RE: XACML
When an enterprise sponsors an effort, they usually are required to construct a business case for spending monies. This is easier if the enterprise knows that their goals will materialize and is harder if it is strictly an influence alone model. Since our needs aren't really about the focus of our vertical but are all about the needs of enterprises at large, I think the first step that would need to happen is for me to develop a better understanding of what other Fortune enterprises the OpenID foundation already has on board or at least has been a participant to this list in lurker mode. From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Bill Washburn Sent: Tuesday, December 11, 2007 1:27 PM To: McGovern, James F (HTSC, IT) Cc: specs@openid.net Subject: Re: XACML Hi James-- Thanks for your note. The OpenID community, made up of a considerable and growing number of developers, website operators, enterprises large and small, and of course end-users, cannot be spoken for by me alone or by the OpenID Foundation Board in any seriously comprehensive way. Of course there are members of the community who have already developed and are working assiduously now to provide added functionality supporting and serving enterprise specific requirements. Having said that, I'm fully focused these days on membership and organizational efforts for OpenID Foundation and I'm not the right person to recommend names of individuals engaged in specific efforts to support XACML, relationship modeling, and so forth. I'm certain individuals on the specs list will be able to address your substantive information request. >From the Foundation's perspective, however, I would certainly appreciate the chance to talk with you about The Hartford company taking the step of becoming a pioneering member of the OpenID community from the insurance world. I hope we'll have the opportunity to talk soon. Thanks again for your inquiry. cheers, -bill Bill Washburn Executive Director OpenID Foundation +1 707 545 4823 (office) +1 650 248 6113 (cell) * This communication, including attachments, is for the exclusive use of addressee and may contain proprietary, confidential and/or privileged information. If you are not the intended recipient, any use, copying, disclosure, dissemination or distribution is strictly prohibited. If you are not the intended recipient, please notify the sender immediately by return e-mail, delete this communication and destroy all copies. * ___ specs mailing list specs@openid.net http://openid.net/mailman/listinfo/specs
Re: XACML
Hi James - I appreciate your questions and look forward to the adoption of an identity system that provides the capabilities needed for reputation-based, trusted computing platforms of the future. I've been looking at identity from the XRI/i-names point of view, which offers enhanced security options and better trust foundations - both needed for rock solid reputation systems. It's heresy to say this (especially on this list) but in my opinion, OpenID is not the right base technology. It's a nice start and very smart people have been enhancing the platform with better security, service discovery and attribute exchange. But XRI supported all that from the get go, as well as local community creation, solid and arbitrarily complex data interchange, OpenPrivacy-style nyms for enhanced data sharing with privacy, and much more. If you are required to trust someone (even DNS!) to use an identity system, well, I think a user-centric digital identity should empower the user to choose who they want to trust. XACML theoretically melds with XRI/XDI cleanly, though little work has been done in this direction. The XDI data interchange language is (usually) modeled using RDF where relationships are key. WRT attestation, I'm gravely concerned about the way TPM modules are generally considered - I'd much rather they were based on an open standard to enable people to choose who they trust, be it Intel, Microsoft, the Free Software Foundation or their local church. Some preliminary work has been done in the XRI/XDI communities to create such an open standard. Anyway, OpenID has got a huge head start, but I would suggest considering XRI in your search of the field. =Fen Nat Sakimura wrote: > Hi James, > > I am definitely interested in something like that. > It has been a long standing ToDo for me, though > currently, my focus is more on the reputation side > because I need it now for an implementation that we are > doing now (for enterprise use.) > > Nat > > Bill Washburn wrote: > > >> Hi James-- >> >> Thanks for your note. The OpenID community, made up of a considerable >> and growing number of developers, website operators, enterprises large >> and small, and of course end-users, cannot be spoken for by me alone or >> by the OpenID Foundation Board in any seriously comprehensive way. Of >> course there are members of the community who have already developed and >> are working assiduously now to provide added functionality supporting >> and serving enterprise specific requirements. >> >> Having said that, I'm fully focused these days on membership and >> organizational efforts for OpenID Foundation and I'm not the right >> person to recommend names of individuals engaged in specific efforts to >> support XACML, relationship modeling, and so forth. I'm certain >> individuals on the specs list will be able to address your substantive >> information request. >> >> From the Foundation's perspective, however, I would certainly >> appreciate the chance to talk with you about The Hartford company taking >> the step of becoming a pioneering member of the OpenID community from >> the insurance world. I hope we'll have the opportunity to talk soon. >> >> Thanks again for your inquiry. >> >> cheers, >> -bill >> >> Bill Washburn >> Executive Director >> OpenID Foundation >> +1 707 545 4823 (office) >> +1 650 248 6113 (cell) >> >> >> On Dec 11, 2007 9:31 AM, McGovern, James F (HTSC, IT) < >> [EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]>> >> wrote: >> >> OpenID 2.0 seems to have closed major security gaps and is usable in a >> consumer context. Are their plans to figure out how to add functionality >> to the next version of OpenID to support more enterprise considerations >> including support for XACML, modeling of relationships, attestation, etc >> or is the focus of participants here strictly consumer oriented? >> >> >> * >> >> This communication, including attachments, is >> for the exclusive use of addressee and may contain proprietary, >> confidential and/or privileged information. If you are not the intended >> recipient, any use, copying, disclosure, dissemination or >> distribution is >> strictly prohibited. If you are not the intended recipient, please >> notify >> the sender immediately by return e-mail, delete this communication and >> destroy all copies. >> **
Re: XACML
Hi James, I am definitely interested in something like that. It has been a long standing ToDo for me, though currently, my focus is more on the reputation side because I need it now for an implementation that we are doing now (for enterprise use.) Nat Bill Washburn wrote: > Hi James-- > > Thanks for your note. The OpenID community, made up of a considerable > and growing number of developers, website operators, enterprises large > and small, and of course end-users, cannot be spoken for by me alone or > by the OpenID Foundation Board in any seriously comprehensive way. Of > course there are members of the community who have already developed and > are working assiduously now to provide added functionality supporting > and serving enterprise specific requirements. > > Having said that, I'm fully focused these days on membership and > organizational efforts for OpenID Foundation and I'm not the right > person to recommend names of individuals engaged in specific efforts to > support XACML, relationship modeling, and so forth. I'm certain > individuals on the specs list will be able to address your substantive > information request. > > From the Foundation's perspective, however, I would certainly > appreciate the chance to talk with you about The Hartford company taking > the step of becoming a pioneering member of the OpenID community from > the insurance world. I hope we'll have the opportunity to talk soon. > > Thanks again for your inquiry. > > cheers, > -bill > > Bill Washburn > Executive Director > OpenID Foundation > +1 707 545 4823 (office) > +1 650 248 6113 (cell) > > > On Dec 11, 2007 9:31 AM, McGovern, James F (HTSC, IT) < > [EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]>> > wrote: > > OpenID 2.0 seems to have closed major security gaps and is usable in a > consumer context. Are their plans to figure out how to add functionality > to the next version of OpenID to support more enterprise considerations > including support for XACML, modeling of relationships, attestation, etc > or is the focus of participants here strictly consumer oriented? > > > * > > This communication, including attachments, is > for the exclusive use of addressee and may contain proprietary, > confidential and/or privileged information. If you are not the intended > recipient, any use, copying, disclosure, dissemination or > distribution is > strictly prohibited. If you are not the intended recipient, please > notify > the sender immediately by return e-mail, delete this communication and > destroy all copies. > * > > > ___ > specs mailing list > specs@openid.net <mailto:specs@openid.net> > http://openid.net/mailman/listinfo/specs > <http://openid.net/mailman/listinfo/specs> > > ___ specs mailing list specs@openid.net http://openid.net/mailman/listinfo/specs
Re: XACML
