<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
</head>
<body text="#000000" bgcolor="#FFFFFF">
<font face="Helvetica, Arial, sans-serif">True, this isn't the
original use case... but it's an interesting one. However, it
seems like getting a "consent receipt" response would make more
sense connected to the prompt=consent flow than a prompt=create
one. And maybe if a "consent receipt" is attached to the act of a
user giving consent<font size="-1">, </font></font><font
face="Helvetica, Arial, sans-serif">then this is a case where
prompt="create consent" makes sense:)</font><br>
<br>
<div class="moz-cite-prefix">On 2/1/19 6:06 PM, Tom Jones via
Openid-specs-ab wrote:<br>
</div>
<blockquote type="cite"
cite="mid:CAK2Cwb6Kb-PXk8XsQ_Xd9p32cB=yX_WTJW3WwpzPAXQhmfjfug@mail.gmail.com">
<meta http-equiv="content-type" content="text/html; charset=UTF-8">
<div dir="ltr">What i think the client might need is a consent
receipt to show that the user did agree to share the data with
the client. In that case the client could request that user
consent be sought. I am not sure at all that this was the reason
for the request for this item, but it is a reasonable request
from the client side to know that it has received the data in a
lawful manner.<br clear="all">
<div>
<div dir="ltr" class="gmail_signature"
data-smartmail="gmail_signature">
<div dir="ltr">
<div>Peace ..tom</div>
</div>
</div>
</div>
<br>
</div>
<br>
<div class="gmail_quote">
<div dir="ltr" class="gmail_attr">On Thu, Jan 31, 2019 at 5:05
PM Brock Allen via Openid-specs-ab <<a
href="mailto:openid-specs-ab@lists.openid.net"
moz-do-not-send="true">openid-specs-ab@lists.openid.net</a>>
wrote:<br>
</div>
<blockquote class="gmail_quote" style="margin:0px 0px 0px
0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
<div id="gmail-m_4124734365722041158__MailbirdStyleContent"
style="font-size:10pt;font-family:"Lucida
Console";color:rgb(0,0,0)"> Do you have a concrete
example of how a client would know to send prompt=create?
<div><br>
</div>
<div>I ask because my first reaction is that given the
client doesn't authenticate the user, it has no idea if
the user has an account or not, so how/why would it know
to send this value? </div>
<div><br>
</div>
<div>Or are you simply imaging the scenario where the client
shows a "login" or "register" link, rather than getting
the OP to do that?<br>
<div><br>
</div>
<div class="gmail-m_4124734365722041158mb_sig"><span
style="font-family:"Lucida Console"">-Brock</span>
<div><br>
</div>
</div>
<blockquote
class="gmail-m_4124734365722041158history_container"
type="cite"
style="border-left-style:solid;border-width:1px;margin-top:20px;margin-left:0px;padding-left:10px">
<p style="color:rgb(170,170,170);margin-top:10px">On
1/31/2019 3:46:26 PM, George Fletcher via
Openid-specs-ab <<a
href="mailto:openid-specs-ab@lists.openid.net"
target="_blank" moz-do-not-send="true">openid-specs-ab@lists.openid.net</a>>
wrote:</p>
<div style="font-family:Arial,Helvetica,sans-serif"> <span
style="font-family:Helvetica,Arial,sans-serif">Thanks
so much for the quick feedback William! Comments
inline...</span><br>
<br>
<div
class="gmail-m_4124734365722041158moz-cite-prefix">On
1/31/19 12:45 PM, William Denniss wrote:<br>
</div>
<blockquote type="cite">
<div dir="ltr">
<div dir="ltr">
<div>Hi George,</div>
<div><br>
</div>
<div>Some quick review thoughts:</div>
<div><br>
</div>
<div>Section 4 Why is there a prohibition on
combining "create" with other prompt values?
What if a future prompt value was added that
was compatible with "create"?</div>
</div>
</div>
</blockquote>
My thinking (though I'm open to options) is that there
are many values that can be mutually exclusive. For
example, what does prompt="create consent" mean? I'm
happy to reduce this to SHOULD to allow for future
possibilities. Or change the wording to explain that
other prompt values that conflict with "create" should
not be used.<br>
<blockquote type="cite">
<div dir="ltr">
<div dir="ltr"><br
class="gmail-m_4124734365722041158gmail-Apple-interchange-newline">
<div>Section 4.1, "the account creation
experience" isn't defined by any OpenID spec,
so requiring it with a MUST could be
problematic. Also, most guidance on the UI
shown by the OP is generally in the form of
recommendations not normative requirements
(e.g. around scope consent screens).</div>
</div>
</div>
</blockquote>
OK, I'm fine changing this to a SHOULD if that makes
things more acceptable :)<br>
<blockquote type="cite">
<div dir="ltr">
<div dir="ltr">
<div><br>
</div>
<div>As background, how would you expect this to
be shown on the client? Two different buttons,
one to connect an existing account, one to
create a new account? Might be worth a
non-normative discussion in the doc about how
the clients might use this.</div>
</div>
</div>
</blockquote>
More or less, yes:) There are some use cases where the
client may want to allow the user to choose between
the options (sign-up vs sign-in) before starting the
authentication flow. I don't think it precludes the OP
from having to know that a client started an
authenticate flow, the user chose the sign-up
link/button and then at the end of registration the OP
needs to redirect back to the client with a code.
