<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:x="urn:schemas-microsoft-com:office:excel" xmlns:p="urn:schemas-microsoft-com:office:powerpoint" xmlns:a="urn:schemas-microsoft-com:office:access" xmlns:dt="uuid:C2F41010-65B3-11d1-A29F-00AA00C14882" xmlns:s="uuid:BDC6E3F0-6DA3-11d1-A2A3-00AA00C14882" xmlns:rs="urn:schemas-microsoft-com:rowset" xmlns:z="#RowsetSchema" xmlns:b="urn:schemas-microsoft-com:office:publisher" xmlns:ss="urn:schemas-microsoft-com:office:spreadsheet" xmlns:c="urn:schemas-microsoft-com:office:component:spreadsheet" xmlns:odc="urn:schemas-microsoft-com:office:odc" xmlns:oa="urn:schemas-microsoft-com:office:activation" xmlns:html="http://www.w3.org/TR/REC-html40" xmlns:q="http://schemas.xmlsoap.org/soap/envelope/" xmlns:D="DAV:" xmlns:x2="http://schemas.microsoft.com/office/excel/2003/xml" xmlns:ois="http://schemas.microsoft.com/sharepoint/soap/ois/" xmlns:dir="http://schemas.microsoft.com/sharepoint/soap/directory/" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:dsp="http://schemas.microsoft.com/sharepoint/dsp" xmlns:udc="http://schemas.microsoft.com/data/udc" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:sub="http://schemas.microsoft.com/sharepoint/soap/2002/1/alerts/" xmlns:ec="http://www.w3.org/2001/04/xmlenc#" xmlns:sp="http://schemas.microsoft.com/sharepoint/" xmlns:sps="http://schemas.microsoft.com/sharepoint/soap/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:udcxf="http://schemas.microsoft.com/data/udc/xmlfile" xmlns:wf="http://schemas.microsoft.com/sharepoint/soap/workflow/" xmlns:mver="http://schemas.openxmlformats.org/markup-compatibility/2006" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns:mrels="http://schemas.openxmlformats.org/package/2006/relationships" xmlns:ex12t="http://schemas.microsoft.com/exchange/services/2006/types" xmlns:ex12m="http://schemas.microsoft.com/exchange/services/2006/messages" xmlns:Z="urn:schemas-microsoft-com:" xmlns:st="" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv=Content-Type content="text/html; charset=iso-8859-1">
<meta name=Generator content="Microsoft Word 12 (filtered medium)">
<style>
<!--
/* Font Definitions */
@font-face
{font-family:Century;
panose-1:2 4 6 4 5 5 5 2 3 4;}
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Tahoma;
panose-1:2 11 6 4 3 5 4 4 2 4;}
@font-face
{font-family:Verdana;
panose-1:2 11 6 4 3 5 4 4 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Times New Roman","serif";}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
p
{mso-style-priority:99;
mso-margin-top-alt:auto;
margin-right:0in;
mso-margin-bottom-alt:auto;
margin-left:0in;
font-size:12.0pt;
font-family:"Times New Roman","serif";}
p.ClauseLevel1, li.ClauseLevel1, div.ClauseLevel1
{mso-style-name:"Clause Level 1";
mso-style-priority:99;
margin-top:0in;
margin-right:0in;
margin-bottom:6.0pt;
margin-left:0in;
text-align:justify;
text-indent:0in;
mso-list:l6 level1 lfo1;
font-size:9.0pt;
font-family:"Verdana","sans-serif";}
p.ClauseLevel2, li.ClauseLevel2, div.ClauseLevel2
{mso-style-name:"Clause Level 2";
mso-style-priority:99;
margin-top:0in;
margin-right:0in;
margin-bottom:6.0pt;
margin-left:0in;
text-align:justify;
text-indent:.35in;
mso-list:l6 level2 lfo1;
font-size:9.0pt;
font-family:"Verdana","sans-serif";}
p.ClauseLevel3, li.ClauseLevel3, div.ClauseLevel3
{mso-style-name:"Clause Level 3";
mso-style-priority:99;
margin-top:0in;
margin-right:0in;
margin-bottom:6.0pt;
margin-left:0in;
text-align:justify;
text-indent:.7in;
mso-list:l6 level3 lfo1;
font-size:9.0pt;
font-family:"Verdana","sans-serif";}
p.ClauseLevel4, li.ClauseLevel4, div.ClauseLevel4
{mso-style-name:"Clause Level 4";
mso-style-priority:99;
margin-top:0in;
margin-right:0in;
margin-bottom:6.0pt;
margin-left:0in;
text-align:justify;
