<div dir="ltr"><div class="gmail_default" style="font-family:tahoma,sans-serif;color:#0b5394">It gets my vote as well. Very important. </div></div><br><div class="gmail_quote"><div dir="ltr">On Tue, 8 Jan 2019 at 13:29, Dave Tonge via Openid-specs-fapi <<a href="mailto:openid-specs-fapi@lists.openid.net">openid-specs-fapi@lists.openid.net</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="ltr"><div dir="ltr"><div class="gmail_default" style="font-family:"trebuchet ms",sans-serif">I'm very much in favour of this.</div><div class="gmail_default" style="font-family:"trebuchet ms",sans-serif"><br></div><div class="gmail_default" style="font-family:"trebuchet ms",sans-serif">Dave</div></div><br><div class="gmail_quote"><div dir="ltr">On Mon, 7 Jan 2019 at 22:25, n-sakimura via Openid-specs-fapi <<a href="mailto:openid-specs-fapi@lists.openid.net" target="_blank">openid-specs-fapi@lists.openid.net</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">



<div>
<div>
<div>
<div>
<div style="direction:ltr">Thanks Torsten and Daniel, </div>
<div><br>
</div>
<div style="direction:ltr">This seems to be a very good starting point for a white paper/technical report. Is there any objection to starting a work based on this?
</div>
<div><br>
</div>
<div style="direction:ltr">If so, please speak up by the end of this week. </div>
<div><br>
</div>
<div style="direction:ltr">Best, </div>
<div><br>
</div>
<div style="direction:ltr">Nat Sakimura</div>
<div style="direction:ltr">Chair, FAPI WG. </div>
</div>
<div><br>
</div>
<div class="gmail-m_3964408299994978715gmail-m_7276508581745577296ms-outlook-ios-signature"><a href="https://aka.ms/o0ukef" target="_blank">Outlook for iOS</a> を入手</div>
</div>
<div> </div>
<hr style="display:inline-block;width:98%">
<div id="gmail-m_3964408299994978715gmail-m_7276508581745577296divRplyFwdMsg" dir="dir="ltr""><font face="Calibri, sans-serif" style="font-size:11pt" color="#000000"><b>差出人:</b> Openid-specs-fapi <<a href="mailto:openid-specs-fapi-bounces@lists.openid.net" target="_blank">openid-specs-fapi-bounces@lists.openid.net</a>> (Torsten Lodderstedt via Openid-specs-fapi <<a href="mailto:openid-specs-fapi@lists.openid.net" target="_blank">openid-specs-fapi@lists.openid.net</a>>
 の代理)<br>
<b>送信日時:</b> 火曜日, 1月 8, 2019 1:33 午前<br>
<b>宛先:</b> <a href="mailto:openid-specs-fapi@lists.openid.net" target="_blank">openid-specs-fapi@lists.openid.net</a><br>
<b>Cc:</b> Torsten Lodderstedt<br>
<b>件名:</b> [Openid-specs-fapi] Cross-Browser Payment Initiation Attack
<div> </div>
</font></div>

<div class="gmail-m_3964408299994978715gmail-m_7276508581745577296BodyFragment"><font size="2"><span style="font-size:11pt">
<div class="gmail-m_3964408299994978715gmail-m_7276508581745577296PlainText">Hi all,<br>
<br>
Daniel and I wrote a document describing a potential kind of attack on redirect based flows used to authorize and initiate payments.<br>
<br>
We would like to contribute this document to the working group.<br>
<br>
kind regards,<br>
Torsten.<br>
</div>
</span></font></div>
<div class="gmail-m_3964408299994978715gmail-m_7276508581745577296BodyFragment"><font size="2"><span style="font-size:11pt">
<div class="gmail-m_3964408299994978715gmail-m_7276508581745577296PlainText"><br>
</div>
</span></font></div>
<div class="gmail-m_3964408299994978715gmail-m_7276508581745577296BodyFragment"><font size="2"><span style="font-size:11pt">
<div class="gmail-m_3964408299994978715gmail-m_7276508581745577296PlainText">_______________________________________________<br>
Openid-specs-fapi mailing list<br>
<a href="mailto:Openid-specs-fapi@lists.openid.net" target="_blank">Openid-specs-fapi@lists.openid.net</a><br>
<a href="http://lists.openid.net/mailman/listinfo/openid-specs-fapi" target="_blank">http://lists.openid.net/mailman/listinfo/openid-specs-fapi</a><br>
</div>
</span></font></div>
</div>
</div>

_______________________________________________<br>
Openid-specs-fapi mailing list<br>
<a href="mailto:Openid-specs-fapi@lists.openid.net" target="_blank">Openid-specs-fapi@lists.openid.net</a><br>
<a href="http://lists.openid.net/mailman/listinfo/openid-specs-fapi" rel="noreferrer" target="_blank">http://lists.openid.net/mailman/listinfo/openid-specs-fapi</a><br>
