[prev in list] [next in list] [prev in thread] [next in thread]
List: openid-specs
Subject: RECOMMENDED: Proposal to create the PAPE working group
From: Dick Hardt <dick () sxip ! com>
Date: 2008-05-23 4:15:45
Message-ID: 51B18855-E32F-4F4C-B408-AB9B911E0559 () sxip ! com
[Download RAW message or body]
[Attachment #2 (multipart/alternative)]
The specifications council recommends that the Foundation members
approve the creation of the Provider Authentication Policy Extension
(PAPE) working group, as proposed below.
-- Dick
On 22-May-08, at 3:25 PM, Mike Jones wrote:
> This message is being sent to revise the proposal to create the PAPE
> working group, changing only one word, so that the projected
> completion date is July 2008, rather than May 2008. The complete
> text of the revised proposal follows.
>
> --- Mike
>
> In accordance with the OpenID Foundation IPR policies and procedures
> this note proposes the formation of a new working group chartered to
> produce an OpenID specification. As per Section 4.1 of the
> Policies, the specifics of the proposed working group are:
>
> Proposal:
> (a) Charter.
> (i) WG name: Provider Authentication Policy
> Extension (PAPE)
> (ii) Purpose: Produce a standard OpenID extension
> to the OpenID Authentication protocol that: provides a mechanism by
> which a Relying Party can request that particular authentication
> policies be applied by the OpenID Provider when authenticating an
> End User and provides a mechanism by which an OpenID Provider may
> inform a Relying Party which authentication policies were used. Thus
> a Relying Party can request that the End User authenticate, for
> example, using a phishing-resistant and/or multi-factor
> authentication method.
> (iii) Scope: Produce a revision of the PAPE 1.0
> Draft 2 specification that clarifies its intent, while maintaining
> compatibility for existing Draft 2 implementations. Adding any
> support for communicating requests for or the use of specific
> authentication methods (as opposed to authentication policies) is
> explicitly out of scope.
> (iv) Proposed List of Specifications: Provider
> Authentication Policy Extension 1.0, spec completion expected during
> July 2008.
> (v) Anticipated audience or users of the work:
> Implementers of OpenID Providers and Relying Parties – especially
> those interested in mitigating the phishing vulnerabilities of
> logging into OpenID providers with passwords.
> (vi) Language in which the WG will conduct
> business: English.
> (vii) Method of work: E-mail discussions on the
> working group mailing list, working group conference calls, and
> possibly a face-to-face meeting at the Internet Identity Workshop.
> (viii) Basis for determining when the work of the
> WG is completed: Proposed changes to draft 2 will be evaluated on
> the basis of whether they increase or decrease consensus within the
> working group. The work will be completed once it is apparent that
> maximal consensus on the draft has been achieved, consistent with
> the purpose and scope.
> (b) Background Information.
> (i) Related work being done in other WGs or
> organizations: (1) Assurance Levels as defined by the National
> Institute of Standards and Technology (NIST) in Special Publication
> 800-63 (Burr, W., Dodson, D., and W. Polk, Ed., "Electronic
> Authentication Guideline," April 2006.) [NIST_SP800‑63]. This
> working group is needed to enable authentication policy statements
> to be exchanged by OpenID endpoints. No coordination is needed with
> NIST, as the PAPE specification uses elements of the NIST
> specification in the intended fashion.
> (ii) Proposers:
> Michael B. Jones, mbj@microsoft.com,
> Microsoft Corporation
> David Recordon,
> drecordon@sixapart.com, Six Apart Corporation
> Ben Laurie, benl@google.com, Google
> Corporation
> Drummond Reed, drummond.reed@cordance.net
> , Cordance Corporation
> John Bradley,
> john.bradley@wingaa.com, Wingaa Corporation
> Johnny Bufu, johnny.bufu@gmail.com,
> Independent
> Dick Hardt, dick@sxip.com, Sxip
> Identity Corporation
> Editors:
> Michael B. Jones, mbj@microsoft.com,
> Microsoft Corporation
> David Recordon,
> drecordon@sixapart.com, Six Apart Corporation
> (iii) Anticipated Contributions: None.