text-indent:1.05in;
mso-list:l6 level4 lfo1;
font-size:9.0pt;
font-family:"Verdana","sans-serif";}
span.EmailStyle22
{mso-style-type:personal;
font-family:"Calibri","sans-serif";
color:#1F497D;}
span.EmailStyle24
{mso-style-type:personal-reply;
font-family:"Calibri","sans-serif";
color:#1F497D;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page Section1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.Section1
{page:Section1;}
/* List Definitions */
@list l0
{mso-list-id:27924189;
mso-list-template-ids:-1928952254;}
@list l0:level1
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l0:level2
{mso-level-tab-stop:1.0in;
mso-level-number-position:left;
text-indent:-.25in;}
@list l0:level3
{mso-level-tab-stop:1.5in;
mso-level-number-position:left;
text-indent:-.25in;}
@list l0:level4
{mso-level-tab-stop:2.0in;
mso-level-number-position:left;
text-indent:-.25in;}
@list l0:level5
{mso-level-tab-stop:2.5in;
mso-level-number-position:left;
text-indent:-.25in;}
@list l0:level6
{mso-level-tab-stop:3.0in;
mso-level-number-position:left;
text-indent:-.25in;}
@list l0:level7
{mso-level-tab-stop:3.5in;
mso-level-number-position:left;
text-indent:-.25in;}
@list l0:level8
{mso-level-tab-stop:4.0in;
mso-level-number-position:left;
text-indent:-.25in;}
@list l0:level9
{mso-level-tab-stop:4.5in;
mso-level-number-position:left;
text-indent:-.25in;}
@list l1
{mso-list-id:325062366;
mso-list-template-ids:1088967064;}
@list l1:level1
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l1:level2
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:1.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:"Courier New";
mso-bidi-font-family:"Times New Roman";}
@list l1:level3
{mso-level-tab-stop:1.5in;
mso-level-number-position:left;
text-indent:-.25in;}
@list l1:level4
{mso-level-tab-stop:2.0in;
mso-level-number-position:left;
text-indent:-.25in;}
@list l1:level5
{mso-level-tab-stop:2.5in;
mso-level-number-position:left;
text-indent:-.25in;}
@list l1:level6
{mso-level-tab-stop:3.0in;
mso-level-number-position:left;
text-indent:-.25in;}
@list l1:level7
{mso-level-tab-stop:3.5in;
mso-level-number-position:left;
text-indent:-.25in;}
@list l1:level8
{mso-level-tab-stop:4.0in;
mso-level-number-position:left;
text-indent:-.25in;}
@list l1:level9
{mso-level-tab-stop:4.5in;
mso-level-number-position:left;
text-indent:-.25in;}
@list l2
{mso-list-id:733815619;
mso-list-template-ids:207387910;}
@list l2:level1
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l2:level2
{mso-level-tab-stop:1.0in;
mso-level-number-position:left;
text-indent:-.25in;}
@list l2:level3
{mso-level-tab-stop:1.5in;
mso-level-number-position:left;
text-indent:-.25in;}
@list l2:level4
{mso-level-tab-stop:2.0in;
mso-level-number-position:left;
text-indent:-.25in;}
@list l2:level5
{mso-level-tab-stop:2.5in;
mso-level-number-position:left;
text-indent:-.25in;}
@list l2:level6
{mso-level-tab-stop:3.0in;
mso-level-number-position:left;
text-indent:-.25in;}
@list l2:level7
{mso-level-tab-stop:3.5in;
mso-level-number-position:left;
text-indent:-.25in;}
@list l2:level8
{mso-level-tab-stop:4.0in;
mso-level-number-position:left;
text-indent:-.25in;}
@list l2:level9
{mso-level-tab-stop:4.5in;
mso-level-number-position:left;
text-indent:-.25in;}
@list l3
{mso-list-id:920219090;
mso-list-template-ids:-709467064;}
@list l3:level1
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l3:level2
{mso-level-tab-stop:1.0in;
mso-level-number-position:left;
text-indent:-.25in;}
@list l3:level3
{mso-level-tab-stop:1.5in;
mso-level-number-position:left;
text-indent:-.25in;}
@list l3:level4
{mso-level-tab-stop:2.0in;
mso-level-number-position:left;
text-indent:-.25in;}
@list l3:level5
{mso-level-tab-stop:2.5in;
mso-level-number-position:left;
text-indent:-.25in;}
@list l3:level6
