Re: Notice of vote on the proposal to create the PAPE working group
Hi everyone, Martin and I want to report the results of the vote on creation of the PAPE Working Group. The vote to authorize the creation of the PAPE Working Group passed unanimously and therefore the group is now officially open and ready to conduct its business. Each individual or entity wishing to join and participate in the PAPE Working Group must initiate their participation by submitting an IPR contribution form (filled out and signed) to OIDF. Option One - send the completed form via email to [EMAIL PROTECTED] as a PDF Option Two - send the completed Contribution Agreement by fax to Bill Washburn +1 707 575 3067. You can find the Contribution Agreement form at... http://openid.net/wp-content/uploads/2008/03/paper-contribution-agr-final-clean-20080107.pdf Thanks very much, Bill Washburn 2008/5/23 Mike Jones [EMAIL PROTECTED]: In accordance with the OpenID Foundation IPR policies and procedureshttp://openid.net/foundation/intellectual-property/, this message notifies OpenID Foundation members that a vote that will be held on the creation of the PAPE working group between noon Friday, June 6th US Pacific Time and noon Friday, June 13th US Pacific Time. The proposal to create the working group is available at http://openid.net/pipermail/specs/2008-May/002323.html. The specifications council report on the creation of the working group is available at http://openid.net/pipermail/specs/2008-May/002326.html. Members of the Foundation can vote during that time interval by sending a message to [EMAIL PROTECTED] with the subject line PAPE Vote and one of the sentences I vote for the creation of the PAPE working group, I vote against the creation of the PAPE working group, or I abstain in the vote about the creation of the PAPE working group in the body of the message. (The [EMAIL PROTECTED] list is for voting only and can not be used for asking questions or discussion. Discussion can occur on the [EMAIL PROTECTED] list.) (The rest of this note is informational and not part of the notification of the vote to create the PAPE working group.) Given that the OpenID specification procedures call for votes of the membership, this would be a good time for those wanting to influence the outcome of this specification to join the OpenID Foundation. You can do so at http://openid.net/foundation/join/. Should you wish to join the working group, you will also need to execute the Contribution Agreement at http://openid.net/foundation/intellectual-property/ once the working group formation has been approved by the membership. -- Mike ___ specs mailing list specs@openid.net http://openid.net/mailman/listinfo/specs ___ specs mailing list specs@openid.net http://openid.net/mailman/listinfo/specs
Notice of vote on the proposal to create the PAPE working group
In accordance with the OpenID Foundation IPR policies and procedureshttp://openid.net/foundation/intellectual-property/, this message notifies OpenID Foundation members that a vote that will be held on the creation of the PAPE working group between noon Friday, June 6th US Pacific Time and noon Friday, June 13th US Pacific Time. The proposal to create the working group is available at http://openid.net/pipermail/specs/2008-May/002323.html. The specifications council report on the creation of the working group is available at http://openid.net/pipermail/specs/2008-May/002326.html. Members of the Foundation can vote during that time interval by sending a message to [EMAIL PROTECTED]mailto:[EMAIL PROTECTED] with the subject line PAPE Vote and one of the sentences I vote for the creation of the PAPE working group, I vote against the creation of the PAPE working group, or I abstain in the vote about the creation of the PAPE working group in the body of the message. (The [EMAIL PROTECTED]mailto:[EMAIL PROTECTED] list is for voting only and can not be used for asking questions or discussion. Discussion can occur on the [EMAIL PROTECTED]mailto:[EMAIL PROTECTED] list.) (The rest of this note is informational and not part of the notification of the vote to create the PAPE working group.) Given that the OpenID specification procedures call for votes of the membership, this would be a good time for those wanting to influence the outcome of this specification to join the OpenID Foundation. You can do so at http://openid.net/foundation/join/. Should you wish to join the working group, you will also need to execute the Contribution Agreement at http://openid.net/foundation/intellectual-property/ once the working group formation has been approved by the membership. -- Mike ___ specs mailing list specs@openid.net http://openid.net/mailman/listinfo/specs
RE: Proposal to create the PAPE working group
