<br><br><div class="gmail_quote">2013/2/5 Mike Jones <span dir="ltr"><<a href="mailto:Michael.Jones@microsoft.com" target="_blank">Michael.Jones@microsoft.com</a>></span><br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">






<div lang="EN-US" link="blue" vlink="purple">
<div>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d">This looks substantially better than the last version.  Thanks for doing it!</span></p></div></div>
</blockquote><div><br></div><div><span style="background-color:rgb(255,255,255);color:rgb(34,34,34);font-family:arial,sans-serif;font-size:18px">It was my blunder. I kept uploading the old version for a very silly reason. </span></div>
<div> </div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div lang="EN-US" link="blue" vlink="purple"><div><p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d"><u></u><u></u></span></p>

<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d"><u></u> <u></u></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d">The one thing that immediately surprised me is that the client_update request doesn’t have a client_id parameter.  I realize that you’re expecting it to be
 inferred from the access token, but it would be a good cross-check to always include it – in part to make sure that the caller actually has the right client_id, and in part, so the “register” and “update” functions can easily be syntactically distinguished.</span></p>
</div></div></blockquote><div><br></div><div style="color:rgb(34,34,34);font-family:arial,sans-serif;font-size:18px;background-color:rgb(255,255,255)">There are several reasons for it. </div><div style="color:rgb(34,34,34);font-family:arial,sans-serif;font-size:18px;background-color:rgb(255,255,255)">
<br></div><div style="color:rgb(34,34,34);font-family:arial,sans-serif;font-size:18px;background-color:rgb(255,255,255)">1.  d16 did not include client_id in the update request <-- biggest reason. </div><div style="color:rgb(34,34,34);font-family:arial,sans-serif;font-size:18px;background-color:rgb(255,255,255)">
2. client_id can be inferred from the Self URL. </div><div style="color:rgb(34,34,34);font-family:arial,sans-serif;font-size:18px;background-color:rgb(255,255,255)">    In fact, it should include the client_id in some form that the server likes. </div>
<div><span style="background-color:rgb(255,255,255);color:rgb(34,34,34);font-family:arial,sans-serif;font-size:18px">3. client_id can be inferred from the Access Token as well. </span></div><div> </div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div lang="EN-US" link="blue" vlink="purple"><div><p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d"><u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d"><u></u> <u></u></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d">                                                                -- Mike<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d"><u></u> <u></u></span></p>
<p class="MsoNormal"><b><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif"">From:</span></b><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif""> Nat Sakimura [mailto:<a href="mailto:sakimura@gmail.com" target="_blank">sakimura@gmail.com</a>]
<br>
<b>Sent:</b> Monday, February 04, 2013 2:03 PM<br>
<b>To:</b> Mike Jones<br>
<b>Cc:</b> <a href="mailto:openid-specs-ab@lists.openid.net" target="_blank">openid-specs-ab@lists.openid.net</a> Group; Justin Richer</span></p><div class="im"><br>
<b>Subject:</b> Re: [Openid-specs-ab] Dynamic Client Registration<u></u><u></u></div><p></p>
<p class="MsoNormal"><u></u> <u></u></p>
<p class="MsoNormal">OK. Now I have uploaded the correct Discussion Draft 17. <br></p><div><div class="h5">
<br>
HTML: <a href="http://nat.sakimura.org/wp-content/uploads/2013/02/draft-openid-connect-registration-1_0.html" target="_blank">
http://nat.sakimura.org/wp-content/uploads/2013/02/draft-openid-connect-registration-1_0.html</a><br>
diff: <a href="http://nat.sakimura.org/wp-content/uploads/2013/02/openid-connect-registration-1_0-diff-16-17.txt" target="_blank">
http://nat.sakimura.org/wp-content/uploads/2013/02/openid-connect-registration-1_0-diff-16-17.txt</a><u></u><u></u></div></div><p></p><div><div class="h5">
<div>
<p class="MsoNormal">XML: <a href="http://nat.sakimura.org/wp-content/uploads/2013/02/openid-connect-registration-1_0.xml" target="_blank">http://nat.sakimura.org/wp-content/uploads/2013/02/openid-connect-registration-1_0.xml</a><u></u><u></u></p>

