sure that high-end approaches (like XML-DSIG) work
>>> well,
>>>> but
>>>>> > low-end approaches (like XML-RSIG) work just as well
>>>>> > 3. to maintain a best practices document that says "today,
>>> choice X is
>>>>> your
>>>
at all? Where is the discussion being conducted right
now?
--
Nat Sakimura (=nat)
http://www.sakimura.org/en/
___
specs mailing list
specs@openid.net
http://openid.net/mailman/listinfo/specs
ed by adding a
> level of indirection. This may well be one of those cases.
>
>
>
>
>
> Johannes Ernst
> NetMesh Inc.
>
>
> ----------
>
>
>
> --
>
> http://netmesh.info/jernst
>
>
>
>
en I would not mind seeing something other
> than XMLDSig, if the alternative is significantly for developers to generate
> than XMLDSig.
>
> Allen
>
> Nat Sakimura wrote:
>
> Hmmm.
>
> Perhaps I did not spell my intent in the original mail well enough.
>
> My question
st bet, and we say that because based on our market research, X has the
> highest market share in terms of implementors today."
>
> As we all know, any problem in computer science can be solved by adding a
> level of indirection. This may well be one of those cases.
>
>
>
>
ment being posted to the list, then, I will
take of this moderation flag
so that you can freely post.
Cheers,
--
Nat Sakimura (=nat)
http://www.sakimura.org/en/
___
specs mailing list
specs@openid.net
http://openid.net/mailman/listinfo/specs
at login time and
> by Relying Parties for display purposes.
>
> This smells hugely of the idea that only one user controls an identifier at
> a time.
>
> --
> Andrew Arnott
> "I [may] not agree with what you have to say, but I'll defend to the death
> your ri
a group membership claim kept separate
>> > from
>> > the identity claim, perhaps via the claim discovery I described in the
>> > other
>> > thread.
>> > --
>> > Andrew Arnott
>> > "I [may] not agree with what you have to say
anywhere but in
>> their SmartCard.
>> Then, sector sepcific PIN (ssPIN) is calculated in the manner of :
>>
>> SHA1(sPIN + SectorID)
>>
>> (Note, there is a bit more details but...)
>>
>> I have thrown OP secret into it.
>&
like
https://id.mixi.jp/nat/friend#hashOfYourId etc.,
if I rememer right.
As you can see, it requires no change in the OpenID AuthN 2.0 nor an extension.
Anyways.. my 2c.
=nat
--
Nat Sakimura (=nat)
http://www.sakimura.org/en/
___
specs mailing list
specs@
On Thu, May 14, 2009 at 12:46 AM, SitG Admin
wrote:
> Having two simultaneous threads on two closely related lists, with the same
> subject line, can be confusing.
Right.
The original that I raised is what I have explained copule of hours ago.
It is the identifier of the RP Service (which may sp
secret, as some of you
points out.
Regards,
=nat
On Tue, May 12, 2009 at 5:55 PM, Dick Hardt wrote:
>
> On 12-May-09, at 1:36 AM, Nat Sakimura wrote:
>>
>> Reason for using RP's Subject in XRD instead of simply using realm is
>> to allow for something like group ide
Hi.
Where can I find the most current version of OpenID / OAuth hybrid spec draft?
I would like to look at it to see if I can borrow as much from the
draft for what I am thinking right now.
--
Nat Sakimura (=nat)
http://www.sakimura.org/en/
___
specs
his is just one idea. Downside of this approach
is that we need to set up a WG.
I am sure there are more ideas. It might be possible to utilize AX
so that it will only be a profile that does not require a WG.
So shall we start discussing which direction we want to go forward?
--
Nat
mpleted.
>>
>> Proposers
>>
>> * Allen Tom, a...@yahoo-inc.com, Yahoo!
>> * Brian Ellin, br...@janrain.com, Janrain
>> * David Recordon, da...@sixapart.com, Six Apart
>> * Chris Messina, ch...@citizenagency.com, Vidoop/DiSo Project * B
on't have to worry
>> about licensing as OWASP (http://www.owasp.org) will scan at no cost...
>>
>> ------
>>
>> Message: 1
>> Date: Fri, 6 Feb 2009 01:34:33 +0900
>> From: Nat Sakimura
>> Subject: Re: OpenID Security
>> To: "McGovern, James F (HTSC, IT)
have/practice/need different
> security standards, too (let the first people to want OWASP, submit the
> libraries they're thinking of using to OWASP).
>
> -Shade
> ___
> specs mailing list
> specs@openid.net
> http://openid.net/mai
fy the sender immediately by return
> e-mail, delete this communication and destroy all copies.
