In accordance with the OpenID Foundation IPR policies and
procedures<http://openid.net/foundation/intellectual-property/> this note
proposes the formation of a new working group chartered to produce an OpenID
specification. As per Section 4.1 of the Policies, the specifics of the
proposed working group are:
Proposal:
(a) Charter.
(i) WG name: Provider Authentication Policy Extension (PAPE)
(ii) Purpose: Produce a standard OpenID extension to the
OpenID Authentication protocol that: provides a mechanism by which a Relying
Party can request that particular authentication policies be applied by the
OpenID Provider when authenticating an End User and provides a mechanism by
which an OpenID Provider may inform a Relying Party which authentication
policies were used. Thus a Relying Party can request that the End User
authenticate, for example, using a phishing-resistant and/or multi-factor
authentication method.
(iii) Scope: Produce a revision of the PAPE 1.0 Draft 2
specification that clarifies its intent, while maintaining compatibility for
existing Draft 2 implementations. Adding any support for communicating
requests for or the use of specific authentication methods (as opposed to
authentication policies) is explicitly out of scope.
(iv) Proposed List of Specifications: Provider Authentication
Policy Extension 1.0, spec completion expected during May 2008.
(v) Anticipated audience or users of the work: Implementers
of OpenID Providers and Relying Parties – especially those interested in
mitigating the phishing vulnerabilities of logging into OpenID providers with
passwords.
(vi) Language in which the WG will conduct business: English.
(vii) Method of work: E-mail discussions on the working group
mailing list, working group conference calls, and possibly a face-to-face
meeting at the Internet Identity Workshop.
(viii) Basis for determining when the work of the WG is
completed: Proposed changes to draft 2 will be evaluated on the basis of
whether they increase or decrease consensus within the working group. The work
will be completed once it is apparent that maximal consensus on the draft has
been achieved, consistent with the purpose and scope.
(b) Background Information.
(i) Related work being done in other WGs or organizations:
(1) Assurance Levels as defined by the National Institute of Standards and
Technology (NIST) in Special Publication 800-63 (Burr, W., Dodson, D., and W.
Polk, Ed., “Electronic Authentication Guideline,” April 2006.) [NIST_SP800‑63].
This working group is needed to enable authentication policy statements to be
exchanged by OpenID endpoints. No coordination is needed with NIST, as the
PAPE specification uses elements of the NIST specification in the intended
fashion.
(ii) Proposers:
Michael B. Jones, [EMAIL
PROTECTED]<mailto:[EMAIL PROTECTED]>, Microsoft Corporation
David Recordon, [EMAIL PROTECTED]<mailto:[EMAIL
PROTECTED]>, Six Apart Corporation
Ben Laurie, [EMAIL PROTECTED]<mailto:[EMAIL
PROTECTED]>, Google Corporation
Drummond Reed, [EMAIL PROTECTED]<mailto:[EMAIL
PROTECTED]>, Cordance Corporation
John Bradley, [EMAIL PROTECTED]<mailto:[EMAIL
PROTECTED]>, Wingaa Corporation
Johnny Bufu, [EMAIL PROTECTED]<mailto:[EMAIL
PROTECTED]>, Independent
Editors:
Michael B. Jones, [EMAIL
PROTECTED]<mailto:[EMAIL PROTECTED]>, Microsoft Corporation
David Recordon, [EMAIL PROTECTED]<mailto:[EMAIL
PROTECTED]>, Six Apart Corporation
(iii) Anticipated Contributions: None.
====
(The rest of this note is informational and not part of the proposal to create
an OpenID working group.)
Given that the OpenID specification procedures call for votes of the
membership, this would be a good time for those wanting to influence the
outcome of this specification to join the OpenID Foundation. You can do so at
http://openid.net/foundation/join/. Should you wish to join the working group,
you will also need to execute the Contribution Agreement at
http://openid.net/foundation/intellectual-property/ once the working group
formation has been approved by the membership. After the Specifications
Council has responded to this request to create a working group (which must
happen within 15 days) a separate message will be sent asking those of you who
are OpenID members to vote on the working group creation, containing
instructions for how to do so.
-- Mike
_______________________________________________
specs mailing list
specs@openid.net
http://openid.net/mailman/listinfo/specs
