OpenID, in principle, can use Kanji and other non-ascii characters.
Not in the traditional URI form, but in XRI form.

For example, my XRI, @free*崎村 should be able to be used as OpenID.

This however does not come granted due to the implementation details of the current libraries.

For PHP OpenID Library from JanRain, I have found the place to fix.

It is in Auth/Yadis/XRIRes.php.

change

        $qxri = substr(Auth_Yadis_toURINormal($xri), 6);
        $hxri = $this->proxy_url . $qxri;

to

        $qxri = substr(Auth_Yadis_toURINormal($xri), 6);
        $qxri = urlencode($qxri); // =nat
        $hxri = $this->proxy_url . $qxri;

That is all, I think…

From [1] and [2] below, TAG’s problem statement seems to be as follows (summarized by me):

P1. Both XRI and HTTP URI both follow the pattern of an administrative hierarchy followed by a path.
P2. XRI is intended to produce the persistance, but PROPERLY ADMINISTERED http uri would have the same effect.
P3. Therefore, xri scheme is not necessary and can be replaced with http:.

The point P2 actually seems to be suggesting a transformation something in line of

replace xri:// to http://xri.net/

together with announcing that xri.net will never reuse the path if it starts from ”!”.

This actually is what the proxy resolver is doing in the actual implementation, so is very valid especially for the adoption purpose.

However, the sentiment of the TC, as I understand, was something like:

It probably would be inappropreate to use http: scheme for non-http use cases as it may cause confusion among people since it will not be clear if it is an abstract one or concrete one by looking at it. xri: is supposed to be an abstract schema which will be cast onto specific protocol schema given a context. Introducing new scheme will cause less confusion, that it may not be an http accessible resource.

So, YES. Technically, we could reuse http scheme, but in considration of human factors in it, TC thought it would be better to introduce a distinct unused scheme, xri:.

So, the difference in the view of W3C TAG and OASIS XRI TC seems to root on their view of the world.

TAG seems to believe that people are smart .
XRI TC seems to think that people are not that smart, but that’s OK. We should work with it.

[1] http://lists.w3.org/Archives/Public/www-tag/2005Apr/0076.html

[2] http://lists.w3.org/Archives/Public/www-tag/2005Apr/0095.html

W3C TAG posted a note that it is against XRI.

http://lists.w3.org/Archives/Public/www-tag/2008May/0078.html

Here is the arguments that lead to the above decision.

http://lists.w3.org/Archives/Public/www-tag/2005Apr/0095.html

http://lists.w3.org/Archives/Public/www-tag/2008Feb/0009.html

Unfortunately, the recomendation does not specify what exactly is unhappy about. So, I was going over each reason sited in the above documents (which has been replied by Gabe Wachob before.)

1) All access to resources identified by XRIs
require (at least) two round trips, the
first to retrieve metadata (XRDS, XRD or
uri list) and the second to retrieve
(a representation of) the resource itself?

Quite right. And if it were just for simple resolution of XRI, XRDS probably would not be required, but as a service selection language as used in OpenID, it would be very useful. It would also provide a sort of failover capability. Thus, at a glance, the requirement to make two round-trips to get to an actual resource is a burden, it has the merits.

2) HTTP content negotiation can be used in
requests for XRIs to force either metadata
return or redirection to actual resource
representations?

This actually is what is being done in XRI specification for HTTP binding. (XRI Resolution Section 6)

For non-http protocols (well, XRI does not have to be on TCP/IP network), of course, it cannot.

Looks like W3C TAG is assuming everything would happen over TCP/IP and HTTP forever.

3) Relative XRIs are of course allowed in the
normal way when a full-form XRI has been
established as the base URI. Are they also
allowed _without_ any full-form XRI as a
base URI? That is, for example, is “=henry”
intended to be recognize as an XRI in the
absence of any base URI? If so, what is
being done to ensure that both now and in
the future, the syntax of such abbreviated
XRIs is coordinated with (I.e. remains
disjoint from) the syntax of both absolute
and relative URIs that might be used in the
same contexts?

Refer to Gabe Wchaob’s response.