>
>
> ___
> specs mailing list
> specs@openid.net
> http://openid.net/mailman/l
sumer) first requests a Request Token using direct communication,
> and then redirects the browser to the OP (aka SP) with the Request Token to
> maintain the state. Instead of having the browser pass all the request
> parameters on the URL, all the parameters are represented by the Re
Ernst wrote:
> In which case, back to your original question:
>
> Are there poeple who are interested in discussing OpenID Mobile profile
> sort of thing?
>
>
> My answer would be "Yes".
>
>
>
> On Jan 29, 2009, at 22:14, Nat Sakimura wrote:
>
> Th
an episode of Melrose Place
> than a technical accomplishment...
>
> EHL
>
>
> [1] http://lists.w3.org/Archives/Public/www-tag/2009Jan/0114.html
> ___
> specs mailing list
> specs@openid.net
> http
l?
> IMHO the most important question to ask for mobile devices is: can we do
> without "typing" anything?
>
> On Jan 29, 2009, at 16:56, Nat Sakimura wrote:
>
> Hi.
>
> Are there poeple who are interested in discussing OpenID Mobile profile
> sort of thing?
.
SAML world has defined artifact binding to cope with it. IMHO, OpenID should
define something like that also.
In Japan, there are bunch of people (including mobile carriers) who wants to
do it.
Are there interest here as well?
--
Nat Sakimura (=nat)
http://www.sakimura.org/en
;>> _______
>> specs mailing list
>> specs@openid.net
>> http://openid.net/mailman/listinfo/specs
>>
>
> ___
> specs mailing list
> specs@openid.net
> http://openid.net/mailman/listinfo/specs
>
--
Nat Sakimura (=nat)
http://www.sakimura.org/en/
___
specs mailing list
specs@openid.net
http://openid.net/mailman/listinfo/specs
nce
> >> >
> >> > All those interested in the obtaining attributes about users
> >> > authenticated via OpenID.
> >> >
> >> >
> >> > VI. Language of business
> >>
tes using AX?
>
> Would it make more sense to use OAuth instead of defining a new OpenID
> extension? OAuth is designed to allow a user to authorize an RP (aka
> Consumer) to access protected resources hosted by the user's OP (aka Service
> Provider). It might make more sense to us
I have edited the Contract Exchange Proposal on the wiki.
http://wiki.openid.net/Working_Groups%3AContract_Exchange_1
It is substantially shorter and easier to parse, hopefully.
Please discuss.
--
Nat Sakimura (=nat)
http://www.sakimura.org/en
n Yadis-based and XRD-based discovery, since the authN
>> part of the spec is unlikely to change as much.
>>
>> I am in favor of separating the two specifications and create a
>> 2.0-compatible (with language clean-up) version of discovery.
>>
>> 2009/1/6 Nat Sakimu
ay, January 04, 2009 11:24 PM
> *To:* Drummond Reed
> *Cc:* sappe...@gmail.com; 'Nat Sakimura'; 'John Bradley'; specs@openid.net
> *Subject:* Re: Separation of Discovery from AuthN (was Proposal to form
> Discovery Working Group)
>
>
>
> I'd advocate fo
and should state why the proposal falls into one of the criteria
>> concretely and accountably.
>>
>> Regards,
>>
>> =nat
>>
>> On Wed, Dec 31, 2008 at 7:58 AM, Josh Hoyt wrote:
>>
>>> On Tue, Dec 30, 2008 at 12:17 PM, Mike Jones
>>> wrote:
>>> > I realize it was Christmas week but it's been a week and we've heard
>>> nothing
>>> > from any of the other specs council members on this proposal (or the
>>> other
>>> > one as well).
>>>
>>> I agree with the statement that you made about this proposal.
>>>
>>> Josh
>>>
>>
>>
>>
>> --
>> Nat Sakimura (=nat)
>> http://www.sakimura.org/en/
>>
>
>
--
Nat Sakimura (=nat)
http://www.sakimura.org/en/
___
specs mailing list
specs@openid.net
http://openid.net/mailman/listinfo/specs
scovery
>>>>> specifications as formulated by the OASIS XRI TC, for normative
>>>>> application by all other OpenID specifications. Produce a document
>>>>> describing the recommended migration of services discovery from the
>>>>> Yadis 1.0
I noticed a typo. Dick's mail address is not skip.com it is d...@sxip.com.
=nat
On Sat, Dec 20, 2008 at 11:29 AM, Nat Sakimura wrote:
> +1 but where does the "class" in the earlier post of mine fits into in the
> scope?
>
> On Sat, Dec 20, 2008 at 6:16 AM, Breno de
itor)
> >>* Mike Graves, mgra...@janrain.com, JanRain, Inc.
> >>* Dick Hardt, d...@skip.com. Sxip Identity.
> >>* Breno de Medeiros, br...@google.com. Google, Inc. (editor)
> >>* Hideki Nara, hd...@ic-tact.co.jp, Tact Communications
> >>
Added implication is that, by defining "sreg" class, we can effectively roll
sreg into AX.