This message is being sent to revise the proposal to create the PAPE working group, changing only one word, so that the projected completion date is July 2008, rather than May 2008. The complete text of the revised proposal follows. --- Mike In accordance with the OpenID Foundation IPR policies and procedureshttp://openid.net/foundation/intellectual-property/ this note proposes the formation of a new working group chartered to produce an OpenID specification. As per Section 4.1 of the Policies, the specifics of the proposed working group are: Proposal: (a) Charter. (i) WG name: Provider Authentication Policy Extension (PAPE) (ii) Purpose: Produce a standard OpenID extension to the OpenID Authentication protocol that: provides a mechanism by which a Relying Party can request that particular authentication policies be applied by the OpenID Provider when authenticating an End User and provides a mechanism by which an OpenID Provider may inform a Relying Party which authentication policies were used. Thus a Relying Party can request that the End User authenticate, for example, using a phishing-resistant and/or multi-factor authentication method. (iii) Scope: Produce a revision of the PAPE 1.0 Draft 2 specification that clarifies its intent, while maintaining compatibility for existing Draft 2 implementations. Adding any support for communicating requests for or the use of specific authentication methods (as opposed to authentication policies) is explicitly out of scope. (iv) Proposed List of Specifications: Provider Authentication Policy Extension 1.0, spec completion expected during July 2008. (v) Anticipated audience or users of the work: Implementers of OpenID Providers and Relying Parties – especially those interested in mitigating the phishing vulnerabilities of logging into OpenID providers with passwords. (vi) Language in which the WG will conduct business: English. (vii) Method of work: E-mail discussions on the working group mailing list, working group conference calls, and possibly a face-to-face meeting at the Internet Identity Workshop. (viii) Basis for determining when the work of the WG is completed: Proposed changes to draft 2 will be evaluated on the basis of whether they increase or decrease consensus within the working group. The work will be completed once it is apparent that maximal consensus on the draft has been achieved, consistent with the purpose and scope. (b) Background Information. (i) Related work being done in other WGs or organizations: (1) Assurance Levels as defined by the National Institute of Standards and Technology (NIST) in Special Publication 800-63 (Burr, W., Dodson, D., and W. Polk, Ed., “Electronic Authentication Guideline,” April 2006.) [NIST_SP800‑63]. This working group is needed to enable authentication policy statements to be exchanged by OpenID endpoints. No coordination is needed with NIST, as the PAPE specification uses elements of the NIST specification in the intended fashion. (ii) Proposers: Michael B. Jones, [EMAIL PROTECTED]mailto:[EMAIL PROTECTED], Microsoft Corporation David Recordon, [EMAIL PROTECTED]mailto:[EMAIL PROTECTED], Six Apart Corporation Ben Laurie, [EMAIL PROTECTED]mailto:[EMAIL PROTECTED], Google Corporation Drummond Reed, [EMAIL PROTECTED]mailto:[EMAIL PROTECTED], Cordance Corporation John Bradley, [EMAIL PROTECTED]mailto:[EMAIL PROTECTED], Wingaa Corporation Johnny Bufu, [EMAIL PROTECTED]mailto:[EMAIL PROTECTED], Independent Dick Hardt, [EMAIL PROTECTED]mailto:[EMAIL PROTECTED], Sxip Identity Corporation Editors: Michael B. Jones, [EMAIL PROTECTED]mailto:[EMAIL PROTECTED], Microsoft Corporation David Recordon, [EMAIL PROTECTED]mailto:[EMAIL PROTECTED], Six Apart Corporation (iii) Anticipated Contributions: None. ___ specs mailing list specs@openid.net http://openid.net/mailman/listinfo/specs
Re: Proposal to create the PAPE working group
Perhaps you could explain to the list what the process will be after this, such as: 1) Specification Council to approved PAPA WG. 2) Call for Participation ... etc. IMHO, that will help the community to understand the process a lot. By the way, I plan to respond to 2) above. I could have been a proposer of the WG, but to debug the process, somebody has to do the role of responder to the call for participation, so... :-) =nat 2008/5/23 Mike Jones [EMAIL PROTECTED]: This message is being sent to revise the proposal to create the PAPE working group, changing only one word, so that the projected completion date is July 2008, rather than May 2008. The complete text of the revised proposal follows. --- Mike In accordance with the OpenID Foundation IPR policies and procedures this note proposes the formation of a new working group chartered to produce an OpenID specification. As per Section 4.1 of the Policies, the specifics of the proposed working group are: Proposal: (a) Charter. (i) WG name: Provider Authentication Policy Extension (PAPE) (ii) Purpose: Produce a standard OpenID extension to the OpenID Authentication protocol that: provides a mechanism by which a Relying Party can request that particular authentication policies be applied by the OpenID Provider when authenticating an End User and provides a mechanism by which an OpenID Provider may inform a Relying Party which authentication policies were used. Thus a Relying Party can request that the End User authenticate, for example, using a phishing-resistant and/or multi-factor authentication method. (iii) Scope: Produce a revision of the PAPE 1.0 Draft 2 specification that clarifies its intent, while maintaining compatibility for existing Draft 2 implementations. Adding any support for communicating requests for or the use of specific authentication methods (as opposed to authentication policies) is explicitly out of scope. (iv) Proposed List of Specifications: Provider