<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:x="urn:schemas-microsoft-com:office:excel" xmlns:p="urn:schemas-microsoft-com:office:powerpoint" xmlns:a="urn:schemas-microsoft-com:office:access" xmlns:dt="uuid:C2F41010-65B3-11d1-A29F-00AA00C14882" xmlns:s="uuid:BDC6E3F0-6DA3-11d1-A2A3-00AA00C14882" xmlns:rs="urn:schemas-microsoft-com:rowset" xmlns:z="#RowsetSchema" xmlns:b="urn:schemas-microsoft-com:office:publisher" xmlns:ss="urn:schemas-microsoft-com:office:spreadsheet" xmlns:c="urn:schemas-microsoft-com:office:component:spreadsheet" xmlns:odc="urn:schemas-microsoft-com:office:odc" xmlns:oa="urn:schemas-microsoft-com:office:activation" xmlns:html="http://www.w3.org/TR/REC-html40" xmlns:q="http://schemas.xmlsoap.org/soap/envelope/" xmlns:D="DAV:" xmlns:x2="http://schemas.microsoft.com/office/excel/2003/xml" xmlns:ois="http://schemas.microsoft.com/sharepoint/soap/ois/" xmlns:dir="http://schemas.microsoft.com/sharepoint/soap/directory/" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:dsp="http://schemas.microsoft.com/sharepoint/dsp" xmlns:udc="http://schemas.microsoft.com/data/udc" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:sub="http://schemas.microsoft.com/sharepoint/soap/2002/1/alerts/" xmlns:ec="http://www.w3.org/2001/04/xmlenc#" xmlns:sp="http://schemas.microsoft.com/sharepoint/" xmlns:sps="http://schemas.microsoft.com/sharepoint/soap/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:udcxf="http://schemas.microsoft.com/data/udc/xmlfile" xmlns:wf="http://schemas.microsoft.com/sharepoint/soap/workflow/" xmlns:mver="http://schemas.openxmlformats.org/markup-compatibility/2006" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns:mrels="http://schemas.openxmlformats.org/package/2006/relationships" xmlns:ex12t="http://schemas.microsoft.com/exchange/services/2006/types" xmlns:ex12m="http://schemas.microsoft.com/exchange/services/2006/messages" xmlns:Z="urn:schemas-microsoft-com:" xmlns:st="" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv=Content-Type content="text/html; charset=us-ascii">
<meta name=Generator content="Microsoft Word 12 (filtered medium)">
<style>
<!--
/* Font Definitions */
@font-face
{font-family:Century;
panose-1:2 4 6 4 5 5 5 2 3 4;}
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Tahoma;
panose-1:2 11 6 4 3 5 4 4 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Times New Roman","serif";}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
p
{mso-style-priority:99;
mso-margin-top-alt:auto;
margin-right:0in;
mso-margin-bottom-alt:auto;
margin-left:0in;
font-size:12.0pt;
font-family:"Times New Roman","serif";}
span.EmailStyle19
{mso-style-type:personal-reply;
font-family:"Calibri","sans-serif";
color:#1F497D;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page Section1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.Section1
{page:Section1;}
/* List Definitions */
@list l0
{mso-list-id:1246551;
mso-list-template-ids:797593910;}
@list l0:level1
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l0:level2
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:1.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:"Courier New";
mso-bidi-font-family:"Times New Roman";}
@list l1
{mso-list-id:210044314;
mso-list-template-ids:794583020;}
@list l1:level1
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l2
{mso-list-id:452679847;
mso-list-template-ids:-1751478998;}
@list l2:level1
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l3
{mso-list-id:1071003601;
mso-list-template-ids:-140715090;}
@list l3:level1
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l3:level2
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:1.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:"Courier New";
mso-bidi-font-family:"Times New Roman";}
@list l4
{mso-list-id:1252854319;
mso-list-template-ids:-567008190;}
@list l4:level1
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l5
{mso-list-id:1411275380;
mso-list-template-ids:-1264129024;}
@list l5:level1
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
ol
{margin-bottom:0in;}
ul
{margin-bottom:0in;}
-->
</style>
<!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang=EN-US link=blue vlink=purple style='word-wrap: break-word;
