Hey Nat,
Do you see this as being built atop Attribute Exchange for transport
or as something new that TX defines? I know Sxip had done work with
AX to enable passing signed and encrypted attributes using SAML
assertions.
Is "Trust Exchange" really the best name? Seems like "trust" is quite
a broad concept so something more specific might be better.
--David
On Oct 31, 2008, at 4:21 AM, Nat Sakimura wrote:
Dear Specification Council members:
In accordance with the OpenID Foundation IPR policies and procedures
this note proposes the formation of a new working group chartered to
produce an OpenID specification. As per Section 4.1 of the
Policies, the specifics of the proposed working group are:
Trust Exchange (TX) Extension WG Charter
In accordance with the OpenID Foundation IPR policies and procedures
this note proposes the formation of a new working group chartered to
produce an OpenID specification. As per Section 4.1 of the
Policies, the specifics of the proposed working group are:
Proposal:
(a) Charter.
(i) WG name: Trust Exchange Extension (TX)
(ii) Purpose: The purpose of this WG is to produce a standard
OpenID extension to the OpenID Authentication protocol that enables
arbitrary parties to create and exchange a mutually-digitally-signed
legally binding "contract". This protocol extension aims to be both
broadband and mobile friendly by defining appropriate bindings for
each use case.
Although this specification defines one default protocol for
transfering data based on the contract, the data transfer portion is
intended to be pluggable so that other protocols may also be used
for this purpose.
The extension is not intended to be a general method for defining
attributes; the scope is limited to a specific set of attributes
necessary for contract semantics. The extension will also define a
contract signature based on public key cryptography. When used with
a digital certificate signed by a third party, the contract and
signature can be used as an assertion of conformance to an
applicable assurance program.
(iii) Scope:
Scope of the work
Development of the specification including:
An extensible tag-value contract format
Public Key Cryptography based digital signature method applied to
the above contract format
Query/response communication protocols for establishing the contract
Default data transfer protocol based on the contract
Conformance requirements for other data transfer protocol bindings
Security, threats and Risk analysis
Perform Security Risk analysis and profiles for best practice
Out of scope
Term negotiation: Actual negotiation of the terms of a contract
should be dealt with out-of-band or by other specifications.
General purpose data type identifiers: this should be determined on
a per-community bases using other specifications such as OpenID
Attribute Exchange.
Assurance programs or other identity governance frameworks.
It is the intent that this specification be usable by any trust
community, whether it uses conventional PKI hierarchies, peer-to-
peer trust mechanisms, reputation systems, or other forms of trust
assurance. The specification of any particular trust root, trust
hierarchy, or trust policy is explicitly out of scope.
(iv) Proposed List of Specifications: TX 1.0, spec completion
expected in January 2009.
(v) Anticipated audience or users of the work: Implementers of
OpenID Providers and Relying Parties, especially those who require
security and accountability features to exchange sensitive customer
information (e.g. personally identifiable information and credit
card numbers) responsibly among trusted parties.
(vi) Language in which the WG will conduct business: English.
(vii) Method of work: E-mail discussions on the working group
mailing list, working group conference calls, and possibly face-to-
face meetings at conferences.
(viii) Basis for determining when the work of the WG is
completed: Draft 1 will be evaluated on the basis of whether they
increase or decrease consensus within the working group. The work
will be completed once it is apparent that maximal consensus on the
draft has been achieved, consistent with the purpose and scope.
(b) Background Information.
(i) Related work being done by other WGs or organizations:
LIberty Alliance Identity Governance Framework (IGF) 1.0 Draft
XML Advanced Electronic Signatures (XAdES)
(ii) Proposers:
Drummond Reed, [EMAIL PROTECTED], Cordance/Parity/OASIS
(U.S.A)
Henrik Biering, [EMAIL PROTECTED], Netamia (Denmark)
Hideki Nara, [EMAIL PROTECTED], Tact Communications (Japan)
John Bradeley, [EMAIL PROTECTED], OASIS IDTrust Member Section
(Canada)
Mike Graves, [EMAIL PROTECTED], JanRain, Inc. (U.S.A.)
Nat Sakimura, [EMAIL PROTECTED], Nomura Research Institute,
Ltd.(Japan)
Robert Ott, [EMAIL PROTECTED], Clavid (Switzerland)
Tatsuki Sakushima, [EMAIL PROTECTED], NRI America, Ltd. (U.S.A.)
Toru Yamaguchi, [EMAIL PROTECTED], Cyboze Lab (Japan)
Editors:
Nat Sakimura, [EMAIL PROTECTED], Nomura Research Institute, Ltd.
(iii) Anticipated Contributions:
(1) Sakimura, N., et. al "OpenID Trusted data eXchange Extention
Specification (draft)", Oct. 2008. [TX2008].
_______________________________________________
specs mailing list
specs@openid.net
http://openid.net/mailman/listinfo/specs
_______________________________________________
specs mailing list
specs@openid.net
http://openid.net/mailman/listinfo/specs