{mso-level-tab-stop:3.0in;
mso-level-number-position:left;
text-indent:-.25in;}
@list l3:level7
{mso-level-tab-stop:3.5in;
mso-level-number-position:left;
text-indent:-.25in;}
@list l3:level8
{mso-level-tab-stop:4.0in;
mso-level-number-position:left;
text-indent:-.25in;}
@list l3:level9
{mso-level-tab-stop:4.5in;
mso-level-number-position:left;
text-indent:-.25in;}
@list l4
{mso-list-id:1485972439;
mso-list-template-ids:1520363796;}
@list l4:level1
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l4:level2
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:1.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:"Courier New";
mso-bidi-font-family:"Times New Roman";}
@list l4:level3
{mso-level-tab-stop:1.5in;
mso-level-number-position:left;
text-indent:-.25in;}
@list l4:level4
{mso-level-tab-stop:2.0in;
mso-level-number-position:left;
text-indent:-.25in;}
@list l4:level5
{mso-level-tab-stop:2.5in;
mso-level-number-position:left;
text-indent:-.25in;}
@list l4:level6
{mso-level-tab-stop:3.0in;
mso-level-number-position:left;
text-indent:-.25in;}
@list l4:level7
{mso-level-tab-stop:3.5in;
mso-level-number-position:left;
text-indent:-.25in;}
@list l4:level8
{mso-level-tab-stop:4.0in;
mso-level-number-position:left;
text-indent:-.25in;}
@list l4:level9
{mso-level-tab-stop:4.5in;
mso-level-number-position:left;
text-indent:-.25in;}
@list l5
{mso-list-id:2103211665;
mso-list-template-ids:-606328754;}
@list l5:level1
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l5:level2
{mso-level-tab-stop:1.0in;
mso-level-number-position:left;
text-indent:-.25in;}
@list l5:level3
{mso-level-tab-stop:1.5in;
mso-level-number-position:left;
text-indent:-.25in;}
@list l5:level4
{mso-level-tab-stop:2.0in;
mso-level-number-position:left;
text-indent:-.25in;}
@list l5:level5
{mso-level-tab-stop:2.5in;
mso-level-number-position:left;
text-indent:-.25in;}
@list l5:level6
{mso-level-tab-stop:3.0in;
mso-level-number-position:left;
text-indent:-.25in;}
@list l5:level7
{mso-level-tab-stop:3.5in;
mso-level-number-position:left;
text-indent:-.25in;}
@list l5:level8
{mso-level-tab-stop:4.0in;
mso-level-number-position:left;
text-indent:-.25in;}
@list l5:level9
{mso-level-tab-stop:4.5in;
mso-level-number-position:left;
text-indent:-.25in;}
@list l6
{mso-list-id:2120446173;
mso-list-template-ids:2037165994;}
@list l6:level1
{mso-level-style-link:"Clause Level 1";
mso-level-text:%1;
mso-level-tab-stop:.35in;
mso-level-number-position:left;
margin-left:0in;
text-indent:0in;
mso-ansi-font-size:9.0pt;
font-family:"Verdana","sans-serif";
mso-ansi-font-weight:bold;
mso-ansi-font-style:normal;}
@list l6:level2
{mso-level-style-link:"Clause Level 2";
mso-level-text:"%1\.%2";
mso-level-tab-stop:.7in;
mso-level-number-position:left;
margin-left:0in;
text-indent:.35in;
mso-ansi-font-size:9.0pt;
font-family:"Verdana","sans-serif";
mso-ansi-font-weight:bold;
mso-ansi-font-style:normal;}
@list l6:level3
{mso-level-number-format:alpha-lower;
mso-level-style-link:"Clause Level 3";
mso-level-text:"\(%3\)";
mso-level-tab-stop:1.05in;
mso-level-number-position:left;
margin-left:0in;
text-indent:.7in;
mso-ansi-font-size:9.0pt;
font-family:"Verdana","sans-serif";
mso-ansi-font-weight:bold;
mso-ansi-font-style:normal;}
@list l6:level4
{mso-level-number-format:roman-lower;
mso-level-style-link:"Clause Level 4";
mso-level-text:"\(%4\)";
mso-level-tab-stop:1.4in;
mso-level-number-position:left;
margin-left:0in;
text-indent:1.05in;
mso-ansi-font-size:9.0pt;
font-family:"Verdana","sans-serif";
mso-ansi-font-weight:bold;
mso-ansi-font-style:normal;}
@list l6:level5
{mso-level-number-format:alpha-lower;
mso-level-text:"\(%5\)";
mso-level-tab-stop:none;
mso-level-number-position:left;
margin-left:1.25in;
text-indent:-.25in;}
@list l6:level6
{mso-level-number-format:roman-lower;