-webkit-nbsp-mode: space;-webkit-line-break: after-white-space'>
<div class=Section1>
<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'>(forwarding David’s message on this topic to the specs-council
list as well)<o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'><o:p> </o:p></span></p>
<div>
<div style='border:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt 0in 0in 0in'>
<p class=MsoNormal><b><span style='font-size:10.0pt;font-family:"Tahoma","sans-serif"'>From:</span></b><span
style='font-size:10.0pt;font-family:"Tahoma","sans-serif"'> specs-bounces@openid.net
[mailto:specs-bounces@openid.net] <b>On Behalf Of </b>David Recordon<br>
<b>Sent:</b> Wednesday, December 03, 2008 11:52 PM<br>
<b>To:</b> Nat Sakimura<br>
<b>Cc:</b> Dick Hardt; OpenID Specs Mailing List<br>
<b>Subject:</b> Re: Proposal to create the TX working group<o:p></o:p></span></p>
</div>
</div>
<p class=MsoNormal><o:p> </o:p></p>
<p class=MsoNormal>Hi Nat,<o:p></o:p></p>
<div>
<p class=MsoNormal>Mike Jones just pointed out that the Steward Council hadn't
yet caught this email which I apologize for.<o:p></o:p></p>
</div>
<div>
<p class=MsoNormal><o:p> </o:p></p>
</div>
<div>
<p class=MsoNormal>I have two concerns with this charter:<o:p></o:p></p>
</div>
<div>
<p class=MsoNormal>1) It appears the WG is going to deliver 9
specifications with a list that isn't clear about what each specification will
do and how they relate. Past approved WG proposals (as well as the
current drafts) have had a very clear set of deliverables.<o:p></o:p></p>
</div>
<div>
<p class=MsoNormal>2) While discussed heavily at IIW, this proposal still does
not clearly seem build on top of the AX specification. The current OpenID
specifications very clearly fit together and build atop each other and this one
should be no different.<o:p></o:p></p>
</div>
<div>
<p class=MsoNormal><o:p> </o:p></p>
</div>
<div>
<p class=MsoNormal>I'm working on figuring out how to have the Stewards
Council recommendation created on a public mailing list, but felt it
worthwhile to share my opinions here until that happens.<o:p></o:p></p>
</div>
<div>
<p class=MsoNormal><o:p> </o:p></p>
</div>
<div>
<p class=MsoNormal>--David<o:p></o:p></p>
</div>
<div>
<p class=MsoNormal><o:p> </o:p></p>
<div>
<div>
<p class=MsoNormal>On Nov 13, 2008, at 8:40 AM, Nat Sakimura wrote:<o:p></o:p></p>
</div>
<p class=MsoNormal><br>
<br>
<o:p></o:p></p>
<p class=MsoNormal style='margin-bottom:12.0pt'>I was pointed out by Dick that
"Key Exchnage" really should be "Key Discovery". I agree.
So, I would do s/Key Exchange/Key Discovery/g. <br>
<br>
Cheers, <br>
<br>
=nat<o:p></o:p></p>
<div>
<p class=MsoNormal>On Thu, Nov 13, 2008 at 4:02 PM, Nat Sakimura <<a
href="mailto:sakimura@gmail.com">sakimura@gmail.com</a>> wrote:<o:p></o:p></p>
<p class=MsoNormal style='margin-bottom:12.0pt'>Hi. <br>
<br>
Here is the modified version of the charter based on the discussion at IIW. I
chose Contract Exchange instead of Contract Negotiation since detailed
negotiation is out of scope. <br>
<br>
Cheers, <br>
<br>
=nat<o:p></o:p></p>
<p style='margin-left:42.0pt'><b><span style='font-size:13.5pt'>Contract
Exchange WG Charter (formally TX). </span></b><o:p></o:p></p>
<div>
<p class=MsoNormal style='margin-bottom:12.0pt'>In accordance with the OpenID
Foundation IPR policies and procedures this note proposes the formation of a
new working group chartered to produce an OpenID specification. As per
Section 4.1 of the Policies, the specifics of the proposed working group are:<br>
<br>
<br>
<b>Proposal</b>:<br>
<br>
(a) <b>Charter</b>.<o:p></o:p></p>
</div>
<p class=MsoNormal> (i) <b>WG name</b>: Contract Exchange WG
(formally Trust Exchange Extension (TX))<br>
<br>
(ii) <b>Purpose</b>: The purpose of this WG is to produce a
series of standard OpenID extension to the OpenID Authentication protocol that
enable<span style='color:navy'>s</span> arbitrary parties to create and
exchange <span style='color:navy'>a</span> mutually<span style='color:navy'>-</span>digitally<span
style='color:navy'>-</span>signed legally binding "contract" that are
both broadband and mobile friendly by defining appropriate bindings for
each use case. <o:p></o:p></p>
