The election result is now published.
It is at OpenID Board Election Results

Snorri Giorgetti, me, Chris Messina, David Recordon received two year terms and Eric Sachs, Scott Kveton, and Brian Kissel  received one year terms.

I would like to thank all of you for your support to elect me to the two years term.

For those of you who may not be famillier with those people, Snorri has been the main engine for the OpenID in Europe. He established OpenID Europe and has helped over 30 country level chapters to get establisehd in Europe. So, he has been an European counterpart to me (I being co-founding OpenID Japan.)

Chris is running Citizen Agency, and works on DiSo project facilitating the development of “OpenStack” for the social web. Together with David, he is also involved in OpenWeb foundation.

David has been a spokes person for the OpenID community at large, so you probably know.

Eric is heavily involved in the usability side of OpenID. Google’s study of it together with Yahoo! study has been regarded as one of the main input in this field.

Scott is a co-founder and the current chairman of OIDF. He brings with him his 12 years of experience building technology, developing business
strategy and leading engineering teams with companies like Amazon.com,
Rulespace, JanRain and now Vidoop to this community.

Brian has been a real work horse behind the scene. He has been Chairman of the Marketing Committee, co-founded the Customer Research
Committee among other things. We have seen significant increase in the work around OpenID Foundation recently, and that is partly because of his devotion.

I believe OpenID is entering a new phase, and am really excited by the new board. It is international, balanced, and committed. Together with the membership and the community, I am hoping to further advance the UCI.

On Dec. 22, Tokyo IT Newspaper published this year’s buzz word ranking. (http://itnp.net/category_betsu/24/2167/)

The ranking is done in Sumo Ranking style and They are Ranked as “Yokozuna (Grand Champion)”, “Ozeki (Champion, 2nd highest rank)”, “Sekiwake (Junior Champion, 3rd highest rank)” etc.

This year, Yokozuna was iPhone, which was no surprise since it was the first year in Japan. Ozeki was Google Street View, which is no surprise either.

What surprised me though was the 3rd highest rank, Sekiwake, which turned out to be OpenID. It ranked higher than NetBooks (eePCs etc.) or Google Chrome, etc.

Anyhow, it is good to hear something that is assuring our activity.

Here is the complete ranking (Sorry it is in Japanese…)

OpenID Foundation board election is going on till Dec. 24.

I have posted details and my candidacy statement here.

Please have a look.

By the way, here is my picture. This is from my TV appearance.

Since Oct. 30, OpenID Foundation Japan have added 9 corporate members. Many of them are very large corporations. (Since some of them do not want to be identified in public, and I do not have a list who is not, so I am not quoting their names here.) Now, it has 41 corporate members.

The members list is not updated yet, but I expect that it will be pretty soon.

Right after the BizDay #1, Nat rushed to this meeting to give his presentation this council.
This council is supposed to create a national guideline for e-Gov and possibly to the private sector for the usability and identity assurance. Prof. Sudo, an advisor to OIDF-J, is the chairman of this council. (Mr. Mitsushio, a member of OIDF-J, and the leader of the security working group of CIO aide of ministries, is another member of the council.)

For details, see http://www.kantei.go.jp/jp/singi/it2/guide/index.html (Sorry, it is in Japanese.)

The Agenda was as follows:

1. Opening Remarks
2. Status of E-Sigs usage
3. On the “Inference articles” of the e-sig and authentication law.
4. Technical Trends in the technologies that impacts user interface
 4.1 SmartCards and NFC phones
 4.2 Web SSO

I could only attend 4.2 (i.e., my speech) because of BizDay #1 obligation, so I cannot report on anything but my speech and discussion followed it. My presentation was on OpenID and SAML including PAPE and CX proposal, and gave several case studies as well. It was very well accepted. In the following discussion, the importance of the NIST SP800-63 style assurance framework and guidelines that can be used across government and private sectors were noted.

IMHO, this kind of activity is very important for OpenID adoption. There are many companies hesitant to become an RP because the assurance level and legal implication of being a RP is not clear. This kind of council will eventually come up with a national guideline and possibly a new law that covers these and thus make it much easier for something new like OpenID to be adopted.

On Dec. 12, OpenID Foundation Japan had a members only seminar titled “OpenID BizDay#1″, hosted by Yahoo! Japan.
BizDay is something OIDF-J is providing to the members as the benefit of being a paying member.
It is intended to be a forum for the members to share their business (non-technical) experience.

Dec. 12 was the first such occasion, and over 60 people across the industries attended it.