=nat
On Thu, Dec 18, 2008 at 1:10 PM, Nat Sakimura wrote:
> P.S. I and Hide Nara was talking the other day that it probably would be
> very useful for the AX to be able to define a "
ll be shorter, and also will become easier to
extract a portion of the attributes in a semantically meaningful collection.
We can even go on and sign over only one class etc.
Could we add something like this to the scope as well?
=nat
On Thu, Dec 18, 2008 at 1:00 PM, Nat Sakimura wrote:
> I am
Thanks Dick!
I am looking forward to hear "Go Ahead!" from the spec council in a very
near future for CX WG.
=nat
On Thu, Dec 18, 2008 at 11:30 AM, Dick Hardt wrote:
>
> On 17-Dec-08, at 6:17 PM, Nat Sakimura wrote:
>
> Hi.
>>
>> Could you kindly update
have a work item to write up the scope so that we can get it started --
>>> but have needed to deal with some time critical tasks before I could
>>> start
>>> on it -- sorry.
>>> -- Dick
>>> On 17-Dec-08, at 4:56 PM, Nat Sakimura wrote:
>>
easily in my addressbook.
I wanted to email to the entire spec council, really.
--
Nat Sakimura (=nat)
http://www.sakimura.org/en/
___
specs mailing list
specs@openid.net
http://openid.net/mailman/listinfo/specs
I am very interested in it, but have not heard about it for sometime.
What is the status right now?
--
Nat Sakimura (=nat)
http://www.sakimura.org/en/
___
specs mailing list
specs@openid.net
http://openid.net/mailman/listinfo/specs
believe, though the scope may seems a bit wide, the WG scope being
wider than what it really needs to is not a bad thing. WG can always narrow
the scope without any IPR consideration, but it is virtually impossible to
widen the scope afterwards.
=nat
--
Nat Sakimura (=nat)
http://www.sakimura.org/en
> On Thu, Dec 4, 2008 at 5:00 PM, Nat Sakimura wrote:
> > Hi Breno,
> >
> > I am hoping that the core spec will define public key based signature.
> > If it is done, CX is going to use it.
> > Dsig thing in the CX proposal is there just for the sake if it did not
&g
requirement for a
> trust specification. But I doubt there is a reason to re-invent such
> a scheme. Signature schemes are supposed to be somewhat generic, not
> purpose-specific. We should try to specify only a few of them, and
> probably the place to do that is the core OpenID spec.
>
t; return e-mail, delete this communication and destroy all copies.
>
>
> ___
> specs mailing list
> specs@openid.net
> http://openid.net/mailman/listinfo/specs
>
--
Nat Sakimura (=nat)
http://www.sakimura.org/en/
___
> If you need help writing a charter, I'm happy to help.
>
> --David
>
> ___
> specs mailing list
> specs@openid.net
> http://openid.net/mailman/listinfo/specs
>
--
Nat Sakimura (=nat)
http://www.sakimura.org/en/
__
version of the charter proposal.
http://wiki.openid.net/Working_Groups:Contract_Exchange_1.0
Hope this one is finally acceptable.
On Thu, Dec 4, 2008 at 10:42 PM, Nat Sakimura <[EMAIL PROTECTED]> wrote:
> I have discussed with Dick at iiw to see if it is possible to build on AX.
> It
r and build atop each other and this
> one should be no different.
>
> I'm working on figuring out how to have the Stewards
> Council recommendation created on a public mailing list, but felt it
> worthwhile to share my opinions here until that happens.
>
> --David
>
>
I was pointed out by Dick that "Key Exchnage" really should be "Key
Discovery". I agree. So, I would do s/Key Exchange/Key Discovery/g.
Cheers,
=nat
On Thu, Nov 13, 2008 at 4:02 PM, Nat Sakimura <[EMAIL PROTECTED]> wrote:
> Hi.
>
> Here is the modified
Trust Member Section (Canada)
Mike Graves, [EMAIL PROTECTED], JanRain, Inc. (U.S.A.)
Nat Sakimura, [EMAIL PROTECTED], Nomura Research Institute,
Ltd.(Japan)
Robert Ott, [EMAIL PROTECTED], Clavid (Switzerland)
Tatsuki Sakushima, [EMAIL PROTECTED], NRI America, Ltd. (U.S.A.)
Toru Yamaguch
:14 PM, Drummond Reed wrote:
>
> +1. "OpenID Trust Extension" seems like a good fit.
>
> =Drummond
>
> ------
> *From:* [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]<[EMAIL PROTECTED]>
> ] *On Behalf Of *Nat Sakimura
> *Sent:* Saturday, No
Maybe just OpenID Trust Extension just like WS-Trust?