<p>For this purpose, (1) public key exchange, (2) signed request and response
based on the public keys, (3) content encryption based on public key, (4)
extensible data transfer method, (5) contract format, (6) notification methods
for asynchronous communications are needed to be defined. For this purpose,
this WG will explorer the possibility of using/extending OpenID Attribute
Exchange [AX] as well as defining new extensions where it may fit. <o:p></o:p></p>
<div>
<p><br>
(iii) <b>Scope</b>: <br>
<br>
Scope of the work<o:p></o:p></p>
</div>
<ul type=disc>
<li class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;
mso-list:l2 level1 lfo1'> Development of the specifications
including:<o:p></o:p></li>
</ul>
<ul type=disc>
<ul type=circle>
<li class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:
auto;mso-list:l0 level2 lfo2'>Public Key Exchange method<o:p></o:p></li>
<li class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:
auto;mso-list:l0 level2 lfo2'>A Public Key Cryptography based digital
signature method. <o:p></o:p></li>
<li class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:
auto;mso-list:l0 level2 lfo2'>Legally binding contract format. <o:p></o:p></li>
<li class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:
auto;mso-list:l0 level2 lfo2'>Query/response communication protocols for
establishing and canceling of the contract. <o:p></o:p></li>
<li class=MsoNormal style='color:navy;mso-margin-top-alt:auto;mso-margin-bottom-alt:
auto;mso-list:l0 level2 lfo2'><span style='color:windowtext'>Message Encryption
method to be used for the relevant communications. </span><o:p></o:p></li>
<li class=MsoNormal style='color:navy;mso-margin-top-alt:auto;mso-margin-bottom-alt:
auto;mso-list:l0 level2 lfo2'><span style='color:windowtext'>Notification
interface for asynchronous communications. </span><o:p></o:p></li>
<li class=MsoNormal style='color:navy;mso-margin-top-alt:auto;mso-margin-bottom-alt:
auto;mso-list:l0 level2 lfo2'><span style='color:windowtext'>Possible
extension and profiling of [AX] to accommodate the above. </span><o:p></o:p></li>
<li class=MsoNormal style='color:navy;mso-margin-top-alt:auto;mso-margin-bottom-alt:
auto;mso-list:l0 level2 lfo2'><span style='color:windowtext'>Provisions
for long term storage of the contracts. </span><o:p></o:p></li>
</ul>
</ul>
<div>
<ul type=disc>
<ul type=circle>
<li class=MsoNormal style='color:navy;mso-margin-top-alt:auto;mso-margin-bottom-alt:
auto;mso-list:l0 level2 lfo2'><span style='color:windowtext'>Conformance
requirements for other data transfer protocol bindings</span><o:p></o:p></li>
</ul>
</ul>
</div>
<div>
<ul type=disc>
<li class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;
mso-list:l4 level1 lfo3'>Security, threats and Risk analysis<o:p></o:p></li>
</ul>
<ul type=disc>
<ul type=circle>
<li class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:
auto;mso-list:l3 level2 lfo4'>Perform Security Risk analysis and profiles
for best practice<o:p></o:p></li>
</ul>
</ul>
<p> Out of scope<o:p></o:p></p>
</div>
<div>
<ul type=disc>
<li class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;
mso-list:l5 level1 lfo5'>Term negotiation: Actual negotiation of the terms
of a contract should be dealt with out-of-band or by other specifications.
<o:p></o:p></li>
</ul>
</div>
<div>
<ul type=disc>
<li class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;
mso-list:l5 level1 lfo5'>Assurance programs or other identity governance
frameworks.<o:p></o:p></li>
<li class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;
mso-list:l5 level1 lfo5'>It is the intent that this specification be
usable by any trust community, whether it uses conventional PKI
hierarchies, peer-to-peer trust mechanisms, reputation systems, or other
forms of trust assurance. The specification of any particular trust root,
trust hierarchy, or trust policy is explicitly out of scope.<o:p></o:p></li>
</ul>
</div>
<p style='margin-bottom:12.0pt'><br>
(iv) <b>Proposed</b> List of Specifications: Sries of specs
encompassing the above requirements. The actual spec may happened to be just an
expansion of AX or several news specs as it will be determined in the WG.