>
> _______________________________________________
> specs mailing list
> specs@openid.net
> http://openid.net/mailman/listinfo/specs
[Attachment #5 (text/html)]
<html><body style="word-wrap: break-word; -webkit-nbsp-mode: space; \
-webkit-line-break: after-white-space; ">T<span class="Apple-style-span" \
style="font-family: Arial; font-size: 13px; ">he specifications council recommends \
that the Foundation members approve the creation of the Provider Authentication \
Policy Extension (PAPE) working group, as proposed \
below.</span><div><br></div><div>-- Dick</div><div><br><div><div>On 22-May-08, at \
3:25 PM, Mike Jones wrote:</div><br class="Apple-interchange-newline"><blockquote \
type="cite"><span class="Apple-style-span" style="border-collapse: separate; color: \
rgb(0, 0, 0); font-family: Helvetica; font-size: 12px; font-style: normal; \
font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: \
normal; orphans: 2; text-align: auto; text-indent: 0px; text-transform: none; \
white-space: normal; widows: 2; word-spacing: 0px; -webkit-border-horizontal-spacing: \
0px; -webkit-border-vertical-spacing: 0px; -webkit-text-decorations-in-effect: none; \
-webkit-text-size-adjust: auto; -webkit-text-stroke-width: 0; "><div lang="EN-US" \
link="blue" vlink="purple"><o:smarttagtype \
namespaceuri="urn:schemas-microsoft-com:office:smarttags" name="PersonName"><div \
class="Section1"><div style="margin-top: 0in; margin-right: 0in; margin-left: 0in; \
margin-bottom: 0.0001pt; font-size: 11pt; font-family: Calibri; "><font size="2" \
color="navy" face="Arial"><span style="font-size: 10pt; font-family: Arial; color: \
navy; ">This message is being sent to revise the proposal to create the PAPE working \
group, changing only one word, so that the projected completion date is July 2008, \
rather than May 2008. The complete text of the revised proposal \
follows.<o:p></o:p></span></font></div><div style="margin-top: 0in; margin-right: \
0in; margin-left: 0in; margin-bottom: 0.0001pt; font-size: 11pt; font-family: \
Calibri; "><font size="2" color="navy" face="Arial"><span style="font-size: 10pt; \
font-family: Arial; color: navy; "><o:p> </o:p></span></font></div><div \
style="margin-top: 0in; margin-right: 0in; margin-left: 0in; margin-bottom: 0.0001pt; \
font-size: 11pt; font-family: Calibri; "><font size="2" color="navy" \
face="Arial"><span style="font-size: 10pt; font-family: Arial; color: navy; \
"> \
&n \
bsp; &nbs \
p; \
--- Mike<o:p></o:p></span></font></div><div style="margin-top: 0in; margin-right: \
0in; margin-left: 0in; margin-bottom: 0.0001pt; font-size: 11pt; font-family: \
Calibri; "><font size="2" face="Calibri"><span style="font-size: 11pt; \
"><o:p> </o:p></span></font></div><div style="margin-top: 0in; margin-right: \
0in; margin-left: 0in; margin-bottom: 0.0001pt; font-size: 11pt; font-family: \
Calibri; "><font size="2" face="Calibri"><span style="font-size: 11pt; ">In \
accordance with the OpenID Foundation<span \
class="Apple-converted-space"> </span><a \
href="http://openid.net/foundation/intellectual-property/" style="color: blue; \
text-decoration: underline; ">IPR policies and procedures</a><span \
class="Apple-converted-space"> </span>this note proposes the formation of a new \
working group chartered to produce an OpenID specification. As per Section 4.1 \
of the Policies, the specifics of the proposed working group \
are:<o:p></o:p></span></font></div><div style="margin-top: 0in; margin-right: 0in; \
margin-left: 0in; margin-bottom: 0.0001pt; font-size: 11pt; font-family: Calibri; \
"><font size="2" face="Calibri"><span style="font-size: 11pt; \
"><o:p> </o:p></span></font></div><div style="margin-top: 0in; margin-right: \
0in; margin-left: 0in; margin-bottom: 0.0001pt; font-size: 11pt; font-family: \
Calibri; "><b><font size="2" face="Calibri"><span style="font-size: 11pt; \
font-weight: bold; ">Proposal:<o:p></o:p></span></font></b></div><div \
style="margin-top: 0in; margin-right: 0in; margin-left: 0in; margin-bottom: 0.0001pt; \
font-size: 11pt; font-family: Calibri; "><b><font size="2" face="Calibri"><span \
style="font-size: 11pt; font-weight: bold; ">(a)</span></font></b> <span \
class="Apple-converted-space"> </span><i><u><span style="font-style: italic; \
">Charter</span></u></i>.<o:p></o:p></div><div style="margin-top: 0in; margin-right: \
0in; margin-left: 0in; margin-bottom: 0.0001pt; font-size: 11pt; font-family: \
Calibri; "><font size="2" face="Calibri"><span style="font-size: 11pt; \
"> <span \
class="Apple-converted-space"> </span><b><span style="font-weight: bold; \