mso-level-text:"\(%6\)";
mso-level-tab-stop:none;
mso-level-number-position:left;
margin-left:1.5in;
text-indent:-.25in;}
@list l6:level7
{mso-level-tab-stop:none;
mso-level-number-position:left;
margin-left:1.75in;
text-indent:-.25in;}
@list l6:level8
{mso-level-number-format:alpha-lower;
mso-level-tab-stop:none;
mso-level-number-position:left;
margin-left:2.0in;
text-indent:-.25in;}
@list l6:level9
{mso-level-number-format:roman-lower;
mso-level-tab-stop:none;
mso-level-number-position:left;
margin-left:2.25in;
text-indent:-.25in;}
ol
{margin-bottom:0in;}
ul
{margin-bottom:0in;}
-->
</style>
<!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang=EN-US link=blue vlink=purple>
<div class=Section1>
<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'>Forwarding this note to the list to kick off the actual specs
council work on this spec…<o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'><o:p> </o:p></span></p>
<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'>(Nat, if there’s a newer version of this proposal can you
please reply to the list so we’re considering the right version?)<o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'><o:p> </o:p></span></p>
<div>
<div style='border:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt 0in 0in 0in'>
<p class=MsoNormal><b><span style='font-size:10.0pt;font-family:"Tahoma","sans-serif"'>From:</span></b><span
style='font-size:10.0pt;font-family:"Tahoma","sans-serif"'> Mike Jones <br>
<b>Sent:</b> Wednesday, December 03, 2008 11:01 PM<br>
<b>To:</b> Johnny Bufu; Brad Fitzpatrick; 'Dick Hardt'; Josh Hoyt; David
Recordon; Allen Tom<br>
<b>Subject:</b> Specifications council actions needed<o:p></o:p></span></p>
</div>
</div>
<p class=MsoNormal><o:p> </o:p></p>
<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'>Dear fellow Specifications Council members,<o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'><o:p> </o:p></span></p>
<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'>The OIDF procedures include:<o:p></o:p></span></p>
<p class=ClauseLevel2 style='margin-left:.35in;text-indent:0in;mso-list:none'><a
name="_Ref175333071"><b>4.2 Review.</b> The Specifications Council
will review each proposal within 15 days after receipt and promptly provide
notice to </a><a href="mailto:specs@openid.net">specs@openid.net</a> of its
recommendation to either accept or reject it, together with a brief statement
of the rationale for its recommendation (including any findings or opinions by
the Specifications Council regarding the criteria for rejection in the
following clauses (a)-(d). The decision to accept or reject the proposal
will then promptly be submitted to a vote of the OIDF membership, in accordance
with the voting procedures in §3. If a proposal is rejected, it may be
modified and resubmitted. The reasons for rejection will be limited to:<o:p></o:p></p>
<p class=ClauseLevel3 style='margin-left:0in'><a name="_Ref185441723"><![if !supportLists]><b><span
style='mso-list:Ignore'>(a)<span style='font:7.0pt "Times New Roman"'>
</span></span></b><![endif]>an incomplete Proposal (i.e., failure to comply
with §</a>4.1);<o:p></o:p></p>
<p class=ClauseLevel3 style='margin-left:0in'><![if !supportLists]><b><span
style='mso-list:Ignore'>(b)<span style='font:7.0pt "Times New Roman"'>
</span></span></b><![endif]>a determination that the proposal contravenes the
OpenID community’s purpose;<o:p></o:p></p>
<p class=ClauseLevel3 style='margin-left:0in'><![if !supportLists]><b><span
style='mso-list:Ignore'>(c)<span style='font:7.0pt "Times New Roman"'>
</span></span></b><![endif]>a determination that the proposed WG does not have
sufficient support to succeed or to deliver proposed deliverables within
projected completion dates; or<o:p></o:p></p>