Expected completion of the first iteration is in Q1 2009.<o:p></o:p></p>
<div>
<p class=MsoNormal style='margin-bottom:12.0pt'><br>
<br>
(v) <b>Anticipated audience or users of the work</b>: Implementers
of OpenID Providers and Relying Parties, especially those who require security
and accountability features to exchange sensitive customer information (e.g.
personally identifiable information and credit card numbers) responsibly among
trusted parties.<br>
<br>
(vi) <b>Language</b> in which the WG will conduct business:
English.<br>
<br>
(vii) <b>Method of work</b>: E-mail discussions on the
working group mailing list, working group conference calls, and possibly
face-to-face meetings at conferences.<o:p></o:p></p>
</div>
<p class=MsoNormal> (viii) <b>Basis for determining when the work of
the WG is completed</b>: Drafts will be evaluated on the basis of whether
they increase or decrease consensus within the working group. The work
will be completed once it is apparent that maximal consensus on the drafts has
been achieved, consistent with the purpose and scope.<o:p></o:p></p>
<div>
<p class=MsoNormal><br>
<br>
(b) <b>Background Information</b>.<br>
<br>
(i) Related work being done by other WGs or organizations: <o:p></o:p></p>
</div>
<ul type=disc>
<li class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;
mso-list:l1 level1 lfo6'><a
href="http://openid.net/specs/openid-attribute-exchange-1_0.html"
target="_blank">OpenID Attribute Exchange Extension 1.0 [AX]</a><o:p></o:p></li>
</ul>
<div>
<ul type=disc>
<li class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;
mso-list:l1 level1 lfo6'><a
href="http://www.projectliberty.org/liberty/content/download/4329/28939/file/liberty-igf-draft-1.0-2008-06-21.zip"
target="_blank">LIberty Alliance Identity Governance Framework [IGF] 1.0
Draft</a> <o:p></o:p></li>
</ul>
</div>
<ul type=disc>
<li class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;
mso-list:l1 level1 lfo6'><u><span style='color:blue'>XML Advanced
Electronic Signatures [XAdES]</span></u><o:p></o:p></li>
<li class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;
mso-list:l1 level1 lfo6'><a
href="http://docs.oasis-open.org/ws-sx/ws-trust/200512/ws-trust-1.3-os.doc"
target="_blank">WS-Trust 1.3 [WS-trust] </a><o:p></o:p></li>
<li class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;
mso-list:l1 level1 lfo6'>XRI 2.0 [XRI]<o:p></o:p></li>
<li class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;
mso-list:l1 level1 lfo6'>XDI 1.0 [XDI]<o:p></o:p></li>
<li class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;
mso-list:l1 level1 lfo6'>Vendor Relationship Management [VRM]<o:p></o:p></li>
</ul>
<p style='margin-bottom:12.0pt'> <br>
(ii) Proposers:<o:p></o:p></p>
<div>
<p class=MsoNormal> Drummond Reed, <a
href="mailto:drummond.reed@parity.com" target="_blank">drummond.reed@parity.com</a>,
Cordance/Parity/OASIS (U.S.A)<br>
Henrik Biering, <a href="mailto:hb@netamia.com" target="_blank">hb@netamia.com</a>,
Netamia (Denmark)<br>
Hideki Nara, <a href="mailto:hdknr@ic-tact.co.jp" target="_blank">hdknr@ic-tact.co.jp</a>,
Tact Communications (Japan)<br>
John Bradeley, <a href="mailto:jbradley@mac.com" target="_blank">jbradley@mac.com</a>,
OASIS IDTrust Member Section (Canada)<br>
Mike Graves, <a href="mailto:mgraves@janrain.com" target="_blank">mgraves@janrain.com</a>,
JanRain, Inc. (U.S.A.)<br>
Nat Sakimura, <a href="mailto:n-sakimura@nri.co.jp" target="_blank">n-sakimura@nri.co.jp</a>,
Nomura Research Institute, Ltd.(Japan)<br>
Robert Ott, <a href="mailto:robert.ott@clavid.com" target="_blank">robert.ott@clavid.com</a>,
Clavid (Switzerland)<br>
Tatsuki Sakushima, <a href="mailto:tatsuki@nri.com" target="_blank">tatsuki@nri.com</a>,
NRI America, Ltd. (U.S.A.)<o:p></o:p></p>
</div>
<p class=MsoNormal> Toru Yamaguchi, <a
href="mailto:trymch@gmail.com" target="_blank">trymch@gmail.com</a>, <cite><span
style='font-family:"Century","serif";font-style:normal'>Cybozu</span></cite><cite><span
style='font-family:"Century","serif"'> </span></cite>Lab (Japan)<o:p></o:p></p>
<div>
<p class=MsoNormal><br>
Editors:<br>
<br>
Nat Sakimura, <a href="mailto:n-sakimura@nri.co.jp" target="_blank">n-sakimura@nri.co.jp</a>,
Nomura Research Institute, Ltd.<br>
<br>
(iii) Anticipated Contributions: <o:p></o:p></p>