">(i)</span></b> WG name: Provider Authentication Policy Extension \
(PAPE)<o:p></o:p></span></font></div><div style="margin-top: 0in; margin-right: 0in; \
margin-left: 0in; margin-bottom: 0.0001pt; font-size: 11pt; font-family: Calibri; \
"><font size="2" face="Calibri"><span style="font-size: 11pt; \
"> <span \
class="Apple-converted-space"> </span><b><span style="font-weight: bold; \
">(ii)</span></b> Purpose: Produce a standard OpenID extension to the \
OpenID Authentication protocol that: provides a mechanism by which a Relying \
Party can request that particular authentication policies be applied by the OpenID \
Provider when authenticating an End User and provides a mechanism by which an OpenID \
Provider may inform a Relying Party which authentication policies were used. Thus a \
Relying Party can request that the End User authenticate, for example, using a \
phishing-resistant and/or multi-factor authentication \
method.<o:p></o:p></span></font></div><div style="margin-top: 0in; margin-right: 0in; \
margin-left: 0in; margin-bottom: 0.0001pt; font-size: 11pt; font-family: Calibri; \
"><font size="2" face="Calibri"><span style="font-size: 11pt; \
"> <span \
class="Apple-converted-space"> </span><b><span style="font-weight: bold; \
">(iii)</span></b> Scope: Produce a revision of the PAPE 1.0 Draft 2 \
specification that clarifies its intent, while maintaining compatibility for existing \
Draft 2 implementations. Adding any support for communicating requests for or \
the use of specific authentication methods (as opposed to authentication policies) is \
explicitly out of scope.<o:p></o:p></span></font></div><div style="margin-top: 0in; \
margin-right: 0in; margin-left: 0in; margin-bottom: 0.0001pt; font-size: 11pt; \
font-family: Calibri; "><font size="2" face="Calibri"><span style="font-size: 11pt; \
"> <span \
class="Apple-converted-space"> </span><b><span style="font-weight: bold; \
">(iv)</span></b> Proposed List of Specifications: Provider \
Authentication Policy Extension 1.0, spec completion expected during July \
2008.<o:p></o:p></span></font></div><div style="margin-top: 0in; margin-right: 0in; \
margin-left: 0in; margin-bottom: 0.0001pt; font-size: 11pt; font-family: Calibri; \
"><font size="2" face="Calibri"><span style="font-size: 11pt; \
"> <span \
class="Apple-converted-space"> </span><b><span style="font-weight: bold; \
">(v)</span></b> Anticipated audience or users of the work: Implementers \
of OpenID Providers and Relying Parties – especially those interested in mitigating \
the phishing vulnerabilities of logging into OpenID providers with \
passwords.<o:p></o:p></span></font></div><div style="margin-top: 0in; margin-right: \
0in; margin-left: 0in; margin-bottom: 0.0001pt; font-size: 11pt; font-family: \
Calibri; "><font size="2" face="Calibri"><span style="font-size: 11pt; \
"> <span \
class="Apple-converted-space"> </span><b><span style="font-weight: bold; \
">(vi)</span></b> Language in which the WG will conduct business: \
English.<o:p></o:p></span></font></div><div style="margin-top: 0in; margin-right: \
0in; margin-left: 0in; margin-bottom: 0.0001pt; font-size: 11pt; font-family: \
Calibri; "><font size="2" face="Calibri"><span style="font-size: 11pt; \
"> <span \
class="Apple-converted-space"> </span><b><span style="font-weight: bold; \
">(vii)</span></b> Method of work: E-mail discussions on the working \
group mailing list, working group conference calls, and possibly a face-to-face \
meeting at the Internet Identity Workshop.<o:p></o:p></span></font></div><div \
style="margin-top: 0in; margin-right: 0in; margin-left: 0in; margin-bottom: 0.0001pt; \
font-size: 11pt; font-family: Calibri; "><font size="2" face="Calibri"><span \
style="font-size: 11pt; \
"> <span \
class="Apple-converted-space"> </span><b><span style="font-weight: bold; \
">(viii)</span></b> Basis for determining when the work of the WG is \
completed: Proposed changes to draft 2 will be evaluated on the basis of \
whether they increase or decrease consensus within the working group. The work \
will be completed once it is apparent that maximal consensus on the draft has been \
achieved, consistent with the purpose and scope.<o:p></o:p></span></font></div><div \
style="margin-top: 0in; margin-right: 0in; margin-left: 0in; margin-bottom: 0.0001pt; \
font-size: 11pt; font-family: Calibri; "><b><font size="2" face="Calibri"><span \
style="font-size: 11pt; font-weight: bold; ">(b)</span></font></b> <span \
class="Apple-converted-space"> </span><i><u><span style="font-style: italic; \
">Background Information</span></u></i>.<o:p></o:p></div><div style="margin-top: 0in; \
