Contract Exchange Working Group
The purpose of this WG is to produce a standard OpenID extension to the OpenID Authentication protocol that enables arbitrary parties to create and exchange a mutually-digitally-signed “contract”. This contract can be both broadband and mobile friendly through appropriate bindings that will be defined for each use case.
Scope of the work
Development of a specification that allows parties to exchange a mutually-digitally-signed contract leveraging on OpenID Authentication 2.0 and OpenID Attribute Exchange 2.0 via the appropriate bindings defined in the specification.
Out of scope
- UI and user experience: The Working Group will develop the wire protocol and and any related processing mechanisms required to support it but user interface and experience is out of scope.
- Public Key Discovery method: This functionality will be either defined in the XRD 1.0 specification currently in progress at the OASIS XRI TC or a mechanism that works with OpenID Authentication 2.0/2.1 discovery will be defined independently.
- Terms negotiation: Actual negotiation of the terms of a contract should be dealt with out-of-band or by other specifications.
- Assurance: These will be handled by third-party assurance programs or other identity governance frameworks.
- Trust hierarchies. It is the intent that this specification be usable by any trust community, whether it uses conventional PKI hierarchies, peer-to-peer trust mechanisms, reputation systems, or other forms of trust assurance. The specification of any particular trust root, trust hierarchy, or trust policy is explicitly out of scope.
- Contract Exchange 1.0
Expected completion of the first iteration is in Q1 2009.
Implementers of OpenID Providers and Relying Parties, especially those who require security and accountability features to exchange sensitive customer information (e.g. personally identifiable information and credit card numbers) responsibly among trusted parties.
E-mail discussions on the working group mailing list, working group conference calls, and possibly face-to-face meetings at conferences.
Drafts will be evaluated on the basis of whether they increase or decrease consensus within the working group. The work will be completed once it is apparent that maximal consensus on the drafts has been achieved, consistent with the purpose and scope.
- OpenID Authentication 2.1 [AN]
- OpenID Attribute Exchange Extension 2.0 [AX]
- LIberty Alliance Identity Governance Framework [IGF] 1.0 Draft
- XML Advanced Electronic Signatures [XAdES]
- WS-Trust 1.3 [WS-trust]
- XRI 2.0 and XRI 3.0 [XRI]
- XRD 1.0 [XRI]
- XDI 1.0 [XDI]
- Vendor Relationship Management [VRM]
- Drummond Reed, =drummond, email@example.com, Cordance/Parity/OASIS (U.S.A)
- Henrik Biering, firstname.lastname@example.org, Netamia (Denmark)
- Hideki Nara, email@example.com, Tact Communications (Japan)
- John Bradeley, firstname.lastname@example.org, OASIS IDTrust Member Section (Canada)
- Mike Graves, email@example.com, JanRain, Inc. (U.S.A.)
- Nat Sakimura, firstname.lastname@example.org, Nomura Research Institute, Ltd.(Japan)
- Robert Ott, email@example.com, Clavid (Switzerland)
- Tatsuki Sakushima, firstname.lastname@example.org, NRI America, Inc. (U.S.A.)
- Toru Yamaguchi, email@example.com, DeNA Co. Ltd. (Japan)
Nat Sakimura, firstname.lastname@example.org, Nomura Research Institute, Ltd.
- Sakimura, N., et. al “OpenID Trusted data eXchange Extention Specification (draft)”, Oct. 2008. [TX2008].