<html dir="ltr"><head>
<meta http-equiv="Content-Type" content="text/html; charset=big5">
<meta content="MSHTML 6.00.6000.16762" name="GENERATOR">
<style title="owaParaStyle">P {
MARGIN-TOP: 0px; MARGIN-BOTTOM: 0px
}
</style>
</head>
<body ocsi="x">
<div dir="ltr"><font face="Arial" color="#000000" size="2">Thanks. </font></div>
<div dir="ltr"><font face="Arial" size="2"></font> </div>
<div dir="ltr"><font face="Arial" size="2">I did not know that specs-council list is actually subscribable.
</font></div>
<div dir="ltr"><font face="Arial" size="2">I now have subscribed to it. </font></div>
<div dir="ltr"><font face="Arial" size="2"></font> </div>
<div dir="ltr"><font face="Arial" size="2">From what I see from the archive, the biggest objection seems to be the signature.
</font></div>
<div dir="ltr"><font face="Arial" size="2"></font> </div>
<div dir="ltr"><font face="Arial" size="2">> "A Public Key Cryptography based digital signature method", but isn't it already
</font></div>
<div dir="ltr"><font face="Arial"><font size="2"><font face="arial">> </font>defined how to sign chunks of XML? Why would the working group be developing
</font></font></div>
<div dir="ltr"><font face="Arial"><font size="2"><font face="arial">> </font>a new signature mechanism?<br>
</font></div>
</font>
<div dir="ltr"><font face="Arial" size="2">Let me explain on it. </font></div>
<div dir="ltr"><font face="Arial" size="2"></font> </div>
<div dir="ltr"><font face="Arial" size="2">CX is not XML based. It is tag-value based. I do not think there is any generalized public key based signature algorithm that enables one to sign tag-value based on name spaces. What is defined in OAuth comes close,
but it needs generalization as it is specific to OAuth. If there s a generalized such method, please point it to me. I understand that AuthN 2.1 would be looking at doing it. However, it is not there yet so it cannot be cited. Once it gets citable, I envision
that it will be citing it instead of incorporating it into the CX spec. </font></div>
<div dir="ltr"><font face="Arial" size="2"></font> </div>
<div dir="ltr"><font face="Arial" size="2">For other points, it would be appreciated very much if you could explicitly state the points. Then, I would be replying to them.</font></div>
<div dir="ltr"><font face="Arial" size="2"></font> </div>
<div dir="ltr"><font face="Arial" size="2">By the way, from the process point, I believe that the specs council needs to be stating one of the reason stated in "4.2 Review". It needs to be one of
</font></div>
<div dir="ltr"><font face="Arial" size="2"></font> </div>
<div dir="ltr"><font face="Arial" size="2">(a) an incomplete Proposal (i.e., failure to comply with §4.1);<br>
<br>
(b) a determination that the proposal contravenes the OpenID community's purpose;<br>
<br>
(c) a determination that the proposed WG does not have sufficient support to succeed
</font></div>
<div dir="ltr"><font face="Arial" size="2"><font face="arial"> </font>or to deliver proposed deliverables within projected completion dates; or<br>
<br>
(d) a determination that the proposal is likely to cause legal liability for the OIDF or others.<br>
<br>
On what point the current proposal falls into? </font></div>
<div dir="ltr"><font face="Arial" size="2"></font> </div>
<div dir="ltr"><font face="Arial" size="2">Regards, </font></div>
<div dir="ltr"><font face="Arial" size="2"></font> </div>
<div dir="ltr"><font face="Arial" size="2">=nat</font></div>
<div dir="ltr"><font face="Arial" size="2"></font> </div>
<div dir="ltr"><font size="2"><font face="Arial"><font> </div>
</font></font></font>
<div dir="ltr"> </div>
<div id="divRpF26306" style="DIRECTION: ltr"><font face="Arial" size="2">
<hr tabindex="-1">
</font><font face="Tahoma"><font size="2"><b>差出人:</b> David Recordon [recordond@gmail.com]<br>
<b>送信日時:</b> 2008年12月24日 2:54<br>
<b>宛先:</b> Mike Jones<br>
<b>CC:</b> Sakimura Nat; specs-council@openid.net<br>
<b>件名:</b> Re: [OIDFSC] FW: Proposal to create the TX working group<br>
</font></font><br>
</div>
<div></div>
<div>I think that's a reasonable recommendation, though would like to first approach Nat to see if the charter can be made to address these concerns and then resubmitted for review.<br>
<br>
--David<br>
<br>
<div class="gmail_quote">On Mon, Dec 22, 2008 at 9:20 PM, Mike Jones <span dir="ltr">
<<a href="mailto:Michael.Jones@microsoft.com">Michael.Jones@microsoft.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="PADDING-LEFT: 1ex; MARGIN: 0pt 0pt 0pt 0.8ex; BORDER-LEFT: rgb(204,204,204) 1px solid">
<div lang="EN-US">
<div>
<div class="Ih2E3d">
<p><span style="FONT-SIZE: 11pt; COLOR: rgb(31,73,125)">I have to agree with David that this charter is far from minimal or specific in many respects. One of my concerns is the same as David's below – when XMLDSIG and other signature algorithms already exist,
it is incumbent upon the proposers to justify the creation of yet another, incompatible signature algorithm.</span></p>
<p><span style="FONT-SIZE: 11pt; COLOR: rgb(31,73,125)"></span> </p>
<p><span style="FONT-SIZE: 11pt; COLOR: rgb(31,73,125)">It is therefore my recommendation that the specifications council communicate something like this position to the membership to guide their vote about this working group:</span></p>
<p><span style="FONT-SIZE: 11pt; COLOR: rgb(31,73,125)"></span> </p>
<p style="MARGIN-LEFT: 0.5in"><span style="FONT-SIZE: 11pt; COLOR: rgb(31,73,125)">The OpenID Specifications Council recommends that members reject this proposal to create a working group because the charter is excessively broad, it seems to propose the creation
of new mechanisms that unnecessarily create new ways to do accomplish existing tasks, such as digital signatures, and it the proposal is not sufficiently clear on whether it builds upon existing mechanisms such as AX 1.0 in a compatible manner, or whether
it requires breaking changes to these underlying protocols.</span></p>
<p><span style="FONT-SIZE: 11pt; COLOR: rgb(31,73,125)"></span> </p>
<p><span style="FONT-SIZE: 11pt; COLOR: rgb(31,73,125)">We, as a specs council, have an obligation to promptly produce a recommendation prior to the membership vote. My stab at our recommendation is above. Wordsmithing welcome. If you disagree, please supply
alternate wording that you think we should use instead.</span></p>
<p><span style="FONT-SIZE: 11pt; COLOR: rgb(31,73,125)"></span> </p>
<p><span style="FONT-SIZE: 11pt; COLOR: rgb(31,73,125)"> -- Mike</span></p>
<p><span style="FONT-SIZE: 11pt; COLOR: rgb(31,73,125)"></span> </p>
<p><span style="FONT-SIZE: 11pt; COLOR: rgb(31,73,125)"></span> </p>
</div>
<div style="BORDER-RIGHT: medium none; PADDING-RIGHT: 0in; BORDER-TOP: 1pt solid; PADDING-LEFT: 0in; PADDING-BOTTOM: 0in; BORDER-LEFT: medium none; PADDING-TOP: 3pt; BORDER-BOTTOM: medium none">
<p><b><span style="FONT-SIZE: 10pt">From:</span></b><span style="FONT-SIZE: 10pt"> David Recordon [mailto:<a href="mailto:recordond@gmail.com">recordond@gmail.com</a>]
<br>
</p>
<div class="Ih2E3d"><b>Sent:</b> Monday, December 22, 2008 10:20 AM<br>
<b>To:</b> Nat Sakimura<br>
<b>Cc:</b> Mike Jones; <a href="mailto:specs-council@openid.net">specs-council@openid.net</a><br>
</div>
<b>Subject:</b> Re: [OIDFSC] FW: Proposal to create the TX working group</span>
<p></p>
</div>
<div class="Ih2E3d">
<p> </p>
<p style="MARGIN-BOTTOM: 12pt">To update Nat's note, the proposal is actually at <a href="http://wiki.openid.net/Working_Groups%3AContract_Exchange_1" target="_blank">
http://wiki.openid.net/Working_Groups%3AContract_Exchange_1</a> (the wiki doesn't like periods in URLs).<br>
<br>
While the number of specifications listed has been reduced, it still feels nebulous in terms of what will be produced as laid out by the purpose and scope. For example, the scope says that the working group will develop "A Public Key Cryptography based digital
signature method", but isn't it already defined how to sign chunks of XML? Why would the working group be developing a new signature mechanism?<br>
<br>
--David</p>
</div>
<div>
<div class="Ih2E3d">
<p>On Thu, Dec 18, 2008 at 9:09 PM, Nat Sakimura <<a href="mailto:n-sakimura@nri.co.jp">n-sakimura@nri.co.jp</a>> wrote:</p>
<p>The most current version is here: <a href="http://wiki.openid.net/Working_Groups:Contract_Exchange_1.0" target="_blank">
http://wiki.openid.net/Working_Groups:Contract_Exchange_1.0</a><br>
<br>
Since AX 2.0 WG is spinning up, I have removed it from the possible output of this WG.<br>
<br>
=nat<br>
<br>
Mike Jones wrote:</p>
</div>
<div>
<div class="Ih2E3d">
<p style="MARGIN-BOTTOM: 12pt"><br>
Forwarding this note to the list to kick off the actual specs council work on this spec…<br>
<br>
</p>
</div>
<p style="MARGIN-BOTTOM: 12pt"><span style="FONT-SIZE: 11pt; COLOR: rgb(31,73,125)">[Deleted the rest of the thread to bring the message below the current 40K list size limit]</span></p>
</div>
</div>
<p> </p>
</div>
</div>
</blockquote>
</div>
<br>
</div>
</body>
</html>