However, it does allow the client to optimize the
experience.<br>
<br>
Thanks again,<br>
George<br>
<blockquote type="cite">
<div dir="ltr">
<div dir="ltr">
<div><br>
</div>
<div>William</div>
<div dir="ltr"><br>
</div>
</div>
</div>
<br>
<div class="gmail_quote">
<div dir="ltr" class="gmail_attr">On Thu, Jan 31,
2019 at 9:19 AM George Fletcher via
Openid-specs-ab <<a
href="mailto:openid-specs-ab@lists.openid.net"
target="_blank" moz-do-not-send="true">openid-specs-ab@lists.openid.net</a>>
wrote:<br>
</div>
<blockquote class="gmail_quote" style="margin:0px
0px 0px 0.8ex;border-left:1px solid
rgb(204,204,204);padding-left:1ex">I've attached
both the XML and Text versions of a very small
spec that <br>
defines a new parameter value for the 'prompt'
parameter that allows the <br>
client to request the user go directly to the
account creation flow and <br>
when the user has successfully created the
account, return a 'code' to <br>
the client. This improves the user experience by
allowing the client to <br>
direct the user directly to the account creation
page.<br>
<br>
Feedback greatly appreciated!<br>
<br>
Thanks,<br>
George<br>
<br>
<br>
_______________________________________________<br>
Openid-specs-ab mailing list<br>
<a
href="mailto:Openid-specs-ab@lists.openid.net"
target="_blank" moz-do-not-send="true">Openid-specs-ab@lists.openid.net</a><br>
<a
href="http://lists.openid.net/mailman/listinfo/openid-specs-ab"
rel="noreferrer" target="_blank"
moz-do-not-send="true">http://lists.openid.net/mailman/listinfo/openid-specs-ab</a><br>
</blockquote>
</div>
</blockquote>
<br>
<pre class="gmail-m_4124734365722041158moz-signature" cols="72">--
Identity Standards Architect
Verizon Media Work: <a class="gmail-m_4124734365722041158moz-txt-link-abbreviated" href="mailto:george.fletcher@oath.com" target="_blank" moz-do-not-send="true">george.fletcher@oath.com</a>
Mobile: +1-703-462-3494 Twitter: <a class="gmail-m_4124734365722041158moz-txt-link-freetext" href="http://twitter.com/gffletch" target="_blank" moz-do-not-send="true">http://twitter.com/gffletch</a>
Office: +1-703-265-2544 Photos: <a class="gmail-m_4124734365722041158moz-txt-link-freetext" href="http://georgefletcher.photography" target="_blank" moz-do-not-send="true">http://georgefletcher.photography</a>
</pre>
</div>
</blockquote>
</div>
</div>
_______________________________________________<br>
Openid-specs-ab mailing list<br>
<a href="mailto:Openid-specs-ab@lists.openid.net"
target="_blank" moz-do-not-send="true">Openid-specs-ab@lists.openid.net</a><br>
<a
href="http://lists.openid.net/mailman/listinfo/openid-specs-ab"
rel="noreferrer" target="_blank" moz-do-not-send="true">http://lists.openid.net/mailman/listinfo/openid-specs-ab</a><br>
</blockquote>
</div>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<pre class="moz-quote-pre" wrap="">_______________________________________________
Openid-specs-ab mailing list
<a class="moz-txt-link-abbreviated" href="mailto:Openid-specs-ab@lists.openid.net">Openid-specs-ab@lists.openid.net</a>
<a class="moz-txt-link-freetext" href="http://lists.openid.net/mailman/listinfo/openid-specs-ab">http://lists.openid.net/mailman/listinfo/openid-specs-ab</a>
</pre>
</blockquote>
<br>
<pre class="moz-signature" cols="72">--
Identity Standards Architect
Verizon Media Work: <a class="moz-txt-link-abbreviated" href="mailto:george.fletcher@oath.com">george.fletcher@oath.com</a>
Mobile: +1-703-462-3494 Twitter: <a class="moz-txt-link-freetext" href="http://twitter.com/gffletch">http://twitter.com/gffletch</a>
Office: +1-703-265-2544 Photos: <a class="moz-txt-link-freetext" href="http://georgefletcher.photography">http://georgefletcher.photography</a>
</pre>
</body>
</html>