Authentication Policy Extension 1.0, spec completion expected during July 2008. (v) Anticipated audience or users of the work: Implementers of OpenID Providers and Relying Parties – especially those interested in mitigating the phishing vulnerabilities of logging into OpenID providers with passwords. (vi) Language in which the WG will conduct business: English. (vii) Method of work: E-mail discussions on the working group mailing list, working group conference calls, and possibly a face-to-face meeting at the Internet Identity Workshop. (viii) Basis for determining when the work of the WG is completed: Proposed changes to draft 2 will be evaluated on the basis of whether they increase or decrease consensus within the working group. The work will be completed once it is apparent that maximal consensus on the draft has been achieved, consistent with the purpose and scope. (b) Background Information. (i) Related work being done in other WGs or organizations: (1) Assurance Levels as defined by the National Institute of Standards and Technology (NIST) in Special Publication 800-63 (Burr, W., Dodson, D., and W. Polk, Ed., Electronic Authentication Guideline, April 2006.) [NIST_SP800‑63]. This working group is needed to enable authentication policy statements to be exchanged by OpenID endpoints. No coordination is needed with NIST, as the PAPE specification uses elements of the NIST specification in the intended fashion. (ii) Proposers: Michael B. Jones, [EMAIL PROTECTED], Microsoft Corporation David Recordon, [EMAIL PROTECTED], Six Apart Corporation Ben Laurie, [EMAIL PROTECTED], Google Corporation Drummond Reed, [EMAIL PROTECTED], Cordance Corporation John Bradley, [EMAIL PROTECTED], Wingaa Corporation Johnny Bufu, [EMAIL PROTECTED], Independent Dick Hardt, [EMAIL PROTECTED], Sxip Identity Corporation Editors: Michael B. Jones, [EMAIL PROTECTED], Microsoft Corporation David Recordon, [EMAIL PROTECTED], Six Apart Corporation (iii) Anticipated Contributions: None. ___ specs mailing list specs@openid.net http://openid.net/mailman/listinfo/specs -- Nat Sakimura (=nat) http://www.sakimura.org/en/ ___ specs mailing list specs@openid.net http://openid.net/mailman/listinfo/specs
RECOMMENDED: Proposal to create the PAPE working group
The specifications council recommends that the Foundation members approve the creation of the Provider Authentication Policy Extension (PAPE) working group, as proposed below. -- Dick On 22-May-08, at 3:25 PM, Mike Jones wrote: This message is being sent to revise the proposal to create the PAPE working group, changing only one word, so that the projected completion date is July 2008, rather than May 2008. The complete text of the revised proposal follows. --- Mike In accordance with the OpenID Foundation IPR policies and procedures this note proposes the formation of a new working group chartered to produce an OpenID specification. As per Section 4.1 of the Policies, the specifics of the proposed working group are: Proposal: (a) Charter. (i) WG name: Provider Authentication Policy Extension (PAPE) (ii) Purpose: Produce a standard OpenID extension to the OpenID Authentication protocol that: provides a mechanism by which a Relying Party can request that particular authentication policies be applied by the OpenID Provider when authenticating an End User and provides a mechanism by which an OpenID Provider may inform a Relying Party which authentication policies were used. Thus a Relying Party can request that the End User authenticate, for example, using a phishing-resistant and/or multi-factor authentication method. (iii) Scope: Produce a revision of the PAPE 1.0 Draft 2 specification that clarifies its intent, while maintaining compatibility for existing Draft 2 implementations. Adding any support for communicating requests for or the use of specific authentication methods (as opposed to authentication policies) is explicitly out of scope. (iv) Proposed List of Specifications: Provider Authentication Policy Extension 1.0, spec completion expected during July 2008. (v) Anticipated audience or users of the work: Implementers of OpenID Providers and Relying Parties – especially those interested in mitigating the phishing vulnerabilities of logging into OpenID providers with passwords. (vi) Language in which the WG will conduct business: English. (vii) Method of work: E-mail discussions on the working group mailing list, working group conference calls, and possibly a face-to-face meeting at the Internet Identity Workshop. (viii) Basis for determining when the work of the WG is completed: Proposed changes to draft 2 will be evaluated on the basis of whether they increase or decrease consensus within the working group. The work will be completed once it is apparent that maximal consensus on the draft has been achieved, consistent with the purpose and scope. (b) Background Information. (i) Related work being done in other WGs or organizations: (1) Assurance Levels as defined by the National Institute of Standards and Technology (NIST) in Special Publication 800-63 (Burr, W., Dodson, D., and W. Polk, Ed., “Electronic Authentication Guideline,” April 2006.) [NIST_SP800‑63]. This working group is needed to enable authentication policy statements to be exchanged by OpenID endpoints. No coordination is needed