</div>
<div>
<p class="MsoNormal">TXT (d16): <a href="http://nat.sakimura.org/wp-content/uploads/2013/02/openid-connect-registration-1_0-d16.txt" target="_blank">http://nat.sakimura.org/wp-content/uploads/2013/02/openid-connect-registration-1_0-d16.txt</a><u></u><u></u></p>

</div>
<div>
<p class="MsoNormal">TXT (d17): <a href="http://nat.sakimura.org/wp-content/uploads/2013/02/openid-connect-registration-1_0-d17.txt" target="_blank">http://nat.sakimura.org/wp-content/uploads/2013/02/openid-connect-registration-1_0-d17.txt</a><u></u><u></u></p>

</div>
<div>
<p class="MsoNormal"><br>
[Changes] <u></u><u></u></p>
<p style="margin-right:24.0pt;margin-bottom:5.0pt;margin-left:24.0pt">
<span style="font-family:"Verdana","sans-serif"">-17 discussion version<u></u><u></u></span></p>
<p class="MsoNormal" style="margin-right:24.0pt;margin-left:60.0pt">
<u></u><span style="font-size:10.0pt;font-family:Symbol"><span>·<span style="font:7.0pt "Times New Roman"">        
</span></span></span><u></u><span style="font-family:"Verdana","sans-serif"">Moved Terminology section out of Introduction to form an independent section and added several terminology definitions<u></u><u></u></span></p>

<p class="MsoNormal" style="margin-right:24.0pt;margin-left:60.0pt">
<u></u><span style="font-size:10.0pt;font-family:Symbol"><span>·<span style="font:7.0pt "Times New Roman"">        
</span></span></span><u></u><span style="font-family:"Verdana","sans-serif"">Deleted the </span><tt><span style="font-size:10.0pt;color:#003366">operation</span></tt><span style="font-family:"Verdana","sans-serif""> parameter<u></u><u></u></span></p>

<p class="MsoNormal" style="margin-right:24.0pt;margin-left:60.0pt">
<u></u><span style="font-size:10.0pt;font-family:Symbol"><span>·<span style="font:7.0pt "Times New Roman"">        
</span></span></span><u></u><span style="font-family:"Verdana","sans-serif"">Deleted the </span><tt><span style="font-size:10.0pt;color:#003366">rotate_secret</span></tt><span style="font-family:"Verdana","sans-serif""><u></u><u></u></span></p>

<p class="MsoNormal" style="margin-right:24.0pt;margin-left:60.0pt">
<u></u><span style="font-size:10.0pt;font-family:Symbol"><span>·<span style="font:7.0pt "Times New Roman"">        
</span></span></span><u></u><span style="font-family:"Verdana","sans-serif"">Added Client Read Request (GET)<u></u><u></u></span></p>
<p class="MsoNormal" style="margin-right:24.0pt;margin-left:60.0pt">
<u></u><span style="font-size:10.0pt;font-family:Symbol"><span>·<span style="font:7.0pt "Times New Roman"">        
</span></span></span><u></u><span style="font-family:"Verdana","sans-serif"">Added Client Delete Request (DELETE)<u></u><u></u></span></p>
<p class="MsoNormal" style="margin-right:24.0pt;margin-left:60.0pt">
<u></u><span style="font-size:10.0pt;font-family:Symbol"><span>·<span style="font:7.0pt "Times New Roman"">        
</span></span></span><u></u><span style="font-family:"Verdana","sans-serif"">Added "Self URL"<u></u><u></u></span></p>
<p class="MsoNormal" style="margin-right:24.0pt;margin-left:60.0pt">
<u></u><span style="font-size:10.0pt;font-family:Symbol"><span>·<span style="font:7.0pt "Times New Roman"">        
</span></span></span><u></u><span style="font-family:"Verdana","sans-serif"">Added </span><tt><span style="font-size:10.0pt;color:#003366">_links</span></tt><span style="font-family:"Verdana","sans-serif""><u></u><u></u></span></p>

