<html><head><meta http-equiv="content-type" content="text/html; charset=utf-8"></head><body dir="auto"><div>Hi Jörg</div><div><br></div><div>I agree with your description. Moreover, I think use case #2 also may require to sign an answer using key material associated with the user in order to prove user consent and assure none-repudation. I therefore think this use case should be factored out and folded into the requirement for "data to be signed".</div><div><br></div><div>kind regards,</div><div>Torsten.<br><br><br></div><div><br>Am 01.07.2015 um 09:52 schrieb Connotte, Joerg <<a href="mailto:j.connotte@telekom.de">j.connotte@telekom.de</a>>:<br><br></div><blockquote type="cite"><div>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<meta name="Generator" content="Microsoft Word 12 (filtered medium)">
<style><!--
/* Font Definitions */
@font-face
{font-family:Wingdings;
panose-1:5 0 0 0 0 0 0 0 0 0;}
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0cm;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri","sans-serif";}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
p.MsoListParagraph, li.MsoListParagraph, div.MsoListParagraph
{mso-style-priority:34;
margin-top:0cm;
margin-right:0cm;
margin-bottom:0cm;
margin-left:36.0pt;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri","sans-serif";}
span.E-MailFormatvorlage17
{mso-style-type:personal-compose;
font-family:"Calibri","sans-serif";
color:windowtext;}
.MsoChpDefault
{mso-style-type:export-only;}
@page WordSection1
{size:612.0pt 792.0pt;
margin:70.85pt 70.85pt 2.0cm 70.85pt;}
div.WordSection1
{page:WordSection1;}
/* List Definitions */
@list l0
{mso-list-id:715160038;
mso-list-type:hybrid;
mso-list-template-ids:-1413441730 253117884 67567619 67567621 67567617 67567619 67567621 67567617 67567619 67567621;}
@list l0:level1
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;
font-family:Symbol;
mso-fareast-font-family:Calibri;
mso-bidi-font-family:"Times New Roman";}
@list l1
{mso-list-id:2014797681;
mso-list-type:hybrid;
mso-list-template-ids:1136934632 67567633 67567641 67567643 67567631 67567641 67567643 67567631 67567641 67567643;}
@list l1:level1
{mso-level-text:"%1\)";
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;}
ol
{margin-bottom:0cm;}
ul
{margin-bottom:0cm;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
<div class="WordSection1">
<p class="MsoNormal"><span lang="EN-US">Hi all,<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal"><span lang="EN-US">in our last call we had a lengthy discussion about Issue #1.<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal"><span lang="EN-US">In my opinion we are talking about two different use cases where context is useful. But the requirements about the context are very different for those use cases<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US"><o:p> </o:p></span></p>
<p class="MsoListParagraph" style="text-indent:-18.0pt;mso-list:l1 level1 lfo2"><!--[if !supportLists]--><span lang="EN-US"><span style="mso-list:Ignore">1)<span style="font:7.0pt "Times New Roman"">
</span></span></span><!--[endif]--><span lang="EN-US">Context for authentication/login. Here the purpose of the context is to create an interlock between the consumption device and the authentication device to allow the user to make sure that the request to log
in really comes from a process he himself initiated on the consumption device. To facilitate this some nonsense text would be sufficient. In any case there is no need to have a structured context or some mechanisms to process the context besides show the context-text
on the authentication device AND the consumption device.<o:p></o:p></span></p>
<p class="MsoListParagraph" style="text-indent:-18.0pt;mso-list:l1 level1 lfo2"><!--[if !supportLists]--><span lang="EN-US"><span style="mso-list:Ignore">2)<span style="font:7.0pt "Times New Roman"">
</span></span></span><!--[endif]--><span lang="EN-US">Context to authorize business transactions (e.g. payment transactions). Here the purpose of the context is to make sure that the user is aware that he has to authorize a certain transaction which does not necessary
include a primary authentication. This implies that the context is highly structured and is processed in the IdP. For example for a payment transaction the IdP has to understand that this is a payment transaction and has to store context (and possibly the
