
of them are in the list. Some of them are still in process, and some of them would not like to be identified.) and why some peculiar variables are defined in the proposed TX spec. =nat On Sun, Nov 9, 2008 at 4:29 PM, David Recordon [EMAIL PROTECTED]wrote: After reading the extension a few times, I'm

Re: Proposal to create the TX working group

2008-11-08 Thread Nat Sakimura
Maybe just OpenID Trust Extension just like WS-Trust? =nat On Sun, Nov 9, 2008 at 5:06 AM, Nat Sakimura [EMAIL PROTECTED] wrote: Hi David, I do not have any particular attachment to trust exchange. So, I am ok in changing it but it would be nice if I can preserve TX acronym though. Do you

Re: Proposal to create the TX working group

2008-11-01 Thread Nat Sakimura
Hi David, Thanks for your comments. My reply inline below: 2008/11/1 David Recordon [EMAIL PROTECTED] Hey Nat,Do you see this as being built atop Attribute Exchange for transport or as something new that TX defines? I know Sxip had done work with AX to enable passing signed and encrypted

Proposal to create the TX working group

2008-10-31 Thread Nat Sakimura
PROTECTED] mailto:[EMAIL PROTECTED], Netamia (Denmark) Hideki Nara, [EMAIL PROTECTED] mailto:[EMAIL PROTECTED], Tact Communications (Japan) John Bradeley, [EMAIL PROTECTED], OASIS IDTrust Member Section (Canada) Mike Graves, [EMAIL PROTECTED] mailto:[EMAIL PROTECTED], JanRain, Inc. (U.S.A.) Nat

Re: Backporting the 2.0 extension mechanism to 1.1

2008-08-13 Thread Nat Sakimura
Since PAPE needs more integrity in the message (otherwise, the whole point of PAPE is lost), it would be ok to leave it just to OpenID 2.0 and make it an incentive to move to OpenID 2.0, IMHO. =nat Johnny Bufu wrote: On 11/08/08 10:35 AM, Martin Atkins wrote: In that referenced section

Re: Backporting the 2.0 extension mechanism to 1.1

2008-08-11 Thread Nat Sakimura
Actially, that interpretation is not right. In draft 3, we have made it clear. [EMAIL PROTECTED] On 2008/08/12, at 2:35, Martin Atkins [EMAIL PROTECTED] wrote: Johnny Bufu wrote: On 11/08/08 12:49 AM, Martin Atkins wrote: I notice that, like sreg, the pape extension is supporting 1.1 by

Re: Non-interactive logins

2008-07-16 Thread Nat Sakimura
in the coming weeks. If you would like to join in the boat, you are more than welcome :-) =nat Anders Feder wrote: tir, 15 07 2008 kl. 21:28 -0700, skrev John Panzer: And of course any number of extensions could be created to obtain an access token via an alternate path, after which normal OAuth

Re: Proposal to create the PAPE working group

2008-05-22 Thread Nat Sakimura
a proposer of the WG, but to debug the process, somebody has to do the role of responder to the call for participation, so... :-) =nat 2008/5/23 Mike Jones [EMAIL PROTECTED]: This message is being sent to revise the proposal to create the PAPE working group, changing only one word, so

Re: Login Federation

2008-02-20 Thread Nat Sakimura
members. Regards, =nat Brett Carter wrote: John Ehn wrote: Sounds good. I'm working on a draft. Once it's in a readable state, I'll post it for comments. Thanks! Is there a formal process for submitting a proposal yet? Or are we just going with RFC format for now? -Brett

Re: Login Federation

2008-02-18 Thread Nat Sakimura
or possible, things does not work out so nicely then. You need a way to tell RP the OP somehow. One possible way is always to jump from a link page but that is not very realistic. Using a browser plug-in is another. Of course, this is not a spec either... Regards, Nat Brett Carter wrote: I've dug

Re: OpenID 3.0

2008-02-04 Thread Nat Sakimura
not need to go to 3.0. Regards, =nat Johannes Ernst wrote: Amen. Let's build (optional) extensions, and only if that absolutely does not work for an essential feature, meekly suggest that the smallest possible set of changes be made to an existing spec. Note that any term such as OpenID 3.0

Re: XACML

2007-12-11 Thread Nat Sakimura
Hi James, I am definitely interested in something like that. It has been a long standing ToDo for me, though currently, my focus is more on the reputation side because I need it now for an implementation that we are doing now (for enterprise use.) Nat Bill Washburn wrote: Hi James-- Thanks

Re: [Idschemas] identity schema element metadata: using existingspecifications

2007-09-09 Thread Nat Sakimura
at one place is too risky. =nat Chris Drake wrote: Hi, Having missed the summit - can anyone tell if there was any dissent or scaremongering going on? The idea of assisting everyone who's collecting information about me, to share it easily, seems like an exceptionally Bad Idea (tm

RE: Specifying identifier recycling

2007-06-05 Thread =nat
OPs to specify a unique opaque string as the identification data would be much simpler than requiring parties to do public key verification, I think :-) Having said that, I do agree that we should be completing 2.0 cycle quickly and making it SIMPLE! Nat -Original Message- From

RE: Specifying identifier recycling

2007-06-04 Thread =nat
Hi. My comments in-line below: On Saturday, June 02, 2007 5:40 AM, Johannes Ernst wrote: On May 31, 2007, at 18:41, Nat Sakimura wrote: Public key idea is somewhat attractive to me, but there are some issues that comes up in my mind as well. Bring them on ;-) 1) Storing many

Attribute Exchange external reference?

2007-06-04 Thread =nat
in the New Attribute Process [http://openid.net/specs/openid-attribute-types-1_0-02.html#anchor6], but since it requires fetching of external document and thus changes the client behavior, I brought up this here. Any thought? =nat ___ specs mailing

RE: Specifying identifier recycling

2007-05-31 Thread Nat Sakimura
-broker is somewhat trustable on the account of no recycling because of this operational restriction. Could there be operational restriction similart to that for general OPs as well? =nat -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Johannes