Also, could you let us know what steps, if any, you have taken towards registration of ‘xri’ as a URI scheme with the IETF?

No. It is supposed to be registered only after the vote.

The recommendations that we have documented in Architecture of the World
Wide Web, Volume One state that “A specification SHOULD reuse an
existing URI scheme (rather than create a new one) when it provides
the desired properties of identifiers and their relation to
resources.” [2] In this case, a properly managed and supported use of
the existing http scheme, based on the excellent analysis in your
documents, does have the desired properties and can provide the same
functionality without the loss of interoperability which would
accompany a new scheme. (ref)

I agree that we should try to reuse existing scheme, but using http:// scheme based URL for a non HTTP protocol such as gopher: seems a bit awkward and confusing at best because for many people, http: would have concrete meaning.

I suppose that it is a scoping problem.
If we assume the world of WWW only, TAG response would probably merits the point. However, we do not live in WWW only world nor will be.

my 2c.

For other comments, see OASIS XRI Wiki Page

Neither =nat nor http://xri.net/=nat seem to work.
I guess it is using Drupal.
Perhaps I should look at the Drupal library… when I have time

Being hopelessly jet-lagged, I was thinking of the suitable definition of “Reputation” (note the capital letter - I am not talking of the day-to-day usage of the word “reputation") in bed.

Here is what I got:

Reputation

A Reputation is a Reputor’s assessment of a Subject on a Criteria.

Reputor

A Reputor is a third party that assess the likelihood of the Subject fulfilling the Criteria. A Reputor may be composed of 1 to N assessers.

Reputation Score

A Reputation Score of a Subject on a Criteria by a Reputor is the subjective probability assigned by a Reputor that the Subject fulfils the Criteria.

What do you think?

Had a discussion about Reputation and Trust at IIW2008a.

Started to think that “Reputation” is a word that is too broad for most people. Probably better to concentrate on the more concrete cases.

The cases I am interested are specifically:

1) Probability of the PAPE assertion being true.
2) Probability of the adhearance of the RP to the usage proposal of the personal data that I provide.

In the above cases, I started to feel that just stating

a) Criteria, i.e., 1) or 2) above
b) Subjective Probability: 0 to 100 numeric percentatge.
c) Variance/Confidence range

together with other things like signature etc. for the security reasons are enough.

paperboy&co. in Japan started to accept OpenID for its online bookmark service today.

Unfortunately, it only accepts OpenID provided by:

- OpenID.ne.jp
- Yahoo! JAPAN
- livedoor
- hatena
- JugemKey

Why do those services do white listings?

Does it add value? NO. All these are free services, and you can make any number of OpenID with these providers. Then, why bother whitelisting to them?

Clearly, whitelisting does not go with the original philosophy of OpenID.

I hope that this “white listing” boom will find its end soon.

But for it, I guess we need some workable reputation framework…

From Left to Right:

=nat, Robert Ott (OpenID Switzerland^*), David Reindl (OpenID Switzerland), Martin Paljak (OpenID Estonia), Snorri Giorgetti (OpenID France, OpenID Europe, Chaiman).

It was a six course dinner.
Drink started with Clemont(?) de Alsace, a Swiss white wine, which I do not remember the name, then Mouton Cadet.

* Yet to be formed.

So, this morning, on the 28th, we have made an annoucement on plan to form the OpenID Foundation, Japan Chapter.

45 reporters from 37 magazines and news papers showed up for the press conference and numerous articles were published on it, that it made into the top page of the Google News with a photo.

As of now, over 27 articles were written at various places.

The REAL ID Act of 2005 is said by some to pave the way for a United States National ID Card and has come under heavy criticism from a wide range of people in the US. Some recent developments indicate that a National ID card could be tied to the federated authentication standard called OpenID.

At the most basic level, this would mean that you could sign in with your National ID card to all the websites where today you can login with a Yahoo! or AIM or other OpenID. Hmmm…

Are National ID Cards Going to Snuggle Up With OpenID?

IMHO, the government forcing the use of the Veronym and centralized government operated OpenID is a bad thing.