Hi James-- Thanks for your note. The OpenID community, made up of a considerable and growing number of developers, website operators, enterprises large and small, and of course end-users, cannot be spoken for by me alone or by the OpenID Foundation Board in any seriously comprehensive way. Of course there are members of the community who have already developed and are working assiduously now to provide added functionality supporting and serving enterprise specific requirements. Having said that, I'm fully focused these days on membership and organizational efforts for OpenID Foundation and I'm not the right person to recommend names of individuals engaged in specific efforts to support XACML, relationship modeling, and so forth. I'm certain individuals on the specs list will be able to address your substantive information request. >From the Foundation's perspective, however, I would certainly appreciate the chance to talk with you about The Hartford company taking the step of becoming a pioneering member of the OpenID community from the insurance world. I hope we'll have the opportunity to talk soon. Thanks again for your inquiry. cheers, -bill Bill Washburn Executive Director OpenID Foundation +1 707 545 4823 (office) +1 650 248 6113 (cell) On Dec 11, 2007 9:31 AM, McGovern, James F (HTSC, IT) < [EMAIL PROTECTED]> wrote: > OpenID 2.0 seems to have closed major security gaps and is usable in a > consumer context. Are their plans to figure out how to add functionality > to the next version of OpenID to support more enterprise considerations > including support for XACML, modeling of relationships, attestation, etc > or is the focus of participants here strictly consumer oriented? > > > * > This communication, including attachments, is > for the exclusive use of addressee and may contain proprietary, > confidential and/or privileged information. If you are not the intended > recipient, any use, copying, disclosure, dissemination or distribution is > strictly prohibited. If you are not the intended recipient, please notify > the sender immediately by return e-mail, delete this communication and > destroy all copies. > * > > ___ > specs mailing list > specs@openid.net > http://openid.net/mailman/listinfo/specs > ___ specs mailing list specs@openid.net http://openid.net/mailman/listinfo/specs
XACML
OpenID 2.0 seems to have closed major security gaps and is usable in a consumer context. Are their plans to figure out how to add functionality to the next version of OpenID to support more enterprise considerations including support for XACML, modeling of relationships, attestation, etc or is the focus of participants here strictly consumer oriented? * This communication, including attachments, is for the exclusive use of addressee and may contain proprietary, confidential and/or privileged information. If you are not the intended recipient, any use, copying, disclosure, dissemination or distribution is strictly prohibited. If you are not the intended recipient, please notify the sender immediately by return e-mail, delete this communication and destroy all copies. * ___ specs mailing list specs@openid.net http://openid.net/mailman/listinfo/specs
Re: OpenID support for XACML
It would be interesting to me, at least. My team is currently considering using OpenID for real business transactions and sorting out what is there and what is not there. For something that is not there, we have to create one and perhaps propose as a spec. Nat McGovern, James F (HTSC, IT) wrote: > Currently OpenID 2.0 is targeted for supporting consumer-oriented > interactions. I would love to develop a sense as to when/if members of > OpenID have any interest in sketching out B2B interactions where not > only identity is important but also assertion of authorization > information at runtime via XACML will be discussed? > > Players such as Vidoop can further expand their value proposition if > they were to noodle XACML support as part of OpenID as there are tons of > industry vertical federations that would benefit from such a solution... > > > * > This communication, including attachments, is > for the exclusive use of addressee and may contain proprietary, > confidential and/or privileged information. If you are not the intended > recipient, any use, copying, disclosure, dissemination or distribution is > strictly prohibited. If you are not the intended recipient, please notify > the sender immediately by return e-mail, delete this communication and > destroy all copies. > * > > ___ > specs mailing list > specs@openid.net > http://openid.net/mailman/listinfo/specs > ___ specs mailing list specs@openid.net http://openid.net/mailman/listinfo/specs
OpenID support for XACML
Currently OpenID 2.0 is targeted for supporting consumer-oriented interactions. I would love to develop a sense as to when/if members of OpenID have any interest in sketching out B2B interactions where not only identity is important but also assertion of authorization information at runtime via XACML will be discussed? Players such as Vidoop can further expand their value proposition if they were to noodle XACML support as part of OpenID as there are tons of industry vertical federations that would benefit from such a solution... * This communication, including attachments, is for the exclusive use of addressee and may contain proprietary, confidential and/or privileged information. If you are not the intended recipient, any use, copying, disclosure, dissemination or distribution is strictly prohibited. If you are not the intended recipient, please notify the sender immediately by return e-mail, delete this communication and destroy all copies. * ___ specs mailing list specs@openid.net http://openid.net/mailman/listinfo/specs
WS-XACML
OpenID should consider the following: http://blogs.sun.com/beuchelt/entry/ws_xacml ___ specs mailing list specs@openid.net http://openid.net/mailman/listinfo/specs
