[Openid-specs-ab] Submission: prompt=create draft spec

George Fletcher gffletch at aol.com
Thu Aug 1 15:03:24 UTC 2019


Yes, I will submit a PR for the spec and post the current version shortly :)

On 7/24/19 11:39 AM, Vittorio Bertocci wrote:
> HI George, all-
> I was wondering if we could revive this proposal and see if there are 
> ways to move forward. We are receiving customer requests that would be 
> satisfied by this or similar mechanisms to signal the desire to 
> perform a signup operation.
> George: yesterday I discussed the feature with Nat, John, Brian and 
> they shared interesting insights. I'd be happy to summarize and 
> contribute language to that effect, if you have time to engage.
> thanks!
> V.
>
> On Mon, Feb 4, 2019 at 11:30 AM George Fletcher via Openid-specs-ab 
> <openid-specs-ab at lists.openid.net 
> <mailto:openid-specs-ab at lists.openid.net>> wrote:
>
>     True, this isn't the original use case... but it's an interesting
>     one. However, it seems like getting a "consent receipt" response
>     would make more sense connected to the prompt=consent flow than a
>     prompt=create one. And maybe if a "consent receipt" is attached to
>     the act of a user giving consent, then this is a case where
>     prompt="create consent" makes sense:)
>
>     On 2/1/19 6:06 PM, Tom Jones via Openid-specs-ab wrote:
>>     What i think the client might need is a consent receipt to show
>>     that the user did agree to share the data with the client. In
>>     that case the client could request that user consent be sought. I
>>     am not sure at all that this was the reason for the request for
>>     this item, but it is a reasonable request from the client side to
>>     know that it has received the data in a lawful manner.
>>     Peace ..tom
>>
>>
>>     On Thu, Jan 31, 2019 at 5:05 PM Brock Allen via Openid-specs-ab
>>     <openid-specs-ab at lists.openid.net
>>     <mailto:openid-specs-ab at lists.openid.net>> wrote:
>>
>>         Do you have a concrete example of how a client would know to
>>         send prompt=create?
>>
>>         I ask because my first reaction is that given the client
>>         doesn't authenticate the user, it has no idea if the user has
>>         an account or not, so how/why would it know to send this value?
>>
>>         Or are you simply imaging the scenario where the client shows
>>         a "login" or "register" link, rather than getting the OP to
>>         do that?
>>
>>         -Brock
>>
>>>         On 1/31/2019 3:46:26 PM, George Fletcher via Openid-specs-ab
>>>         <openid-specs-ab at lists.openid.net
>>>         <mailto:openid-specs-ab at lists.openid.net>> wrote:
>>>
>>>         Thanks so much for the quick feedback William! Comments
>>>         inline...
>>>
>>>         On 1/31/19 12:45 PM, William Denniss wrote:
>>>>         Hi George,
>>>>
>>>>         Some quick review thoughts:
>>>>
>>>>         Section 4 Why is there a prohibition on combining "create"
>>>>         with other prompt values? What if a future prompt value was
>>>>         added that was compatible with "create"?
>>>         My thinking (though I'm open to options) is that there are
>>>         many values that can be mutually exclusive. For example,
>>>         what does prompt="create consent" mean? I'm happy to reduce
>>>         this to SHOULD to allow for future possibilities. Or change
>>>         the wording to explain that other prompt values that
>>>         conflict with "create" should not be used.
>>>>
>>>>         Section 4.1, "the account creation experience" isn't
>>>>         defined by any OpenID spec, so requiring it with a MUST
>>>>         could be problematic. Also, most guidance on the UI shown
>>>>         by the OP is generally in the form of recommendations not
>>>>         normative requirements (e.g. around scope consent screens).
>>>         OK, I'm fine changing this to a SHOULD if that makes things
>>>         more acceptable :)
>>>>
>>>>         As background, how would you expect this to be shown on the
>>>>         client? Two different buttons, one to connect an existing
>>>>         account, one to create a new account? Might be worth a
>>>>         non-normative discussion in the doc about how the clients
>>>>         might use this.
>>>         More or less, yes:) There are some use cases where the
>>>         client may want to allow the user to choose between the
>>>         options (sign-up vs sign-in) before starting the
>>>         authentication flow. I don't think it precludes the OP from
>>>         having to know that a client started an authenticate flow,
>>>         the user chose the sign-up link/button and then at the end
>>>         of registration the OP needs to redirect back to the client
>>>         with a code. However, it does allow the client to optimize
>>>         the experience.
>>>
>>>         Thanks again,
>>>         George
>>>>
>>>>         William
>>>>
>>>>
>>>>         On Thu, Jan 31, 2019 at 9:19 AM George Fletcher via
>>>>         Openid-specs-ab <openid-specs-ab at lists.openid.net
>>>>         <mailto:openid-specs-ab at lists.openid.net>> wrote:
>>>>
>>>>             I've attached both the XML and Text versions of a very
>>>>             small spec that
>>>>             defines a new parameter value for the 'prompt'
>>>>             parameter that allows the
>>>>             client to request the user go directly to the account
>>>>             creation flow and
>>>>             when the user has successfully created the account,
>>>>             return a 'code' to
>>>>             the client. This improves the user experience by
>>>>             allowing the client to
>>>>             direct the user directly to the account creation page.
>>>>
>>>>             Feedback greatly appreciated!
>>>>
>>>>             Thanks,
>>>>             George
>>>>
>>>>
>>>>             _______________________________________________
>>>>             Openid-specs-ab mailing list
>>>>             Openid-specs-ab at lists.openid.net
>>>>             <mailto:Openid-specs-ab at lists.openid.net>
>>>>             http://lists.openid.net/mailman/listinfo/openid-specs-ab
>>>>
>>>
>>>         -- 
>>>         Identity Standards Architect
>>>         Verizon Media                     Work:george.fletcher at oath.com  <mailto:george.fletcher at oath.com>
>>>         Mobile: +1-703-462-3494           Twitter:http://twitter.com/gffletch
>>>         Office: +1-703-265-2544           Photos:http://georgefletcher.photography
>>         _______________________________________________
>>         Openid-specs-ab mailing list
>>         Openid-specs-ab at lists.openid.net
>>         <mailto:Openid-specs-ab at lists.openid.net>
>>         http://lists.openid.net/mailman/listinfo/openid-specs-ab
>>
>>
>>     _______________________________________________
>>     Openid-specs-ab mailing list
>>     Openid-specs-ab at lists.openid.net  <mailto:Openid-specs-ab at lists.openid.net>
>>     http://lists.openid.net/mailman/listinfo/openid-specs-ab
>
>     -- 
>     Identity Standards Architect
>     Verizon Media                     Work:george.fletcher at oath.com  <mailto:george.fletcher at oath.com>
>     Mobile: +1-703-462-3494           Twitter:http://twitter.com/gffletch
>     Office: +1-703-265-2544           Photos:http://georgefletcher.photography
>
>     _______________________________________________
>     Openid-specs-ab mailing list
>     Openid-specs-ab at lists.openid.net
>     <mailto:Openid-specs-ab at lists.openid.net>
>     http://lists.openid.net/mailman/listinfo/openid-specs-ab
>

-- 
Identity Standards Architect
Verizon Media                     Work: george.fletcher at oath.com
Mobile: +1-703-462-3494           Twitter: http://twitter.com/gffletch
Office: +1-703-265-2544           Photos: http://georgefletcher.photography

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20190801/bca5830b/attachment-0001.html>


More information about the Openid-specs-ab mailing list