<p class=ClauseLevel3 style='margin-left:0in'><a name="_Ref185441727"><![if !supportLists]><b><span
style='mso-list:Ignore'>(d)<span style='font:7.0pt "Times New Roman"'>
</span></span></b><![endif]>a determination that the proposal is likely
to cause legal liability for the OIDF or others</a>.<o:p></o:p></p>
<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'><o:p> </o:p></span></p>
<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'>We’ve failed to uphold our responsibility to respond
within 15 days to the proposal below. Can we begin discussion on the
technical merits of the proposal now and reach a consensus determination
soon? I believe we owe that to the community.<o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'><o:p> </o:p></span></p>
<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'>
Thanks,<o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'>
-- Mike<o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'><o:p> </o:p></span></p>
<div style='border:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt 0in 0in 0in'>
<p class=MsoNormal><b><span style='font-size:10.0pt;font-family:"Tahoma","sans-serif"'>From:</span></b><span
style='font-size:10.0pt;font-family:"Tahoma","sans-serif"'>
specs-bounces@openid.net [mailto:specs-bounces@openid.net] <b>On Behalf Of </b>Nat
Sakimura<br>
<b>Sent:</b> Thursday, November 13, 2008 8:40 AM<br>
<b>To:</b> specs@openid.net; david@sixapart.com; Dick Hardt<br>
<b>Subject:</b> Re: Proposal to create the TX working group<o:p></o:p></span></p>
</div>
<p class=MsoNormal><o:p> </o:p></p>
<p class=MsoNormal style='margin-bottom:12.0pt'>I was pointed out by Dick that
"Key Exchnage" really should be "Key Discovery". I agree.
So, I would do s/Key Exchange/Key Discovery/g. <br>
<br>
Cheers, <br>
<br>
=nat<o:p></o:p></p>
<div>
<p class=MsoNormal>On Thu, Nov 13, 2008 at 4:02 PM, Nat Sakimura <<a
href="mailto:sakimura@gmail.com">sakimura@gmail.com</a>> wrote:<o:p></o:p></p>
<p class=MsoNormal style='margin-bottom:12.0pt'>Hi. <br>
<br>
Here is the modified version of the charter based on the discussion at IIW. I
chose Contract Exchange instead of Contract Negotiation since detailed
negotiation is out of scope. <br>
<br>
Cheers, <br>
<br>
=nat<o:p></o:p></p>
<p style='margin-left:42.0pt'><b><span style='font-size:13.5pt'>Contract
Exchange WG Charter (formally TX). </span></b><o:p></o:p></p>
<div>
<p class=MsoNormal style='margin-bottom:12.0pt'>In accordance with the OpenID
Foundation IPR policies and procedures this note proposes the formation of a
new working group chartered to produce an OpenID specification. As per
Section 4.1 of the Policies, the specifics of the proposed working group are:<br>
<br>
<br>
<b>Proposal</b>:<br>
<br>
(a) <b>Charter</b>.<o:p></o:p></p>
</div>
<p class=MsoNormal> (i) <b>WG name</b>: Contract Exchange WG
(formally Trust Exchange Extension (TX))<br>
<br>
(ii) <b>Purpose</b>: The purpose of this WG is to produce a
series of standard OpenID extension to the OpenID Authentication protocol that
enable<span style='color:navy'>s</span> arbitrary parties to create and
exchange <span style='color:navy'>a</span> mutually<span style='color:navy'>-</span>digitally<span
style='color:navy'>-</span>signed legally binding "contract" that are
both broadband and mobile friendly by defining appropriate bindings for
each use case. <o:p></o:p></p>
<p>For this purpose, (1) public key exchange, (2) signed request and response
based on the public keys, (3) content encryption based on public key, (4)
extensible data transfer method, (5) contract format, (6) notification methods
for asynchronous communications are needed to be defined. For this purpose,
this WG will explorer the possibility of using/extending OpenID Attribute
