<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<meta name="Generator" content="Microsoft Word 14 (filtered medium)">
<style><!--
/* Font Definitions */
@font-face
{font-family:Helvetica;
panose-1:2 11 6 4 2 2 2 2 2 4;}
@font-face
{font-family:Helvetica;
panose-1:2 11 6 4 2 2 2 2 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Tahoma;
panose-1:2 11 6 4 3 5 4 4 2 4;}
@font-face
{font-family:Verdana;
panose-1:2 11 6 4 3 5 4 4 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Times New Roman","serif";}
h3
{mso-style-priority:9;
mso-style-link:"Heading 3 Char";
mso-margin-top-alt:auto;
margin-right:0in;
mso-margin-bottom-alt:auto;
margin-left:0in;
font-size:13.5pt;
font-family:"Times New Roman","serif";
font-weight:bold;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
p
{mso-style-priority:99;
mso-margin-top-alt:auto;
margin-right:0in;
mso-margin-bottom-alt:auto;
margin-left:0in;
font-size:12.0pt;
font-family:"Times New Roman","serif";}
tt
{mso-style-priority:99;
font-family:"Courier New";}
span.Heading3Char
{mso-style-name:"Heading 3 Char";
mso-style-priority:9;
mso-style-link:"Heading 3";
font-family:"Cambria","serif";
color:#4F81BD;
font-weight:bold;}
span.EmailStyle21
{mso-style-type:personal-reply;
font-family:"Calibri","sans-serif";
color:#1F497D;}
.MsoChpDefault
{mso-style-type:export-only;
font-family:"Calibri","sans-serif";}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang="EN-US" link="blue" vlink="purple">
<div class="WordSection1">
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">I would prefer that the OpenID 2.0 identifiers used with OpenID Connect all have an “openid2” prefix so that it’s syntactically clear that they’re there for
transition purposes. So for instance, I think “openid_id” is a misleading name. “openid2_id” would be better. Etc.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"> -- Mike<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><b><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif"">From:</span></b><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif""> openid-specs-ab-bounces@lists.openid.net [mailto:openid-specs-ab-bounces@lists.openid.net]
<b>On Behalf Of </b>Nat Sakimura<br>
<b>Sent:</b> Thursday, July 03, 2014 7:31 PM<br>
<b>To:</b> openid-specs-ab@lists.openid.net<br>
<b>Subject:</b> [Openid-specs-ab] New version of the Migration spec, and HTML version of it<o:p></o:p></span></p>
<p class="MsoNormal"><o:p> </o:p></p>
<div>
<p class="MsoNormal">Hi. <o:p></o:p></p>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<div>
<p class="MsoNormal">I have pushed a new version of OpenID 2.0 to Connect Migration spec draft. <o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<div>
<p class="MsoNormal">Fixed some errors and added the difference between this spec and Google's guide. <o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<div>
<p class="MsoNormal">You can find the HTML version here: <o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><a href="http://openid.bitbucket.org/openid-connect-migration-1_0.html">http://openid.bitbucket.org/openid-connect-migration-1_0.html</a><o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<div>
<p class="MsoNormal">While we have discussed it a bit in the WG call and the people who were calling in agreed to align some of the variable names with Google's, I have not applied them yet to allow more people to chime in. One of the thing that I noticed after
the call is that during the call, while we said that these OpenID 2.0 related claims will go away soon, it actually may not. OpenID 2.0 OP could go away soon, but IdPs may need to keep those claims for a longer time to allow RPs' users to fully migrate. So,
using claim names like "openid_id" for OpenID 2.0 identifier may be misleading. <o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<div>
<p class="MsoNormal">I am not particularly attached to eitherway, but I have kept the difference for the time being to call out the discussion around it. <o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<div>
<p class="MsoNormal">The Appendix C lists these differences/discussion points, and I am copying it here as well: <o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<div>
<h3><span style="font-family:"Helvetica","sans-serif";color:#333333">Appendix C. Difference to Google’s migration guide as of June 3, 2014<o:p></o:p></span></h3>
<p style="mso-margin-top-alt:5.0pt;margin-right:24.0pt;margin-bottom:5.0pt;margin-left:24.0pt">
<span style="font-family:"Verdana","sans-serif";color:black">In this appendix, the differences between this spec and the Google’s migration guide as of June 3, 2014 is expalined. The differences are categorized in accordance with the section number of this
specification. Google's migration guide is available at </span><tt><span style="font-size:10.0pt;color:#003366"><a href="https://developers.google.com/accounts/docs/OpenID#openid-connect">https://developers.google.com/accounts/docs/OpenID#openid-connect</a></span></tt><span style="font-family:"Verdana","sans-serif";color:black"> .