with NIST, as the PAPE specification uses elements of the NIST specification in the intended fashion. (ii) Proposers: Michael B. Jones, [EMAIL PROTECTED], Microsoft Corporation David Recordon, [EMAIL PROTECTED], Six Apart Corporation Ben Laurie, [EMAIL PROTECTED], Google Corporation Drummond Reed, [EMAIL PROTECTED] , Cordance Corporation John Bradley, [EMAIL PROTECTED], Wingaa Corporation Johnny Bufu, [EMAIL PROTECTED], Independent Dick Hardt, [EMAIL PROTECTED], Sxip Identity Corporation Editors: Michael B. Jones, [EMAIL PROTECTED], Microsoft Corporation David Recordon, [EMAIL PROTECTED], Six Apart Corporation (iii) Anticipated Contributions: None. ___ specs mailing list specs@openid.net http://openid.net/mailman/listinfo/specs ___ specs mailing list specs@openid.net http://openid.net/mailman/listinfo/specs
RE: Proposal to create the PAPE working group
The next steps will be: - notification of an upcoming vote by the membership on the creation of the working group - assuming that vote passes, the working group is created - OIDF members can join the working group by signing the IPR contribution document specifying that group - The working group does its work - The working group recommends a draft to the membership for approval as an implementer's draft or final specification - The members vote - If the vote passes, the implementers draft or specification is approved Voting instructions are planned to go out tomorrow. -- Mike -Original Message- From: Nat Sakimura [mailto:[EMAIL PROTECTED] Sent: Thursday, May 22, 2008 5:55 PM To: Mike Jones Cc: specs@openid.net Subject: Re: Proposal to create the PAPE working group Perhaps you could explain to the list what the process will be after this, such as: 1) Specification Council to approved PAPA WG. 2) Call for Participation ... etc. IMHO, that will help the community to understand the process a lot. By the way, I plan to respond to 2) above. I could have been a proposer of the WG, but to debug the process, somebody has to do the role of responder to the call for participation, so... :-) =nat 2008/5/23 Mike Jones [EMAIL PROTECTED]: This message is being sent to revise the proposal to create the PAPE working group, changing only one word, so that the projected completion date is July 2008, rather than May 2008. The complete text of the revised proposal follows. --- Mike In accordance with the OpenID Foundation IPR policies and procedures this note proposes the formation of a new working group chartered to produce an OpenID specification. As per Section 4.1 of the Policies, the specifics of the proposed working group are: Proposal: (a) Charter. (i) WG name: Provider Authentication Policy Extension (PAPE) (ii) Purpose: Produce a standard OpenID extension to the OpenID Authentication protocol that: provides a mechanism by which a Relying Party can request that particular authentication policies be applied by the OpenID Provider when authenticating an End User and provides a mechanism by which an OpenID Provider may inform a Relying Party which authentication policies were used. Thus a Relying Party can request that the End User authenticate, for example, using a phishing-resistant and/or multi-factor authentication method. (iii) Scope: Produce a revision of the PAPE 1.0 Draft 2 specification that clarifies its intent, while maintaining compatibility for existing Draft 2 implementations. Adding any support for communicating requests for or the use of specific authentication methods (as opposed to authentication policies) is explicitly out of scope. (iv) Proposed List of Specifications: Provider Authentication Policy Extension 1.0, spec completion expected during July 2008. (v) Anticipated audience or users of the work: Implementers of OpenID Providers and Relying Parties – especially those interested in mitigating the phishing vulnerabilities of logging into OpenID providers with passwords. (vi) Language in which the WG will conduct business: English. (vii) Method of work: E-mail discussions on the working group mailing list, working group conference calls, and possibly a face-to-face meeting at the Internet Identity Workshop. (viii) Basis for determining when the work of the WG is completed: Proposed changes to draft 2 will be evaluated on the basis of whether they increase or decrease consensus within the working group. The work will be completed once it is apparent that maximal consensus on the draft has been achieved, consistent with the purpose and scope. (b) Background Information. (i) Related work being done in other WGs or organizations: (1) Assurance Levels as defined by the National Institute of Standards and Technology (NIST) in Special Publication 800-63 (Burr, W., Dodson, D., and W. Polk, Ed., Electronic Authentication Guideline, April 2006.) [NIST_SP800‑63]. This working group is needed to enable authentication policy statements to be exchanged by OpenID endpoints. No coordination is needed with NIST, as the PAPE specification uses elements of the NIST specification in the intended fashion. (ii) Proposers: Michael B. Jones, [EMAIL PROTECTED], Microsoft Corporation David Recordon, [EMAIL PROTECTED], Six Apart Corporation Ben Laurie, [EMAIL PROTECTED], Google Corporation Drummond Reed, [EMAIL PROTECTED], Cordance Corporation John Bradley, [EMAIL PROTECTED