Exchange [AX] as well as defining new extensions where it may fit. <o:p></o:p></p>
<div>
<p><br>
(iii) <b>Scope</b>: <br>
<br>
Scope of the work<o:p></o:p></p>
</div>
<ul type=disc>
<li class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;
mso-list:l5 level1 lfo2'> Development of the specifications
including:<o:p></o:p></li>
</ul>
<ul type=disc>
<ul type=circle>
<li class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:
auto;mso-list:l4 level2 lfo3'>Public Key Exchange method<o:p></o:p></li>
<li class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:
auto;mso-list:l4 level2 lfo3'>A Public Key Cryptography based digital
signature method. <o:p></o:p></li>
<li class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:
auto;mso-list:l4 level2 lfo3'>Legally binding contract format. <o:p></o:p></li>
<li class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:
auto;mso-list:l4 level2 lfo3'>Query/response communication protocols for
establishing and canceling of the contract. <o:p></o:p></li>
<li class=MsoNormal style='color:navy;mso-margin-top-alt:auto;mso-margin-bottom-alt:
auto;mso-list:l4 level2 lfo3'><span style='color:windowtext'>Message
Encryption method to be used for the relevant communications. </span><o:p></o:p></li>
<li class=MsoNormal style='color:navy;mso-margin-top-alt:auto;mso-margin-bottom-alt:
auto;mso-list:l4 level2 lfo3'><span style='color:windowtext'>Notification
interface for asynchronous communications. </span><o:p></o:p></li>
<li class=MsoNormal style='color:navy;mso-margin-top-alt:auto;mso-margin-bottom-alt:
auto;mso-list:l4 level2 lfo3'><span style='color:windowtext'>Possible
extension and profiling of [AX] to accommodate the above. </span><o:p></o:p></li>
<li class=MsoNormal style='color:navy;mso-margin-top-alt:auto;mso-margin-bottom-alt:
auto;mso-list:l4 level2 lfo3'><span style='color:windowtext'>Provisions
for long term storage of the contracts. </span><o:p></o:p></li>
</ul>
</ul>
<div>
<ul type=disc>
<ul type=circle>
<li class=MsoNormal style='color:navy;mso-margin-top-alt:auto;mso-margin-bottom-alt:
auto;mso-list:l4 level2 lfo3'><span style='color:windowtext'>Conformance
requirements for other data transfer protocol bindings</span><o:p></o:p></li>
</ul>
</ul>
</div>
<div>
<ul type=disc>
<li class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;
mso-list:l0 level1 lfo4'>Security, threats and Risk analysis<o:p></o:p></li>
</ul>
<ul type=disc>
<ul type=circle>
<li class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:
auto;mso-list:l1 level2 lfo5'>Perform Security Risk analysis and profiles
for best practice<o:p></o:p></li>
</ul>
</ul>
<p> Out of scope<o:p></o:p></p>
</div>
<div>
<ul type=disc>
<li class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;
mso-list:l2 level1 lfo6'>Term negotiation: Actual negotiation of the terms
of a contract should be dealt with out-of-band or by other specifications.
<o:p></o:p></li>
</ul>
</div>
<div>
<ul type=disc>
<li class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;
mso-list:l2 level1 lfo6'>Assurance programs or other identity governance
frameworks.<o:p></o:p></li>
<li class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;
mso-list:l2 level1 lfo6'>It is the intent that this specification be
usable by any trust community, whether it uses conventional PKI
hierarchies, peer-to-peer trust mechanisms, reputation systems, or other
forms of trust assurance. The specification of any particular trust root,
trust hierarchy, or trust policy is explicitly out of scope.<o:p></o:p></li>
</ul>
</div>
<p style='margin-bottom:12.0pt'><br>
(iv) <b>Proposed</b> List of Specifications: Sries of specs
encompassing the above requirements. The actual spec may happened to be just an
expansion of AX or several news specs as it will be determined in the WG.