However, if it is a pseudonym which is hosted in various places and given out separately to each RPs with some assertion on the identity’s attribute, such as age, is not so bad. You will be able to get the service that you deserve, and you still do not get to be correlated at the RPs.

Of course, this OP may be able to determine your Real Identity, but that is depending on the operation principle of the OP. It might just use the National ID for the registration and discard the National ID itself right after that.

In fact, coupling of OpenID with this kind of government or otherwise authoritative certification document for the registration purpose serves to enhance privacy. You can prove some of your attribute and still you are anonymous. This has not been possible hitherto.

Thus, I would argue that coupling of National ID type of thing and OpenID is privacy enhancing.

Remember, Certification, Registration, Authentication, Authentication Assertion, Authorization is all different things. It is awfully wrong to use the certificate (such as National ID) as the authentication identity, but, for registration purposes, it is quite useful.

There seem to be some compatibility issues since the rise of OpenID 2.0. For example, something like

http://www.readwriteweb.com/cgi-bin/mt/mt-comments.cgi

does not support OpenID 2.0 nor XRI so that I cannot login to comment…
It does not even support the https://… url.

“[OpenID] Board membership limited?” is a title in the general@openid.net mailing list.

It is posing an interesting question.

As it so happens, Bill (the Executive Director of OpenID Foundation, OIDF), states that “Although the foundation will continue recruiting companies of all sizes to support the OpenID standard, it is not likely to add any more board members.”

It seems the rationale behind it is that community and the corporate power has to be balanced as Dick Hardt states:

The community board members want to ensure that the Foundation represents the community, so would like to limit the Corporate board membership, or at least ensure that community board seats balance the corporate board seats – so adding additional corporate board members is not out of the question, it would require careful consideration by the board.

That is fair enough, but this prompted me of another question.

When it comes to balance, is it balanced at all to start with?

Community board is OK. It is re-electable. On the other hand, Coproate board is not. And the list:

Google, IBM, Microsoft, Verisign, Yahoo!

is 100% U.S.A.

Number of the seats in the board is as follows:

Community: 8
Corporate: 5

So, the U.S.A. is granted at least 5 / (5+8) = 38% vote permanently no matter what.

Since some of the voting requires supermajority of the board, it effectively means that the U.S. has veto to these items.

As it stands, OpenID Foundation cannot escape the criticism that it is a U.S. local organization, unfortunately. I guess OIDF needs to fix this before this “label” proliferates.

OpenID Foundation

IPR
- IPR overview
- Why the IPR policy and process
- IPR Non-Assertion Agreements for Entities and Individuals (covers
through OpenID 2.0)
- IPR Policy and Process (for new spec working groups)
- Executed IPR Non-Assertion Agreements (not all from the corporate
board members have been uploaded yet) -

Foundation
- Articles of Incorporation with the state of Oregon (http://openid.net/pipermail/board/2007-May/000274.html)
- Basic policies and procedures -
- Board Meeting Minutes
- Membership agreement

OpenID RP Module for Xoops JP.
==============================
Author: Nat Sakimura (=nat)
Date: 2008-02-10
Copyright: Nat Sakimura (=nat)
License: GPL
Version: 0.2
PHP OpenID Library: php-openid-2.0.0

DOWNLOAD
========
http://www.sakimura.org/modules/mydownloads/visit.php?cid=1&lid=8

INSTALL
=======

1. Unarchive the files under modules/ directory.
2. Define XOOPS_TRUST_PATH somewhere out of the web accessible path
   in mainfile.php
3. Create a foloder “_php_consumer” under XOOPS_TRUST_PATH and
   change the permission so that it will be writable by the web server.
4. Install the module like other modules.
   (For XoopsCube, install the block as well.)
5. Give access permission to guest group for this module.
6. Install block for all the modules.

TODOs
=====

1. Create Admin Panel for easy maintenance of the OpenIDs.
2. Make 5 and 6 above automagic.
3. Clean up the code
4. Replace Dummy Admin screens to real ones.
5. Test on PHP 4.x. It has been only tested on PHP 5.2
　 Let me know if someone try on 4.x.
6. Make sreg parameters specifiable through admin screen.
7. sreg policy.
8. PAPE

Let me make note of my random thougts before I forget.

