I see this as being really needed and quite a bunch of work has
already gone into the doc. I'm wondering if it would be better to
write a Scope which describes the work and list the current draft as
an Anticipated Contribution rather than just saw that the Scope is to
standardize that document.
Cheers,
--David
On Nov 3, 2008, at 2:33 AM, Yariv Adan wrote:
In accordance with the OpenID Foundation IPR policies and
procedures<http://openid.net/foundation/intellectual-property/ >
this note proposes the formation of a new working group chartered to
produce an OpenID specification.
As per Section 4.1 of the Policies, the specifics of the proposed
working group are:
Background Information:
OpenID has always been focused on how to enable user-authentication
within the browser. Over the last year, OAuth has been developed to
allow authorization either from within a browser, desktop software,
or mobile devices. Obviously there has been interest in using
OpenID and OAuth together allowing a user to share their identity as
well as grant a Relying Party access to an OAuth protected resource
in a single step. A small group of people have been working on
developing an extension to OpenID which makes this possible in a
collaborative fashion withinhttp://code.google.com/p/step2/. This
small project includes a draft spec and Open Source implementations
which the proposers would like to finalize within the OpenID
Foundation.
Working Group Name:
OpenID OAuth Hybrid Working Group
Purpose:
Produce a standard OpenID extension to the OpenID Authentication
protocol that provides a mechanism to embed an OAuth approval
request into an OpenID authentication request to permit combined
user approval. The extension addresses the use case where the OpenID
Provider and OAuth Service Provider are the same service. To provide
good user experience, it is important to present a combined
authentication and authorization screen for the two protocols.
Scope:
Standardize the draft Hybrid Protocol (http://step2.googlecode.com/svn/spec/openid_oauth_extension/drafts/0/openid_oauth_extension.html
) as an official OpenID Extension describing how to combine an
OpenID authentication request with the approval of an OAuth request
token.
Anticipated Contributions:
Draft specification referenced above and various text contributions
as more developers implement it.
Proposed List of Specifications:
OpenID OAuth Extension 1.0. Spec completion by Q4 2008.
Anticipated audience or users of the work:
- OpenID Providers and Relying Parties
- OAuth Consumers and Service Providers
- Implementers of OpenID Providers and Relying Parties
Language in which the WG will conduct business:
English.
Method of work:
E-mail discussions on the working group mailing list and working
group conference calls.
Basis for determining when the work of the WG is completed:
The work will be completed once it is apparent that maximal
consensus on the protocol proposal has been achieved within the
working group, consistent with the purpose and scope.
Proposers:
- Ben Laurie, [EMAIL PROTECTED], Google
- Breno de Medeiros, [EMAIL PROTECTED], Google
- David Recordon, [EMAIL PROTECTED], Six Apart
- Dirk Balfanz, [EMAIL PROTECTED], Google
- Joseph Smarr, [EMAIL PROTECTED], Plaxo
- Yariv Adan, [EMAIL PROTECTED], Google
- Allen Tom, [EMAIL PROTECTED] , Yahoo
- Josh Hoyt, [EMAIL PROTECTED] , JanRain
Initial Editors:
- Dirk Balfanz, [EMAIL PROTECTED], Google
- Breno de Medeiros, [EMAIL PROTECTED], Google
--
Yariv Adan | Product Manager
Google Switzerland GmbH | Identifikationsnummer: CH-020.4.028.116-1
This e-mail is confidential. If you are not the right addressee
please do not forward it, please inform the sender, and please erase
this e-mail including any attachments. Thanks.
_______________________________________________
specs mailing list
specs@openid.net
http://openid.net/mailman/listinfo/specs