Expected completion of the first iteration is in Q1 2009.<o:p></o:p></p>
<div>
<p class=MsoNormal style='margin-bottom:12.0pt'><br>
<br>
(v) <b>Anticipated audience or users of the work</b>:
Implementers of OpenID Providers and Relying Parties, especially those who
require security and accountability features to exchange sensitive customer
information (e.g. personally identifiable information and credit card numbers)
responsibly among trusted parties.<br>
<br>
(vi) <b>Language</b> in which the WG will conduct business:
English.<br>
<br>
(vii) <b>Method of work</b>: E-mail discussions on the
working group mailing list, working group conference calls, and possibly
face-to-face meetings at conferences.<o:p></o:p></p>
</div>
<p class=MsoNormal> (viii) <b>Basis for determining when the work of
the WG is completed</b>: Drafts will be evaluated on the basis of whether
they increase or decrease consensus within the working group. The work
will be completed once it is apparent that maximal consensus on the drafts has
been achieved, consistent with the purpose and scope.<o:p></o:p></p>
<div>
<p class=MsoNormal><br>
<br>
(b) <b>Background Information</b>.<br>
<br>
(i) Related work being done by other WGs or organizations: <o:p></o:p></p>
</div>
<ul type=disc>
<li class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;
mso-list:l3 level1 lfo7'><a
href="http://openid.net/specs/openid-attribute-exchange-1_0.html"
target="_blank">OpenID Attribute Exchange Extension 1.0 [AX]</a><o:p></o:p></li>
</ul>
<div>
<ul type=disc>
<li class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;
mso-list:l3 level1 lfo7'><a
href="http://www.projectliberty.org/liberty/content/download/4329/28939/file/liberty-igf-draft-1.0-2008-06-21.zip"
target="_blank">LIberty Alliance Identity Governance Framework [IGF] 1.0
Draft</a> <o:p></o:p></li>
</ul>
</div>
<ul type=disc>
<li class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;
mso-list:l3 level1 lfo7'><u><span style='color:blue'>XML Advanced
Electronic Signatures [XAdES]</span></u><o:p></o:p></li>
<li class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;
mso-list:l3 level1 lfo7'><a
href="http://docs.oasis-open.org/ws-sx/ws-trust/200512/ws-trust-1.3-os.doc"
target="_blank">WS-Trust 1.3 [WS-trust] </a><o:p></o:p></li>
<li class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;
mso-list:l3 level1 lfo7'>XRI 2.0 [XRI]<o:p></o:p></li>
<li class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;
mso-list:l3 level1 lfo7'>XDI 1.0 [XDI]<o:p></o:p></li>
<li class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;
mso-list:l3 level1 lfo7'>Vendor Relationship Management [VRM]<o:p></o:p></li>
</ul>
<p style='margin-bottom:12.0pt'> <br>
(ii) Proposers:<o:p></o:p></p>
<div>
<p class=MsoNormal> Drummond Reed, <a
href="mailto:drummond.reed@parity.com" target="_blank">drummond.reed@parity.com</a>,
Cordance/Parity/OASIS (U.S.A)<br>
Henrik Biering, <a href="mailto:hb@netamia.com" target="_blank">hb@netamia.com</a>,
Netamia (Denmark)<br>
Hideki Nara, <a href="mailto:hdknr@ic-tact.co.jp" target="_blank">hdknr@ic-tact.co.jp</a>,
Tact Communications (Japan)<br>
John Bradeley, <a href="mailto:jbradley@mac.com" target="_blank">jbradley@mac.com</a>,
OASIS IDTrust Member Section (Canada)<br>
Mike Graves, <a href="mailto:mgraves@janrain.com" target="_blank">mgraves@janrain.com</a>,
JanRain, Inc. (U.S.A.)<br>
Nat Sakimura, <a href="mailto:n-sakimura@nri.co.jp" target="_blank">n-sakimura@nri.co.jp</a>,
Nomura Research Institute, Ltd.(Japan)<br>
Robert Ott, <a href="mailto:robert.ott@clavid.com" target="_blank">robert.ott@clavid.com</a>,
Clavid (Switzerland)<br>
Tatsuki Sakushima, <a href="mailto:tatsuki@nri.com" target="_blank">tatsuki@nri.com</a>,
NRI America, Ltd. (U.S.A.)<o:p></o:p></p>
</div>
<p class=MsoNormal> Toru Yamaguchi, <a
href="mailto:trymch@gmail.com" target="_blank">trymch@gmail.com</a>, <cite><span
style='font-family:"Century","serif";font-style:normal'>Cybozu</span></cite><cite><span
style='font-family:"Century","serif"'> </span></cite>Lab (Japan)<o:p></o:p></p>
<div>
<p class=MsoNormal><br>
Editors:<br>
<br>
Nat Sakimura, <a href="mailto:n-sakimura@nri.co.jp" target="_blank">n-sakimura@nri.co.jp</a>,
