[OIDFSC] FW: Proposal to create the TX working group

David Recordon recordond at gmail.com
Wed Dec 31 00:33:07 PST 2008


Hi Nat,
I read Josh's email as agreeing with Mike's statement of:

> The OpenID Specifications Council recommends that members reject this
> proposal to create a working group because the charter is excessively broad,
> it seems to propose the creation of new mechanisms that unnecessarily create
> new ways to do accomplish existing tasks, such as digital signatures, and it
> the proposal is not sufficiently clear on whether it builds upon existing
> mechanisms such as AX 1.0 in a compatible manner, or whether it requires
> breaking changes to these underlying protocols.


While you have clarified that you don't intend to create a new XML signature
mechanism, OAuth describes a mechanism to use public keys to sign these
sorts of parameters.  Signatures aside, as Mike said other aspects of the
charter seem quite broad and it is unclear how it will build upon AX 1.0 and
other underlying existing OpenID technologies.

Given the draft charter at
http://wiki.openid.net/Working_Groups%3AContract_Exchange_1:
1) The purpose of producing a series of extensions seems too broad.  OpenID
was born on the idea of doing one simple thing and we've seen success with
OpenID and related technologies when they are made up of small pieces
loosely joined.  OpenID Authentication 2.0 broke this rule in some areas and
we're now seeing the repercussions of doing so.

2) In what jurisdictions are these contracts legally binding?  Is "arbitrary
parties to create and exchange a mutually-digitally-signed legally binding
'contract'" a justifiable statement or should it be toned down?  It should
also be kept in mind that since OpenID's creation it has been very clear
that OpenID does not provide trust, but rather trust can be built on top of
identity.  I'm not saying that OpenID should never deal with trust, just
trying to understand if this Working Group intends to change how OpenID
currently does not create this form of trust.

3) The purpose says that the Working Group intends to possibly extend AX and
create a series of specifications.  It does not seem prudent to give a
Working Group the ability to arbitrarily extend an existing extension or
create an unlimited number of specifications.

4) The Scope section is still not clear as to what the Working Group will
actually be producing.  I would prefer to see the section rewritten, maybe
mimicking the structure currently being considered for the specification.

As to if you wish to force this proposal forward, I do not believe that it
currently has sufficient support within the OpenID community to succeed and
that its broad scope contravenes the community's purpose.  This is why I'm
really hoping that the proposal can be refined to something which will be
successful that a broad community can get behind!

--David

On Tue, Dec 30, 2008 at 9:03 PM, Nat Sakimura <sakimura at gmail.com> wrote:

> Hi Josh,
>
> To which statement did you agree?
>
> There has been a several things that has been pointed out, but I think I
> have answered to them.
>
> For example, for XML Sig, I have stated that this spec is not for XML,
> etc.
> For modularization, yes, that is a possibility but a scope needs to be able
> to cover a field that it requires, even if it ends up not covering that
> field.
> It is impossible to widen the scope though narrowing it down at a later
> date is easy.
>
> Unfortunately, I have not heard back any concrete response for amendments.
> It would be more constructive to have those.
>
> Also, if you are giving advise to the membership an recommendation for not
> approving it, you need to state the reasons concretely.
>
> It needs to be one of
>
> (a)    an incomplete Proposal (i.e., failure to comply with §4.1);
> (b)    a determination that the proposal contravenes the OpenID community's
> purpose;
> (c)    a determination that the proposed WG does not have sufficient
> support to succeed
>          or to deliver proposed deliverables within projected completion
> dates; or
> (d)    a  determination that the proposal is likely to cause legal
> liability for the OIDF or others.
>
> and should state why the proposal falls into one of the criteria concretely
> and accountably.
>
> Regards,
>
> =nat
>
> On Wed, Dec 31, 2008 at 7:58 AM, Josh Hoyt <josh at janrain.com> wrote:
>
>> On Tue, Dec 30, 2008 at 12:17 PM, Mike Jones
>> <Michael.Jones at microsoft.com> wrote:
>> > I realize it was Christmas week but it's been a week and we've heard
>> nothing
>> > from any of the other specs council members on this proposal (or the
>> other
>> > one as well).
>>
>> I agree with the statement that you made about this proposal.
>>
>> Josh
>>
>
>
>
> --
> Nat Sakimura (=nat)
> http://www.sakimura.org/en/
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://openid.net/pipermail/specs-council/attachments/20081231/e2df7e18/attachment-0001.htm 


More information about the specs-council mailing list