The agenda was as follows:

0. Opening Welcome Message: Koji Yagi, President, OpenID Foundation Japan
1. Keynote: “Next Generation e-government services and security - loosely coupled databases and Government-Industry collaboration.”
     Prof. Osamu Sudo, The University of Tokyo
2. “Yahoo! JAPAN and OpenID”, Tetsuya Nishimaiki, CTO, Yahoo! Japan.
3. “Developments in the U.S.”, Tatsuki Sakushima, NRI-A
4. “Interoperability considerations on ID management: A Concordia Project”, Hiroki Ito, NTT
5. Status report on the progress of OpenID Japan’s activity. Nat Sakimura, NRI
6. OIDF-J Activity Reports, Noboru Uchiyama, OpenID Japan/NRI
7. Member announcements and forthcoming OpenID Japan activities.
 - mixi OpenID Contest, Hiroyuki Oyama, mixi
 - OpenID BizDay #2, Noboru Uchiyama, OpenID Japan/NRI

To start the BizDay #1, Mr. Yagi gave a welcome message to the members for joining this forum.
He also announced that now OIDF-J has 3 additional members: Hitachi, HP Japan, Indigo, that now it has 40 corporate members.

Prof. Osamu Sudo is a renowned government advisor and is an advisor to the OpenID Foundation Japan.
He gave us the current e-gov situation and his insight on how OpenID etc. can help the situation.

Mr. Nishimaki gave an overview on the rationale for Yahoo! Japan to invest and support OpenID, and shared the roadmap with OIDF-J members. Also, he shared business ideas that Yahoo! Japan is considering right now.
It was also good to hear Yahoo! Japan’s basic privacy policy: “The customer owns the information he registered to Yahoo! Japan.”

Tatsuki gave us an update on the U.S. OpenID related development, such as the Board Election, New Working Groups being formed, XRD 1.0 at OASIS Open, etc. Then, he finished off his speach with the mention of OpenID PAPE - SAML Authn Context interoperability project which is supposed to be demoed at RSA 2009. This acted as a good introduction to HIroki’s announcement and introduction of the OpenID-SAML Interop Concordia project.

Nat gave a brief status report on the SIG formation etc. There has been bunch of SIG proposals and the option of starting them simultaneously were considered, but the direction now is to start one to debug the process, and then start others.

Then, Mr. Uchiyama reported on the activities of the past two weeks including Web 2008 Conference that OIDF-J sponsored.

The last portion was member announcement. There were two announcement.

The first one was the announcement of mixi OpenID Competition for students. Awards are going to be given to the teams with implementation that leverage on the social graph represented by mixi OpenID. Juries are composed of two people from mixi, one from OIDF-J, and two others.

The second announcement was the next OpenID BizDay hosted by Japan Airlines. It will be on January 16.
It will feature Japan Airlines’ OpenID strategies as keynote.

Nikkei ITPro Article: http://itpro.nikkeibp.co.jp/article/NEWS/20081212/321354/

On Dec. 10, IdCon #4 was held, hosted by NRI.

IdCon is a gathering of identity engineers and architects started earlier this year by tkudo and =zigorou.
It is a grass-root activity which does not require a membership fee.
It makes a good companion with OIDF-J, which is a for fee membership organization.

IdCon #4 was a fifth such event this year. (We started off from IdCon #0, by the way.)
 
IdCon #4 featured following sessions:

- Possibility of Mobile OpenID, =zigorou, Cybozu Labs.
- Liberty People Service, =hiroki, NTT Information Sharing Lab.
- Recent Developments around OpenID, =nat, NRI
- Drinking Party :pint:

=zigorou gave detailed analysis of the limitation of the current phones available in Japan and the impact of that to OpenID.

=hiroki gave an overview of Liberty People Service.

=nat gave an overview of the recent development around OpenID, such as the board election, new WGs, Dick Hardt going to Microsoft, etc.

One of the feature of IdCon is that it always coupled with drinking party afterwards. It is a very valuable socializing event.

The next IdCon (i.e., IdCon #5) will be hosted by NTT and expected to be around the cherry blossom time so that we can go on an outing for cherry blossom viewing afterwards.

Cool URI for Semantic Web is a very good reading to understand W3C TAG position on what URI are.

Broadly speaking, a URI can represent two type of Resources:
1. Web Document such as Web pages, images, etc. (which is referred to as “Inforamtion Resources” in AWWW)
2. Real World Objects (which is referred to as “Things").

According to W3C guidelines [AWWW], an URI must not represent two different resources/things. Since a Person is not a web page (though that web page may be describing about the person), they must not be represented by a same URI. We need two URIs. In Cool URI for Semantic Web W3C recommends to create URIs in two ways.

(1) Hash URI

This is a document URI + #somestring.

Since any HTTP client strips strings after #, the request sent from the client to the server will be the document URI, so there is no problem in getting the document out of hashed URI.