Nomura Research Institute, Ltd.<br>
<br>
(iii) Anticipated Contributions: <o:p></o:p></p>
</div>
<p class=MsoNormal> * <a
href="http://svn.sourceforge.jp/cgi-bin/viewcvs.cgi/*checkout*/spec/openid-trust-exchange-1_0.html?root=openidtx"
target="_blank">Sakimura, N., et. al "OpenID Trusted data eXchange
Extention Specification (draft)", Oct. 2008. [TX2008]</a>. <o:p></o:p></p>
<div>
<div>
<p> <o:p></o:p></p>
<p> <o:p></o:p></p>
<p class=MsoNormal style='margin-bottom:12.0pt'><o:p> </o:p></p>
<div>
<p class=MsoNormal>On Wed, Nov 12, 2008 at 6:39 AM, David Recordon <<a
href="mailto:drecordon@sixapart.com" target="_blank">drecordon@sixapart.com</a>>
wrote:<o:p></o:p></p>
<p class=MsoNormal>Just wanted to add that Nat is running a session on TX at
IIW this afternoon. We should definitly chat about the needs being
expressed in this thread and how they might be able to be solved with OpenID.<br>
<span style='color:#888888'><br>
--David</span><o:p></o:p></p>
<div>
<div>
<p class=MsoNormal style='margin-bottom:12.0pt'><br>
<br>
On Nov 11, 2008, at 1:13 PM, Martin Paljak wrote:<o:p></o:p></p>
<p class=MsoNormal>On 09.11.2008, at 20:51, Nat Sakimura wrote:<o:p></o:p></p>
<p class=MsoNormal>As to AX+SAML (or for that matter XAdES) is concerned, that
is a valid approach, but if I were to use SAML, I would use<o:p></o:p></p>
<p class=MsoNormal style='margin-bottom:12.0pt'><br>
Just to clarify a technical detail: The XAdES example regarding Estonia you mentioned
earlier does not include transporting XAdES payloads over OpenID AX (which
seems to be the purpose of the discussed workgroup where the similarities of
SAML over AX come in). The special behavior and out of band assurances given by
<a href="http://openid.ee" target="_blank">openid.ee</a> does not include
anything new on the protocol level, just added semantics to basic OpenID
transactions. If we could use PDF signatures as legally valid signatures in
Estonia, it could be PDF based signatures instead of XAdES, or ODF signatures,
or MS .doc signatures.<br>
<br>
FYI, <a href="http://openid.ee" target="_blank">openid.ee</a> allows a RP to
upload a contract (template) which must be agreed with and digitally signed
(legally binding signature resulting in an XAdES document with the filled in
contract signed by the user with an ID-card and stored on the OP) before the OP
starts issuing positive assertions about the given user to the given RP. The
contract could be a document of any kind (PDF, JPG, DOC, TXT) and the only
thing that is transferred to the RP over AX is a 'secret url' from where the RP
can download the signed contract (XAdES container with the possibly PDF
contract in it).<br>
<br>
The actual assurance (that the user has signed the contract the RP has
uploaded) comes from out of band agreements/contracts between OP and RP. The AX
attribute is just an extra option, if the RP wishes to automatically fetch and
store the signed contract somewhere.<br>
<br>
Basically it is an advanced and legally binding 'I agree with terms and conditions'
checkbox built on top of standard OpenID.<br>
With legally binding I mean that it is dead simple in the court: "Here are
the terms and conditions you digitally signed and which you have violated"
as checking checkboxes and pressing 'continue' is not a legally binding action
in Estonia, at least I don't know of any court cases about it.<br>
<br>
If you need an example use case, think of signing and faxing NDA-s before you
can download some simple "secret" product documentation.<br>
<br>
<br>
-- <br>
Martin Paljak<br>
<a href="http://martin.paljak.pri.ee" target="_blank">http://martin.paljak.pri.ee</a><br>
+372.515.6495<o:p></o:p></p>
<p class=MsoNormal style='margin-bottom:12.0pt'><o:p> </o:p></p>
</div>
</div>
</div>
<p class=MsoNormal><br>
<br clear=all>
<o:p></o:p></p>
</div>
</div>
<p class=MsoNormal>-- <o:p></o:p></p>
<div>
<div>
<p class=MsoNormal>Nat Sakimura (=nat)<br>
<a href="http://www.sakimura.org/en/" target="_blank">http://www.sakimura.org/en/</a><o:p></o:p></p>
</div>
</div>
</div>
<p class=MsoNormal><br>
<br clear=all>
<br>
-- <br>
Nat Sakimura (=nat)<br>
<a href="http://www.sakimura.org/en/">http://www.sakimura.org/en/</a><o:p></o:p></p>
</div>
</body>
</html>