[OpenID] RP library authors

> The GSA profile for openID is available at:
>
> http://www.idmanagement.gov/documents/ICAM_OpenID20Profile.pdf
>
> Many things that are SHOULD in the openID 2.0 spec are now MUST in the
> profile.
>
> There are new PAPE URI and other modifications.
>
> Most of the OP's supporting the profile will not be restricting it to
> only Gov RP's.
>
> Any RP may elect to use all or parts of this new profile for any purpose
> they choose.
>
> Also any OP is free to support it wether or not they are on the GSA
> whitelist.
>
> To get on the GSA white-list OP's must support the profile and be
> audited against a Trust Framework.  The OIDF has information available
> an applying through it's program.
>
> There are quite a number of requirements on the RP side, that need to be
> met.
>
> The sooner these features are in libraries the sooner government
> agencies can move ahead with deployments.
>
> If there is interest we can set up a google group where developers can
> get there questions on implementing the profile answered.
>
> If I can get to IIW in Nov,  I would like to organize a session on this
> for people.
>
> There will be revisions to the profile in the future as we all gain
> experience.
>
> The people who worked on the profile tried to profile only the existing
> specifications as written without inventing anything incompatible with
> existing implementations.
>
> The GSA's goal is to enable as many existing identities as possible to
> have access to govenment resources without making people create new
> username and password accounts at each of the thousands  of potential RP
> sites.
>
> Extra attention was taken to allow openID to be used without divulging
> ANY PII to the government.
> This includes the use of a Pseudonymous openID identifier to allow sites
> that can take no PII or do any correlation to still use openID.
>
> The regulation on this is quite strict.  We could not convert the ID to
> a pseudonym on the RP side and adhere to the regulation.
>
> We hope that the profile maximizes participation of OP's and RPs alike,
> while not placing insurmountable burdens on developers.
>
> RP's and OP's that don't intend to make use of the profile need to make
> no changes at all.
>
> I regret bot being able to share more of this with you sooner.  The OIDF
> and the other foundations were requested not to discuss this publicly
> until after the government announcements.
>
> Regards
> John Bradley
>
>
>
> _______________________________________________
> specs mailing list
> specs@...
> http://lists.openid.net/mailman/listinfo/openid-specs
>

> Hi John,
>
> The document misses a reference to the PAPE spec in Appendix D.
> Is that done on purpose until some errors in the spec will be fixed?
>
> Tatsuki
>
> Tatsuki Sakushima
> NRI Pacific - Nomura Research Institute America, Inc.
>
> (9/11/09 8:49 AM), John Bradley wrote:
>> The GSA profile for openID is available at:
>> http://www.idmanagement.gov/documents/ICAM_OpenID20Profile.pdf
>> Many things that are SHOULD in the openID 2.0 spec are now MUST in  
>> the profile.
>> There are new PAPE URI and other modifications.
>> Most of the OP's supporting the profile will not be restricting it  
>> to only Gov RP's.
>> Any RP may elect to use all or parts of this new profile for any  
>> purpose they choose.
>> Also any OP is free to support it wether or not they are on the GSA  
>> whitelist.
>> To get on the GSA white-list OP's must support the profile and be  
>> audited against a Trust Framework.  The OIDF has information  
>> available an applying through it's program.
>> There are quite a number of requirements on the RP side, that need  
>> to be met.
>> The sooner these features are in libraries the sooner government  
>> agencies can move ahead with deployments.
>> If there is interest we can set up a google group where developers  
>> can get there questions on implementing the profile answered.
>> If I can get to IIW in Nov,  I would like to organize a session on  
>> this for people.
>> There will be revisions to the profile in the future as we all gain  
>> experience.
>> The people who worked on the profile tried to profile only the  
>> existing specifications as written without inventing anything  
>> incompatible with existing implementations.
>> The GSA's goal is to enable as many existing identities as possible  
>> to have access to govenment resources without making people create  
>> new username and password accounts at each of the thousands  of  
>> potential RP sites.
>> Extra attention was taken to allow openID to be used without  
>> divulging ANY PII to the government.
>> This includes the use of a Pseudonymous openID identifier to allow  
>> sites that can take no PII or do any correlation to still use openID.
>> The regulation on this is quite strict.  We could not convert the  
>> ID to a pseudonym on the RP side and adhere to the regulation.
>> We hope that the profile maximizes participation of OP's and RPs  
>> alike, while not placing insurmountable burdens on developers.
>> RP's and OP's that don't intend to make use of the profile need to  
>> make no changes at all.
>> I regret bot being able to share more of this with you sooner.  The  
>> OIDF and the other foundations were requested not to discuss this  
>> publicly until after the government announcements.
>> Regards
>> John Bradley
>> _______________________________________________
>> specs mailing list
>> specs@...
>> http://lists.openid.net/mailman/listinfo/openid-specs