</blockquote></div><br clear="all"><div><br></div>-- <br><div dir="ltr" class="gmail-m_3964408299994978715gmail_signature"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div style="font-size:1em;font-weight:bold;line-height:1.4"><div style="color:rgb(97,97,97);font-family:"Open Sans";font-size:14px;font-weight:normal;line-height:21px"><div style="font-family:Arial,Helvetica,sans-serif;font-size:0.925em;line-height:1.4;color:rgb(220,41,30);font-weight:bold"><div style="font-size:14px;font-weight:normal;color:rgb(51,51,51);font-family:lato,"open sans",arial,sans-serif;line-height:normal"><div style="color:rgb(0,164,183);font-weight:bold;font-size:1em;line-height:1.4"><div style="font-weight:400;color:rgb(51,51,51);line-height:normal"><div style="color:rgb(0,164,183);font-weight:bold;font-size:1em;line-height:1.4"><br></div><div style="padding:8px 0px"><div style="padding:8px 0px"><div style="color:rgb(97,97,97);font-family:"Open Sans";letter-spacing:normal"><div style="font-family:lato,"open sans",arial,sans-serif;color:rgb(51,51,51);line-height:1.4"><span style="background-color:transparent;font-size:0.75em"><br></span></div><div style="font-family:lato,"open sans",arial,sans-serif;color:rgb(51,51,51);line-height:1.4"><span style="background-color:transparent;font-size:0.75em;color:rgb(136,136,136)">DISCLAIMER: This email (including any attachments) is subject to copyright, and the information in it is confidential. Use of this email or of any information in it other than by the addressee is unauthorised and unlawful. Whilst reasonable efforts are made to ensure that any attachments are virus-free, it is the recipient's sole responsibility to scan all attachments for viruses. All calls and emails to and from this company may be monitored and recorded for legitimate purposes relating to this company's business. Any opinions expressed in this email (or in any attachments) are those of the author and do not necessarily represent the opinions of Moneyhub Financial Technology Limited or of any other group company.</span></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div>
_______________________________________________<br>
Openid-specs-fapi mailing list<br>
<a href="mailto:Openid-specs-fapi@lists.openid.net" target="_blank">Openid-specs-fapi@lists.openid.net</a><br>
<a href="http://lists.openid.net/mailman/listinfo/openid-specs-fapi" rel="noreferrer" target="_blank">http://lists.openid.net/mailman/listinfo/openid-specs-fapi</a><br>
</blockquote></div><br clear="all"><div><br></div>-- <br><div dir="ltr" class="gmail_signature"><div dir="ltr"><div><div style="padding:0px;margin:0px">    <table style="border-collapse:collapse;padding:0px;margin:0px">                 <tbody><tr>                         <td style="width:113px">                                        <a href="https://www.pingidentity.com" target="_blank"></a><a href="https://www.pingidentity.com" target="_blank"><img alt="Ping Identity" src="https://www.pingidentity.com/content/dam/pic/images/misc/signature/ping-logo.png"></a>                                </td>                             <td>                                      <table>                                                                                           <tbody><tr>                         <td style="vertical-align:top">                                 <span style="color:rgb(230,29,60);display:inline-block;margin-bottom:3px;font-family:arial,helvetica,sans-serif;font-weight:bold;font-size:14px">Rob Otto</span>                                                          <br>                                                              <span style="color:rgb(0,0,0);display:inline-block;margin-bottom:2px;font-family:arial,helvetica,sans-serif;font-weight:normal;font-size:14px">EMEA Field CTO/Solutions Architect</span>                                                          <br>                                                              <span style="font-family:arial,helvetica,sans-serif;font-size:14px;display:inline-block;margin-bottom:3px"><a href="mailto:robotto@pingidentity.com" target="_blank">robotto@pingidentity.com</a></span>                                                          <br>                                                              <span style="color:rgb(0,0,0);display:inline-block;margin-bottom:2px;font-family:arial,helvetica,sans-serif;font-weight:normal;font-size:14px">                                                         </span>                                                           <br>                                                              <span style="color:rgb(0,0,0);display:inline-block;margin-bottom:2px;font-family:arial,helvetica,sans-serif;font-weight:normal;font-size:14px">                                                         c: +44 (0) 777 135 6092</span>                                                    </td>                           </tr>                                       </tbody></table>                            </td>                     </tr>                     <tr>                                      <td colspan="2">          <table style="border-collapse:collapse;border:none;margin:8px 0px 0px;width:100%">            <tbody><tr style="height:40px;border-top:1px solid rgb(211,211,211);border-bottom:1px solid rgb(211,211,211)">              <td style="font-family:arial,helvetica,sans-serif;font-size:14px;font-weight:bold;color:rgb(64,71,75)">Connect with us: </td>              <td style="padding:4px 0px 0px 20px">                <a href="https://www.glassdoor.com/Overview/Working-at-Ping-Identity-EI_IE380907.11,24.htm" style="text-decoration:none;margin-right:16px" title="Ping on Glassdoor" target="_blank"><img src="https://www.pingidentity.com/content/dam/pic/images/misc/signature/social-glassdoor.png" style="border: none; margin: 0px;" alt="Glassdoor logo"></a>                                                                            <a href="https://www.linkedin.com/company/21870" style="text-decoration:none;margin-right:16px" title="Ping on LinkedIn" target="_blank"><img src="https://www.pingidentity.com/content/dam/pic/images/misc/signature/social-linkedin.png" style="border: none; margin: 0px;" alt="LinkedIn logo"></a>                                        <a href="https://twitter.com/pingidentity" style="text-decoration:none;margin-right:16px" title="Ping on Twitter" target="_blank"><img src="https://www.pingidentity.com/content/dam/pic/images/misc/signature/social-twitter.png" style="border: none; margin: 0px;" alt="twitter logo"></a>                                                                             <a href="https://www.facebook.com/pingidentitypage" style="text-decoration:none;margin-right:16px" title="Ping on Facebook" target="_blank"><img src="https://www.pingidentity.com/content/dam/pic/images/misc/signature/social-facebook.png" style="border: none; margin: 0px;" alt="facebook logo"></a>                                                               <a href="https://www.youtube.com/user/PingIdentityTV" style="text-decoration:none;margin-right:16px" title="Ping on Youtube" target="_blank"><img src="https://www.pingidentity.com/content/dam/pic/images/misc/signature/social-youtube.png" style="border: none; margin: 0px 0px 3px;" alt="youtube logo"></a>                                                                                                                <a href="https://plus.google.com/u/0/114266977739397708540" style="text-decoration:none;margin-right:16px" title="Ping on Google+" target="_blank"><img src="https://www.pingidentity.com/content/dam/pic/images/misc/signature/social-googleplus.png" style="border: none; margin: 0px;" alt="Google+ logo"></a>                                                        <a href="https://www.pingidentity.com/en/blog.html" style="text-decoration:none;margin-right:16px" title="Ping Blog" target="_blank"><img src="https://www.pingidentity.com/content/dam/pic/images/misc/signature/social-blog.png" style="border: none; margin: 0px;" alt="Blog logo"></a>                                                                                                                     </td>            </tr>          </tbody></table>                                </td>      </tr>    </tbody></table><a href="https://www.google.com/url?q=https://www.pingidentity.com/content/dam/ping-6-2-assets/Assets/faqs/en/consumer-attitudes-post-breach-era-3375.pdf?id%3Db6322a80-f285-11e3-ac10-0800200c9a66&source=gmail&ust=1541693608526000&usg=AFQjCNGBl5cPHCUAVKGZ_NnpuFj5PHGSUQ" target="_blank"><img src="https://www.pingidentity.com/content/dam/ping-6-2-assets/images/misc/emailSignature/consumer-survey-signature.jpg"></a>  </div></div></div></div>

<br>
<i style="margin:0px;padding:0px;border:0px;outline:0px;vertical-align:baseline;background:rgb(255,255,255);font-family:proxima-nova-zendesk,system-ui,-apple-system,system-ui,"Segoe UI",Roboto,Oxygen-Sans,Ubuntu,Cantarell,"Helvetica Neue",Arial,sans-serif;color:rgb(85,85,85)"><span style="margin:0px;padding:0px;border:0px;outline:0px;vertical-align:baseline;background:transparent;font-family:proxima-nova-zendesk,system-ui,-apple-system,BlinkMacSystemFont,"Segoe UI",Roboto,Oxygen-Sans,Ubuntu,Cantarell,"Helvetica Neue",Arial,sans-serif;font-weight:600"><font size="2">CONFIDENTIALITY NOTICE: This email may contain confidential and privileged material for the sole use of the intended recipient(s). Any review, use, distribution or disclosure by others is strictly prohibited.  If you have received this communication in error, please notify the sender immediately by e-mail and delete the message and any file attachments from your computer. Thank you.</font></span></i>