margin-right: 0in; margin-left: 0in; margin-bottom: 0.0001pt; font-size: 11pt; \
font-family: Calibri; "><font size="2" face="Calibri"><span style="font-size: 11pt; \
"> <span \
class="Apple-converted-space"> </span><b><span style="font-weight: bold; \
">(i)</span></b> Related work being done in other WGs or organizations: \
(1) Assurance Levels as defined by the National Institute of Standards and Technology \
(NIST) in Special Publication 800-63 (Burr, W., Dodson, D., and W. Polk, Ed., \
"Electronic Authentication Guideline," April 2006.) [NIST_SP800‑63]. This \
working group is needed to enable authentication policy statements to be exchanged by \
OpenID endpoints. No coordination is needed with NIST, as the PAPE \
specification uses elements of the NIST specification in the intended \
fashion.<o:p></o:p></span></font></div><div style="margin-top: 0in; margin-right: \
0in; margin-left: 0in; margin-bottom: 0.0001pt; font-size: 11pt; font-family: \
Calibri; "><font size="2" face="Calibri"><span style="font-size: 11pt; \
"> <span \
class="Apple-converted-space"> </span><b><span style="font-weight: bold; \
">(ii)</span></b> Proposers:<o:p></o:p></span></font></div><div \
style="margin-top: 0in; margin-right: 0in; margin-left: 0in; margin-bottom: 0.0001pt; \
font-size: 11pt; font-family: Calibri; "><font size="2" face="Calibri"><span \
style="font-size: 11pt; \
"> \
\
Michael B. Jones,<span class="Apple-converted-space"> </span><a \
href="mailto:mbj@microsoft.com" style="color: blue; text-decoration: underline; \
">mbj@microsoft.com</a>,<span \
class="Apple-converted-space"> </span><st1:personname \
w:st="on">Microsoft</st1:personname><span \
class="Apple-converted-space"> </span>Corporation<o:p></o:p></span></font></div><div \
style="margin-top: 0in; margin-right: 0in; margin-left: 0in; margin-bottom: 0.0001pt; \
font-size: 11pt; font-family: Calibri; "><font size="2" face="Calibri"><span \
style="font-size: 11pt; \
"> \
<span \
class="Apple-converted-space"> </span><st1:personname w:st="on">David \
Recordon</st1:personname>,<span class="Apple-converted-space"> </span><a \
href="mailto:drecordon@sixapart.com" style="color: blue; text-decoration: underline; \
">drecordon@sixapart.com</a>, Six Apart \
Corporation<o:p></o:p></span></font></div><div style="margin-top: 0in; margin-right: \
0in; margin-left: 0in; margin-bottom: 0.0001pt; font-size: 11pt; font-family: \
Calibri; "><font size="2" face="Calibri"><span style="font-size: 11pt; \
"> \
<span \
class="Apple-converted-space"> </span><st1:personname w:st="on">Ben \
Laurie</st1:personname>,<span class="Apple-converted-space"> </span><a \
href="mailto:benl@google.com" style="color: blue; text-decoration: underline; \
">benl@google.com</a>, Google Corporation<o:p></o:p></span></font></div><div \
style="margin-top: 0in; margin-right: 0in; margin-left: 0in; margin-bottom: 0.0001pt; \
font-size: 11pt; font-family: Calibri; "><font size="2" face="Calibri"><span \
style="font-size: 11pt; \
"> \
<span \
class="Apple-converted-space"> </span><st1:personname w:st="on">Drummond \
Reed</st1:personname>,<span class="Apple-converted-space"> </span><a \
href="mailto:drummond.reed@cordance.net" style="color: blue; text-decoration: \
underline; ">drummond.reed@cordance.net</a>, Cordance \
Corporation<o:p></o:p></span></font></div><div style="margin-top: 0in; margin-right: \
0in; margin-left: 0in; margin-bottom: 0.0001pt; font-size: 11pt; font-family: \
Calibri; "><font size="2" face="Calibri"><span style="font-size: 11pt; \
"> \
<span \
class="Apple-converted-space"> </span><st1:personname w:st="on"><st1:personname \
w:st="on">John</st1:personname><span \
class="Apple-converted-space"> </span>Bradley</st1:personname>,<span \
class="Apple-converted-space"> </span><a href="mailto:john.bradley@wingaa.com" \
style="color: blue; text-decoration: underline; ">john.bradley@wingaa.com</a>, Wingaa \
Corporation<o:p></o:p></span></font></div><div style="margin-top: 0in; margin-right: \
0in; margin-left: 0in; margin-bottom: 0.0001pt; font-size: 11pt; font-family: \
Calibri; "><font size="2" color="#1f497d" face="Calibri"><span style="font-size: \
11pt; color: rgb(31, 73, 125); \
"> \
<span \
class="Apple-converted-space"> </span></span></font><st1:personname \
w:st="on"><st1:personname w:st="on">John</st1:personname>ny \
Bufu</st1:personname>,<span class="Apple-converted-space"> </span><a \
_______________________________________________
specs mailing list
specs@openid.net
http://openid.net/mailman/listinfo/specs
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic