Proposal to Create Trust Exchange (TX) Working Group

Proposal to Create the TX Working Group

Dear OpenID Specification Council members:

In accordance with the OpenID Foundation's IPR policies and procedures, this note proposes the formation of a new working group chartered to produce an OpenID specification. As per Section 4.1 of the Policies, the specifics of the proposed working group are:

Trust Exchange (TX) Extension WG Charter

Proposal

Part A: Charter

Name

(i) WG name: Trust Exchange Extension (TX)

Purpose

(ii) Purpose: The purpose of this WG is to produce a standard OpenID extension to the OpenID Authentication protocol that enables arbitrary parties to create and exchange a mutually-digitally-signed legally binding "contract". This protocol extension aims to be both broadband and mobile friendly by defining appropriate bindings for each use case.

Although this specification defines one default protocol for transfering data based on the contract, the data transfer portion is intended to be pluggable so that other protocols may also be used for this purpose.

The extension is not intended to be a general method for defining attributes; the scope is limited to a specific set of attributes necessary for contract semantics. The extension will also define a contract signature based on public key cryptography. When used with a digital certificate signed by a third party, the contract and signature can be used as an assertion of conformance to an applicable assurance program.

Scope

(iii) Scope:

Scope of the work

Development of the specification including:
- An extensible tag-value contract format
- Public Key Cryptography based digital signature method applied to the above contract format
- Query/response communication protocols for establishing the contract
- Default data transfer protocol based on the contract
- Conformance requirements for other data transfer protocol bindings
Security, threats and Risk analysis
- Perform Security Risk analysis and profiles for best practice

Out of scope

Term negotiation: Actual negotiation of the terms of a contract should be dealt with out-of-band or by other specifications.
General purpose data type identifiers: this should be determined on a per-community bases using other specifications such as OpenID Attribute Exchange.
Assurance programs or other identity governance frameworks.
It is the intent that this specification be usable by any trust community, whether it uses conventional PKI hierarchies, peer-to-peer trust mechanisms, reputation systems, or other forms of trust assurance. The specification of any particular trust root, trust hierarchy, or trust policy is explicitly out of scope.

Proposed Specifications

(iv) Proposed List of Specifications: TX 1.0, spec completion expected in January 2009.

Audience

(v) Anticipated audience or users of the work: Implementers of OpenID Providers and Relying Parties, especially those who require security and accountability features to exchange sensitive customer information (e.g., personally identifiable information and credit card numbers) responsibly among trusted parties.

Language

(vi) Language in which the WG will conduct business: English.

Method of Work

(vii) Method of work: E-mail discussions on the working group mailing list, working group conference calls, and possibly face-to-face meetings at conferences.

Evaluation Criteria

(viii) Basis for determining when the work of the WG is completed: Draft 1 will be evaluated on the basis of whether they increase or decrease consensus within the working group. The work will be completed once it is apparent that maximal consensus on the draft has been achieved, consistent with the purpose and scope.

Part B: Background Information

Related Work

(i) Related work being done by other WGs or organizations:

Liberty Alliance Identity Governance Framework (IGF) 1.0 Draft
[See: Liberty Alliance Identity Governance Framework (IGF) 1.0 Specifications, Initial Public Draft]
XML Advanced Electronic Signatures (XAdES)
[See W3C XML Advanced Electronic Signatures (XAdES) and Wikipedia]

Proposers

(ii) Proposers:

Drummond Reed, drummond.reed@parity.com, Cordance/Parity/OASIS (U.S.A)
Henrik Biering, hb@netamia.com, Netamia (Denmark)
Hideki Nara, hdknr@ic-tact.co.jp, Tact Communications (Japan)
John Bradeley, jbradley@mac.com, OASIS IDTrust Member Section (Canada)
Mike Graves, mgraves@janrain.com, JanRain, Inc. (U.S.A.)
Nat Sakimura, n-sakimura@nri.co.jp, Nomura Research Institute, Ltd.(Japan)
Robert Ott, robert.ott@clavid.com, Clavid (Switzerland)
Tatsuki Sakushima, tatsuki@nri.com, NRI America, Ltd. (U.S.A.)
Toru Yamaguchi, trymch@gmail.com, Cyboze Lab (Japan)

Editors

Nat Sakimura, n-sakimura@nri.co.jp, Nomura Research Institute, Ltd.

(iii) Anticipated Contributions:

(1) Sakimura, N., et. al "OpenID Trusted data eXchange Extention Specification (draft)", October 2008. [TX2008].

Posting to OpenID Specs List, with followups from David Recordon and Nat Sakimura...

Message-ID:  <490AEA2F.2040106@nri.co.jp>
Date:        Fri, 31 Oct 2008 20:21:19 +0900
From:        Nat Sakimura <n-sakimura@nri.co.jp>
To:          "specs@openid.net" <specs@openid.net>
Subject:     Proposal to create the TX working group

Prepared by Robin Cover for The XML Cover Pages archive.

SEARCH Advanced Search ABOUT Site Map CP RSS Channel Contact Us Sponsoring CP About Our Sponsors NEWS Cover Stories Articles & Papers Press Releases CORE STANDARDS XML SGML Schemas XSL/XSLT/XPath XLink XML Query CSS SVG TECHNOLOGY REPORTS XML Applications General Apps Government Apps Academic Apps EVENTS LIBRARY Introductions FAQs Bibliography Technology and Society Semantics Tech Topics Software Related Standards Historic	Proposal to Create Trust Exchange (TX) Working Group Proposal to Create the TX Working Group Dear OpenID Specification Council members: In accordance with the OpenID Foundation's IPR policies and procedures, this note proposes the formation of a new working group chartered to produce an OpenID specification. As per Section 4.1 of the Policies, the specifics of the proposed working group are: Trust Exchange (TX) Extension WG Charter Proposal Part A: Charter Name (i) WG name: Trust Exchange Extension (TX) Purpose (ii) Purpose: The purpose of this WG is to produce a standard OpenID extension to the OpenID Authentication protocol that enables arbitrary parties to create and exchange a mutually-digitally-signed legally binding "contract". This protocol extension aims to be both broadband and mobile friendly by defining appropriate bindings for each use case. Although this specification defines one default protocol for transfering data based on the contract, the data transfer portion is intended to be pluggable so that other protocols may also be used for this purpose. The extension is not intended to be a general method for defining attributes; the scope is limited to a specific set of attributes necessary for contract semantics. The extension will also define a contract signature based on public key cryptography. When used with a digital certificate signed by a third party, the contract and signature can be used as an assertion of conformance to an applicable assurance program. Scope (iii) Scope: Scope of the work Development of the specification including: An extensible tag-value contract format Public Key Cryptography based digital signature method applied to the above contract format Query/response communication protocols for establishing the contract Default data transfer protocol based on the contract Conformance requirements for other data transfer protocol bindings Security, threats and Risk analysis Perform Security Risk analysis and profiles for best practice Out of scope Term negotiation: Actual negotiation of the terms of a contract should be dealt with out-of-band or by other specifications. General purpose data type identifiers: this should be determined on a per-community bases using other specifications such as OpenID Attribute Exchange. Assurance programs or other identity governance frameworks. It is the intent that this specification be usable by any trust community, whether it uses conventional PKI hierarchies, peer-to-peer trust mechanisms, reputation systems, or other forms of trust assurance. The specification of any particular trust root, trust hierarchy, or trust policy is explicitly out of scope. Proposed Specifications (iv) Proposed List of Specifications: TX 1.0, spec completion expected in January 2009. Audience (v) Anticipated audience or users of the work: Implementers of OpenID Providers and Relying Parties, especially those who require security and accountability features to exchange sensitive customer information (e.g., personally identifiable information and credit card numbers) responsibly among trusted parties. Language (vi) Language in which the WG will conduct business: English. Method of Work (vii) Method of work: E-mail discussions on the working group mailing list, working group conference calls, and possibly face-to-face meetings at conferences. Evaluation Criteria (viii) Basis for determining when the work of the WG is completed: Draft 1 will be evaluated on the basis of whether they increase or decrease consensus within the working group. The work will be completed once it is apparent that maximal consensus on the draft has been achieved, consistent with the purpose and scope. Part B: Background Information Related Work (i) Related work being done by other WGs or organizations: Liberty Alliance Identity Governance Framework (IGF) 1.0 Draft [See: Liberty Alliance Identity Governance Framework (IGF) 1.0 Specifications, Initial Public Draft] XML Advanced Electronic Signatures (XAdES) [See W3C XML Advanced Electronic Signatures (XAdES) and Wikipedia] Proposers (ii) Proposers: Drummond Reed, drummond.reed@parity.com, Cordance/Parity/OASIS (U.S.A) Henrik Biering, hb@netamia.com, Netamia (Denmark) Hideki Nara, hdknr@ic-tact.co.jp, Tact Communications (Japan) John Bradeley, jbradley@mac.com, OASIS IDTrust Member Section (Canada) Mike Graves, mgraves@janrain.com, JanRain, Inc. (U.S.A.) Nat Sakimura, n-sakimura@nri.co.jp, Nomura Research Institute, Ltd.(Japan) Robert Ott, robert.ott@clavid.com, Clavid (Switzerland) Tatsuki Sakushima, tatsuki@nri.com, NRI America, Ltd. (U.S.A.) Toru Yamaguchi, trymch@gmail.com, Cyboze Lab (Japan) Editors Nat Sakimura, n-sakimura@nri.co.jp, Nomura Research Institute, Ltd. (iii) Anticipated Contributions: (1) Sakimura, N., et. al "OpenID Trusted data eXchange Extention Specification (draft)", October 2008. [TX2008]. Posting to OpenID Specs List, with followups from David Recordon and Nat Sakimura... Message-ID: <490AEA2F.2040106@nri.co.jp> Date: Fri, 31 Oct 2008 20:21:19 +0900 From: Nat Sakimura <n-sakimura@nri.co.jp> To: "specs@openid.net" <specs@openid.net> Subject: Proposal to create the TX working group Prepared by Robin Cover for The XML Cover Pages archive.