</div>
<p class=MsoNormal> * <a
href="http://svn.sourceforge.jp/cgi-bin/viewcvs.cgi/*checkout*/spec/openid-trust-exchange-1_0.html?root=openidtx"
target="_blank">Sakimura, N., et. al "OpenID Trusted data eXchange
Extention Specification (draft)", Oct. 2008. [TX2008]</a>. <o:p></o:p></p>
<div>
<div>
<div>
<p class=MsoNormal> <o:p></o:p></p>
</div>
<p class=MsoNormal><o:p> </o:p></p>
<div>
<p class=MsoNormal> <o:p></o:p></p>
</div>
<p class=MsoNormal style='margin-bottom:12.0pt'><o:p> </o:p></p>
<div>
<p class=MsoNormal>On Wed, Nov 12, 2008 at 6:39 AM, David Recordon <<a
href="mailto:drecordon@sixapart.com" target="_blank">drecordon@sixapart.com</a>>
wrote:<o:p></o:p></p>
<p class=MsoNormal>Just wanted to add that Nat is running a session on TX at
IIW this afternoon. We should definitly chat about the needs being
expressed in this thread and how they might be able to be solved with OpenID.<br>
<span style='color:#888888'><br>
--David</span><o:p></o:p></p>
<div>
<div>
<p class=MsoNormal style='margin-bottom:12.0pt'><br>
<br>
On Nov 11, 2008, at 1:13 PM, Martin Paljak wrote:<o:p></o:p></p>
<p class=MsoNormal>On 09.11.2008, at 20:51, Nat Sakimura wrote:<o:p></o:p></p>
<p class=MsoNormal>As to AX+SAML (or for that matter XAdES) is concerned, that
is a valid approach, but if I were to use SAML, I would use<o:p></o:p></p>
<p class=MsoNormal style='margin-bottom:12.0pt'><br>
Just to clarify a technical detail: The XAdES example regarding Estonia you
mentioned earlier does not include transporting XAdES payloads over OpenID AX
(which seems to be the purpose of the discussed workgroup where the
similarities of SAML over AX come in). The special behavior and out of band
assurances given by <a href="http://openid.ee" target="_blank">openid.ee</a>
does not include anything new on the protocol level, just added semantics to
basic OpenID transactions. If we could use PDF signatures as legally valid
signatures in Estonia, it could be PDF based signatures instead of XAdES, or
ODF signatures, or MS .doc signatures.<br>
<br>
FYI, <a href="http://openid.ee" target="_blank">openid.ee</a> allows a RP to
upload a contract (template) which must be agreed with and digitally signed
(legally binding signature resulting in an XAdES document with the filled in
contract signed by the user with an ID-card and stored on the OP) before the OP
starts issuing positive assertions about the given user to the given RP. The
contract could be a document of any kind (PDF, JPG, DOC, TXT) and the only
thing that is transferred to the RP over AX is a 'secret url' from where the RP
can download the signed contract (XAdES container with the possibly PDF
contract in it).<br>
<br>
The actual assurance (that the user has signed the contract the RP has
uploaded) comes from out of band agreements/contracts between OP and RP. The AX
attribute is just an extra option, if the RP wishes to automatically fetch and
store the signed contract somewhere.<br>
<br>
Basically it is an advanced and legally binding 'I agree with terms and
conditions' checkbox built on top of standard OpenID.<br>
With legally binding I mean that it is dead simple in the court: "Here are
the terms and conditions you digitally signed and which you have violated"
as checking checkboxes and pressing 'continue' is not a legally binding action
in Estonia, at least I don't know of any court cases about it.<br>
<br>
If you need an example use case, think of signing and faxing NDA-s before you
can download some simple "secret" product documentation.<br>
<br>
<br>
-- <br>
Martin Paljak<br>
<a href="http://martin.paljak.pri.ee" target="_blank">http://martin.paljak.pri.ee</a><br>
+372.515.6495<o:p></o:p></p>
<p class=MsoNormal style='margin-bottom:12.0pt'><o:p> </o:p></p>
</div>
</div>
</div>
<p class=MsoNormal><br>
<br clear=all>
<o:p></o:p></p>
</div>
</div>
<p class=MsoNormal>-- <o:p></o:p></p>
<div>
<div>
<p class=MsoNormal>Nat Sakimura (=nat)<br>
<a href="http://www.sakimura.org/en/" target="_blank">http://www.sakimura.org/en/</a><o:p></o:p></p>
</div>
</div>
</div>
<p class=MsoNormal><br>
<br clear=all>
<br>
-- <br>
Nat Sakimura (=nat)<br>
<a href="http://www.sakimura.org/en/">http://www.sakimura.org/en/</a><o:p></o:p></p>
</div>
<p class=MsoNormal><o:p> </o:p></p>
</div>
</div>
</body>
</html>