1. Reputation needs to have an identifier of somebody being scored.
2. The same for who is scoring.
3. For what criteria, this reputation score was made.
4. For the reputation to be aggregatable, it has to have a distribution that we know about the aggregated distribution (such as normal distribution).
5. The information about the distribution, including what distribution, mean, and standard diviation must be published together with the score.
6. Display score must be intuitive for an average person.
7. Date that score was made
8. Signature by the score maker

So, the reputation score file should contain:

In the above table, I am proposing to use cumulative distribution P(X<x) as the display score, so that the meaning of the score is clear for anybody. If the score is 95.5, the subject is among the top 5% of most trusted in that criteria.

Also, public key of the subject being rated is included as par OpenID TX proposal.

Using this, parties who are trying to talk to the subject can be sure that the party really is the party that has been rated by the above rating agency.

This data can be serialized in XML format, or JSON, or tag=value format etc.

OK. This is another input to forthcoming ORMS TC at OASIS Open.

Well, I am not talking about “association” in the sense of “organization”. It is the first phase of the OpenID protocol that I am talking about.

As it so happens, in OpenID 2.0, RP after resolving the OP address, requests OP to establish the association by Diffie-Helman. The association needs to be stored at both OP and RP. Also, because of this phase, check_authentication phase is also required.

Perhaps this was necessary in the days of OpenID 1.0, but I feel it to be rather redundant now.

If OP and RP publishes their Public Key in their XRDS, we do not need Association nor check_authentication, I think, simplifying the protocol further, and strengethning the security further with Reputation Service that we are proposing.

Perhaps, it could be an option for OpenID 3.0 kind of thing…

=masaki has completed the integration of RedMine with OpenID.

Today, I have presented the concept of Trusted Data Exchange and Reputation Service at iiw2007b.

Am writing an article in iiw wiki, but submit succeeds only sporadically.

Had a problme with Linksafe login, so to create the article, I am using =sakimura which is being hosted at 2idi, but that is me, =nat. This seems to be the problem that was introduced in conjunction with the introduction of CardSpace as one of the authentication method.

Conversations:

with =eekim and =ovdavis: ref linking of inames crossing over the ibroker.

with Ashish Jain: Necessity of Reputation service for the distributed authentication and data exchange service to be useful, esp. on the RP reputation.

with Paul Trevithick: Higgins and the contract format.

with =wes of Authentrus (city of Osmio, ITU eTrust initiative, The World Trust Signatories Association):

Authentrus provide the remote enrollment technology (online, telephone, etc.)

Other notes from =wes: Use iname or OpenID as DN in X.509 certificate. On the importance of enrollment/registration. Certification/Registration/AuthN/AuthZ. “Quiet Enjoyment” chpater 40. P.479: Why PKI has not work? PKI is just construction materials. Useless unless was turned into a house.

etc.

My team has been looking at AX etc. for some time whether it can fulfill the needs of our clients. It looks it is kind of hard to. So, we are defining an additional protocol that hooks to AX.

Hopefully, I can present it at iiw2007b.

On the 26th of October, I went to Liberty Alliance Day 2007 in Tokyo. I was invited to the event as a panelar to speak about OpenID at the cocktail reception, but I attended all the other sessions as well as some of the demos.

Panel Discussion in Japan oftern ends up just as a series of presentation, but this time, it was a real panel discussion, which was good.

At the end of the Panel discussion, Mr. Takahashi asked the panelers “What is Digital Identity?”. I was the third person to talk about and by the time it reached me, pretty much was spoken. So, I said “It is a technology that brings Power to the People. ” refering to the notion of “Theirdentity, Ourdentity, Mydentity”. The last one to speak was Mr. Shitamichi of Sun Micro. He said,

“It is Love.”

Well, this needs some explanation in English, I guess. “Love” in Japanese is pronounced “I”: yes, the first letter of “Identity”.