<p class="MsoNormal" style="margin-right:24.0pt;margin-left:60.0pt">
<u></u><span style="font-size:10.0pt;font-family:Symbol"><span>·<span style="font:7.0pt "Times New Roman"">        
</span></span></span><u></u><span style="font-family:"Verdana","sans-serif"">Added Editor's Notes<u></u><u></u></span></p>
<p class="MsoNormal" style="margin-right:24.0pt;margin-left:60.0pt">
<u></u><span style="font-size:10.0pt;font-family:Symbol"><span>·<span style="font:7.0pt "Times New Roman"">        
</span></span></span><u></u><span style="font-family:"Verdana","sans-serif"">Changed the Japanese client name to make it sound more natural<u></u><u></u></span></p>
<p class="MsoNormal" style="margin-right:24.0pt;margin-left:60.0pt">
<u></u><span style="font-size:10.0pt;font-family:Symbol"><span>·<span style="font:7.0pt "Times New Roman"">        
</span></span></span><u></u><span style="font-family:"Verdana","sans-serif"">Added issued_at<u></u><u></u></span></p>
<p class="MsoNormal" style="margin-right:24.0pt;margin-left:60.0pt">
<u></u><span style="font-size:10.0pt;font-family:Symbol"><span>·<span style="font:7.0pt "Times New Roman"">        
</span></span></span><u></u><span style="font-family:"Verdana","sans-serif"">Added client update example (that seems to be missing many parameters that were present in the registration request example)<u></u><u></u></span></p>

<p class="MsoNormal" style="margin-right:24.0pt;margin-left:60.0pt">
<u></u><span style="font-size:10.0pt;font-family:Symbol"><span>·<span style="font:7.0pt "Times New Roman"">        
</span></span></span><u></u><span style="font-family:"Verdana","sans-serif"">Cleand up the indents<u></u><u></u></span></p>
<p class="MsoNormal">[Remarks] <u></u><u></u></p>
<div>
<ul type="disc">
<li class="MsoNormal">
The <tt><span style="font-size:10.0pt;color:#003366">operation</span></tt><span style="font-family:"Verdana","sans-serif""> parameter was removed but since the URL for the registration and other operations are different, there should be no problem in finding
 out what action should be taken. </span><u></u><u></u></li><li class="MsoNormal">
The URL for update etc. (Self URL) are given in _links/self/href. For servers' backward compatibility with the current implementations, it could be set like
<span style="font-family:"Courier New""><a href="https://server.example.com/connect/register?operation=client_update" target="_blank">https://server.example.com/connect/register?operation=client_update</a></span> so that the existing code is likely not break (if the web application
 framework is putting GET and POST parameters together into an object) or needs only minor change. Clients needs to read this value and store, so it is a bigger change. <u></u><u></u></li></ul>
<div>
<p class="MsoNormal">Unfortunately, I will be able to join the call only very briefly due to my flight schedule. <u></u><u></u></p>
</div>
<p class="MsoNormal">-- <br>
Nat Sakimura (=nat)<br>
Chairman, OpenID Foundation<br>
<a href="http://nat.sakimura.org/" target="_blank">http://nat.sakimura.org/</a><br>
@_nat_en<u></u><u></u></p>
</div>
</div>
</div></div></div>
</div>

</blockquote></div><br><br clear="all"><div><br></div>-- <br>Nat Sakimura (=nat)<div>Chairman, OpenID Foundation<br><a href="http://nat.sakimura.org/" target="_blank">http://nat.sakimura.org/</a><br>@_nat_en</div>