For example, suppose the identifier that identifies alice was http://example.com/alice#thing, then the URI that goes over the wire will be http://example.com/alice and it is OK to get HTML back since without frangment, it is another URI.

(2) 303 Redirect

Another approach is to create an abstract identifier that identifies the thing, and use 303 redirect to a document (by Location: response header), which may in turn do content negotiation. (Note that the result of the content negotiation must be an equivalent resource.)

Example:

Let http://xri.net/=nat be the ID of a thing.

Then, when requested in GET, it should 303 redirect to a URI of a default web document of =nat with link header describing metadata location.

What about URI based OpenID?

Now, let us think about OpenID in general.

The classic type of OpenID is the Web Page, typically, his home page. This URI is dubbed to be an id of this person as well. This clearly is a violation of  [AWWW] principle. Perhaps putting fragment would somewhat solve the issue but it will have serious usability implication.

The second type is YADIS enabled OpenID, i.e., YADIS ID. (e.g., Yahoo! and mixi.)
In this case, the GET to the OpenID usually derives 200 OK with X-XRDS-Location: header. 2xx response code is reserved for Web Documents, so this also violates [AWWW]. In OpenID 2.1, hopefully, we will reference XRD 1.0 so that it will be changed to 303. If one is using his blog or home page URI as OpenID, he should include fragment but it is a pretty bad user interface-wise.

The third type is XRI.
In this case, 302 redirect is used to serve the default document with X-XRDS-Location: header^*1. Thus, it is also violating [AWWW]. Instead, it should have been 303 instead of 302^*2. In XRI 3.0, it will be 303 redirect with link header, so it will exactly be as in Cool URI for Semantic Web.

Some other thoughts

To save the extra round trip mandated by 303 redirect, it would probably be a good practice to define a path addition to OpenID to create the XRD address, e.g., /+xrd. In the XRI 2.0 HXRI spec, it is ?_xrd_r=application/xrds+xml, but adding /+xrd is a much more appealing way of doing it. After all, <Service> in a XRD is signifying the relationship, and the path component is a selector of the relevant <Service>. So, an XRD corresponding to @free*nat may look like:

<?xml version="1.0″ encoding="UTF-8″?>
<XRD xmlns="http://xri.net/$xrd*($v*2.0)”>
 <CanonicalID>@!1ED4.9ED5.8267.FB80!F2B3.EAAA.6509.55F6</CanonicalID>
 <Service>
  <ProviderID>@!7F6F.F50.A4E4.1133</ProviderID>
  <Type>http://oasis-open.org/xri/xrd-1_0</Type>
  <Path>(+xrd)</Path>
  <URI>http://xri.net/@free*nat?_xrd_r=application/xrds+xml</URI>
 
</Service>
 <Service>
  <ProviderID>@!7F6F.F50.A4E4.1133</ProviderID>
  <Type>http://openid.net/signon/1.0</Type>
  <Path>(+login)</Path>
  <URI priority="2″>http://authn.freexri.com/authentication/</URI>
  <URI priority="1″>https://authn.freexri.com/authentication/</URI>
 </Service>
 <Service>
  <ProviderID>@!7F6F.F50.A4E4.1133</ProviderID>
  <Type>xri://+i-service*(+contact)*($v*1.0)</Type>
  <Path>(+contact)</Path>
  <URI>http://contact.freexri.com/contact/</URI>
 </Service>
 <Service>
  <ProviderID>@!7F6F.F50.A4E4.1133</ProviderID>
  <Type>xri://+i-service*(+forwarding)*($v*1.0)</Type>
  <Path>(+index)</Path>
  <MediaType match="default"/>
  <URI append="qxri”>http://forwarding.freexri.com/forwarding/</URI>
 </Service>
</XRD>

*1 At the time of spec writing, there were no trace of link: header, so this custom header was created.
*2 I kind of remember that there actually was a discussion in the XRI TC whether we should be using 303 or 302, and decided to use 302 because at the time, many browsers did not support 303.

Web 2008 Expo sponsord by OpenID Japan was held in Tokyo on the 3rd of December. 

I did the keynote, and Sakamoto-san of Verisign K.K. did a session on “OpenID in Enterprise” and Seki-san of SixApart K.K. had a session on “OpenID in the internet”.

In the keynote, about 250 people showed up. In the break out sessions, somewhere between 50 to 70 people were there.

To my surprise, almost everybody in the Keynote session knew OpenID, and judging from the hands raised, about 50% has one, 30% have used one, and 15% is still using it.

Seki-san asked another question to the audience in his session: “Are you planning for starting an OpenID based service?”

A lot of them were, which was encouraging.