These differences should be discussed and determined whether it should be aligned with the Google's guide before finalizing this specification.<o:p></o:p></span></p>
<p style="mso-margin-top-alt:5.0pt;margin-right:24.0pt;margin-bottom:5.0pt;margin-left:24.0pt">
<em><b><span style="font-family:"Verdana","sans-serif";color:black">3. Requesting the OpenID 2.0 Identifier and Connect iss/sub pair together</span></b></em><span style="font-family:"Verdana","sans-serif";color:black"><o:p></o:p></span></p>
<p style="mso-margin-top-alt:5.0pt;margin-right:24.0pt;margin-bottom:5.0pt;margin-left:24.0pt">
<span style="font-family:"Verdana","sans-serif";color:black">Google uses </span><tt><span style="font-size:10.0pt;color:#003366">openid.realm</span></tt><span style="font-family:"Verdana","sans-serif";color:black"> instead. Since OpenID Connect uses param_name
style instead of </span><tt><span style="font-size:10.0pt;color:#003366"><a href="http://param.name">param.name</a></span></tt><span style="font-family:"Verdana","sans-serif";color:black">, as well as the name </span><tt><span style="font-size:10.0pt;color:#003366">openid.realm</span></tt><span style="font-family:"Verdana","sans-serif";color:black"> may
mislead the user that it is a Connect parameter proper, it has been changed to </span><tt><span style="font-size:10.0pt;color:#003366">openid2_realm</span></tt><span style="font-family:"Verdana","sans-serif";color:black">.<o:p></o:p></span></p>
<p style="mso-margin-top-alt:5.0pt;margin-right:24.0pt;margin-bottom:5.0pt;margin-left:24.0pt">
<span style="font-family:"Verdana","sans-serif";color:black">Google uses the existence of openid.realm parameter to switch the behavior at the Connect OP. New scope value </span><tt><span style="font-size:10.0pt;color:#003366">openid2</span></tt><span style="font-family:"Verdana","sans-serif";color:black"> has
been introduced in this spec to make it more explicit and semantically in-line that it is asking for a resource.<o:p></o:p></span></p>
<p style="mso-margin-top-alt:5.0pt;margin-right:24.0pt;margin-bottom:5.0pt;margin-left:24.0pt">
<em><b><span style="font-family:"Verdana","sans-serif";color:black">4. Verification of the Relying Party by the OP</span></b></em><span style="font-family:"Verdana","sans-serif";color:black"><o:p></o:p></span></p>
<p style="mso-margin-top-alt:5.0pt;margin-right:24.0pt;margin-bottom:5.0pt;margin-left:24.0pt">
<span style="font-family:"Verdana","sans-serif";color:black">Google does not perform RP verification.<o:p></o:p></span></p>
<p style="mso-margin-top-alt:5.0pt;margin-right:24.0pt;margin-bottom:5.0pt;margin-left:24.0pt">
<em><b><span style="font-family:"Verdana","sans-serif";color:black">5. Returning OpenID 2.0 Identifier</span></b></em><span style="font-family:"Verdana","sans-serif";color:black"><o:p></o:p></span></p>
<p style="mso-margin-top-alt:5.0pt;margin-right:24.0pt;margin-bottom:5.0pt;margin-left:24.0pt">
<span style="font-family:"Verdana","sans-serif";color:black">Google uses </span><tt><span style="font-size:10.0pt;color:#003366">openid_id</span></tt><span style="font-family:"Verdana","sans-serif";color:black"> instead of </span><tt><span style="font-size:10.0pt;color:#003366">openid2_id</span></tt><span style="font-family:"Verdana","sans-serif";color:black"> .
It was changed to </span><tt><span style="font-size:10.0pt;color:#003366">openid2_id</span></tt><span style="font-family:"Verdana","sans-serif";color:black"> because </span><tt><span style="font-size:10.0pt;color:#003366">openid_id</span></tt><span style="font-family:"Verdana","sans-serif";color:black"> may
cause confusion among people that it is the Connect identifier. Since this spec allows providing </span><tt><span style="font-size:10.0pt;color:#003366">openid2_id</span></tt><span style="font-family:"Verdana","sans-serif";color:black"> even after the OpenID
2.0 OP has been taken down, this claim may persists much longer than the OpenID 2.0 OP. Thus, the chance of confusion should be minimized.<o:p></o:p></span></p>
<p style="mso-margin-top-alt:5.0pt;margin-right:24.0pt;margin-bottom:5.0pt;margin-left:24.0pt">
<span style="font-family:"Verdana","sans-serif";color:black">Google does not take care of XRI while this standard does.<o:p></o:p></span></p>
<p style="mso-margin-top-alt:5.0pt;margin-right:24.0pt;margin-bottom:5.0pt;margin-left:24.0pt">
<em><b><span style="font-family:"Verdana","sans-serif";color:black">6. Verification of the authority</span></b></em><span style="font-family:"Verdana","sans-serif";color:black"><o:p></o:p></span></p>
<p style="mso-margin-top-alt:5.0pt;margin-right:24.0pt;margin-bottom:5.0pt;margin-left:24.0pt">
<span style="font-family:"Verdana","sans-serif";color:black">Google does not perform authority verification.<o:p></o:p></span></p>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
</div>
<div>
<p class="MsoNormal"><a name="Notices"></a>Otherwise, I feel that we are in a pretty good shape, so that as soon as we settle on these issues, we can go to the implementer's draft vote. <o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<div>
<p class="MsoNormal">Best, <br clear="all">
<o:p></o:p></p>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<p class="MsoNormal">-- <br>
Nat Sakimura (=nat)<o:p></o:p></p>
<div>
<p class="MsoNormal">Chairman, OpenID Foundation<br>
<a href="http://nat.sakimura.org/" target="_blank">http://nat.sakimura.org/</a><br>
@_nat_en<o:p></o:p></p>
</div>
</div>
</div>
</div>
</body>
</html>