=nat
On Sun, Nov 9, 2008 at 5:06 AM, Nat Sakimura <[EMAIL PROTECTED]> wrote:
> Hi David,
> I do not have any particular attachment to "trust exchange". So, I am ok in
> changing it but it would be nice if I can pre
the
> messaging model is not dis-similar to WS-Trust. Now, the "trust" defined in
> WS-Trust in our context is essentially "Contract". So I thought of changing
> it to "CX" or something, but then, at least in Japan, quite a few key people
> were already ex
gt;
> Thanks,
> Santosh Subramanian
> Shishir Randive
> Rob Johnson
>
> 2008/11/1 Nat Sakimura <[EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]>>
>
> Hi David,
>
> Thanks for your comments. My reply inline below:
>
>
> 2008/11/1 David Recordo
le
were already exposed to "TX" by now and thus I kept the name "TX".
> --David
>
> On Oct 31, 2008, at 4:21 AM, Nat Sakimura wrote:
>
> Dear Specification Council members:
>
> In accordance with the OpenID Foundation IPR policies and
> procedures
CTED] <mailto:[EMAIL PROTECTED]>, JanRain,
Inc. (U.S.A.)
Nat Sakimura, [EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]>, Nomura
Research Institute, Ltd.(Japan)
Robert Ott, [EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]>, Clavid
(Switzerland)
Tatsuki Sakushima, [EMAIL PROTECTED] <mailto:[E
Since PAPE needs more integrity in the message (otherwise, the whole
point of PAPE is lost), it would be ok to leave it just to OpenID 2.0
and make it an incentive to move to OpenID 2.0, IMHO.
=nat
Johnny Bufu wrote:
> On 11/08/08 10:35 AM, Martin Atkins wrote:
>
>> In that referenced sectio
Actially, that interpretation is not right. In draft 3, we have made
it clear.
[EMAIL PROTECTED]
On 2008/08/12, at 2:35, Martin Atkins <[EMAIL PROTECTED]> wrote:
> Johnny Bufu wrote:
>>
>>
>> On 11/08/08 12:49 AM, Martin Atkins wrote:
>>> I notice that, like sreg, the pape extension is support
cation)?
>>>>> Thanks.
>>>>>
>>>>> --
>>>>> Anders Feder <[EMAIL PROTECTED]>
>>>>>
>>>>> ___
>>>>> specs mailing list
>>>>> specs@openid.net
>>>
rdon
>> - Johnny Bufu
>> - Josh Hoyt
>>
>> ___
>> board mailing list
>> [EMAIL PROTECTED]
>> http://openid.net/mailman/listinfo/board
>>
>>
>
> __
Michael B. Jones, [EMAIL PROTECTED],
> Microsoft Corporation
>
> David Recordon, [EMAIL PROTECTED], Six
> Apart Corporation
>
> (iii) Anticipated Contributions: None.
>
>
>
> ___
> specs mailing list
> specs@openid.net
> http://openid.net/mailman/listinfo/specs
>
>
--
Nat Sakimura (=nat)
http://www.sakimura.org/en/
___
specs mailing list
specs@openid.net
http://openid.net/mailman/listinfo/specs
for submitting a proposal yet? Or are we just
> going with RFC format for now?
> -Brett
> ___
> specs mailing list
> specs@openid.net
> http://openid.net/mailman/listinfo/specs
>
--
Nat Sakimura (=nat)
Nomura Research Institute,
_
> specs mailing list
> specs@openid.net
> http://openid.net/mailman/listinfo/specs
>
--
Nat Sakimura (=nat)
Nomura Research Institute, Ltd.
___
specs mailing list
specs@openid.net
http://openid.net/mailman/listinfo/specs
Hi.
For
> 4. A way to indicate to the relying party what level of
> authentication has occurred such as did the OP
> check a password, how did it validate a user.
> Without this, there is no way that a trust
> model could be established in a credible way.
like it was mentioned before PAPE do
Hi James,
I am definitely interested in something like that.
It has been a long standing ToDo for me, though
currently, my focus is more on the reputation side
because I need it now for an implementation that we are
doing now (for enterprise use.)
Nat
Bill Washburn wrote:
> Hi James--
>
> Than
It would be interesting to me, at least.
My team is currently considering using OpenID for real business
transactions and sorting out what is there and what is not there. For
something that is not there, we have to create one and perhaps propose
as a spec.
Nat
McGovern, James F (HTSC, IT) wrot
Hi,
Instead of having one single master copy at the IdP, I would prefer one
single piece of each information disparsed over the network (optionally
with opaque identifiers) and having IdP managing the "links" so that I
can control all the pieces from one place. I feel that having everything
at
Public key idea is somewhat attractive to me, but there are some issues that
comes up in my mind as well.
1) Storing many users' private key on the server in decryptable format is
not very safe.
In your proposal, it looks like that OP is going to hold the private key for
each user in decryptabl
66 matches
Mail list logo