whole transaction) to allow for non-repudiation issues.<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal"><span lang="EN-US">What do you think?<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal" style="text-autospace:none"><span lang="EN-US" style="font-size:10.0pt;font-family:"Arial","sans-serif"">Kind Regards<o:p></o:p></span></p>
<p class="MsoNormal" style="text-autospace:none"><span lang="EN-US" style="font-size:10.0pt;font-family:"Arial","sans-serif"">Jörg Connotte
<o:p></o:p></span></p>
<p class="MsoNormal" style="text-autospace:none"><span lang="EN-US" style="font-size:7.5pt;font-family:"Arial","sans-serif""><o:p> </o:p></span></p>
<p class="MsoNormal" style="text-autospace:none"><span lang="EN-US" style="font-size:7.5pt;font-family:"Arial","sans-serif";color:black"><o:p> </o:p></span></p>
<p class="MsoNormal" style="text-autospace:none"><b><span lang="EN-US" style="font-size:8.0pt;font-family:"Arial","sans-serif";color:black;text-transform:uppercase">Deutsche Telekom AG<o:p></o:p></span></b></p>
<p class="MsoNormal" style="text-autospace:none"><span lang="EN-US" style="font-size:8.0pt;font-family:"Arial","sans-serif";color:black">Products & Innovation<o:p></o:p></span></p>
<p class="MsoNormal" style="text-autospace:none"><span lang="EN-US" style="font-size:8.0pt;font-family:"Arial","sans-serif";color:black">Jörg Connotte<o:p></o:p></span></p>
<p class="MsoNormal" style="text-autospace:none"><span lang="EN-US" style="font-size:8.0pt;font-family:"Arial","sans-serif";color:black">Customer Platforms<o:p></o:p></span></p>
<p class="MsoNormal" style="text-autospace:none"><span lang="EN-US" style="font-size:8.0pt;font-family:"Arial","sans-serif";color:black">T-Online-Allee 1, 64</span><span style="font-size:8.0pt;font-family:"Arial","sans-serif";color:black">295 Darmstadt<o:p></o:p></span></p>
<p class="MsoNormal" style="text-autospace:none"><span style="font-size:8.0pt;font-family:"Arial","sans-serif";color:black">+49 6151 680-7288 (Tel.)<o:p></o:p></span></p>
<p class="MsoNormal" style="text-autospace:none"><span lang="EN-US" style="font-size:8.0pt;font-family:"Arial","sans-serif";color:black">+49 151 184-15517 (Mobil)<o:p></o:p></span></p>
<p class="MsoNormal" style="text-autospace:none"><span lang="EN-US" style="font-size:8.0pt;font-family:"Arial","sans-serif";color:black">E-Mail:
</span><span style="font-size:8.0pt;font-family:"Arial","sans-serif";color:black"><a href="mailto:j.connotte@telekom.de"><span lang="EN-US" style="color:blue">j.connotte@telekom.de</span></a></span><span lang="EN-US" style="font-size:8.0pt;font-family:"Arial","sans-serif";color:black"><o:p></o:p></span></p>
<p class="MsoNormal" style="text-autospace:none"><span style="font-size:8.0pt;font-family:"Arial","sans-serif";color:black"><a href="http://www.telekom.com/"><span lang="EN-US" style="color:black;text-decoration:none">www.telekom.com</span></a></span><span lang="EN-US" style="font-size:8.0pt;font-family:"Arial","sans-serif";color:black"><o:p></o:p></span></p>
<p class="MsoNormal" style="text-autospace:none"><span lang="EN-GB" style="font-size:8.0pt;font-family:"Arial","sans-serif";color:black"><o:p> </o:p></span></p>
<p class="MsoNormal" style="text-autospace:none"><b><span lang="EN-GB" style="font-size:10.0pt;font-family:"Arial","sans-serif";color:#E20074;text-transform:uppercase">Life is for sharing.</span></b><b><span lang="EN-GB" style="font-size:10.0pt;font-family:"Arial","sans-serif";color:black;text-transform:uppercase">
<o:p></o:p></span></b></p>
<p class="MsoNormal" style="text-autospace:none"><span lang="EN-GB" style="font-size:8.0pt;font-family:"Arial","sans-serif";color:black"><o:p> </o:p></span></p>
<p class="MsoNormal" style="text-autospace:none"><span lang="EN-US" style="font-size:8.0pt;font-family:"Arial","sans-serif";color:black">You can find the obligatory information on
</span><u><span lang="EN-GB" style="font-size:8.0pt;font-family:"Arial","sans-serif";color:black"><a href="http://www.telekom.com/compulsory-statement"><span style="color:black">www.telekom.com/compulsory-statement</span></a></span></u><span lang="EN-US" style="font-size:8.0pt;font-family:"Arial","sans-serif";color:black"><o:p></o:p></span></p>
<p class="MsoNormal" style="text-autospace:none"><span lang="EN-US" style="font-size:8.0pt;font-family:"Arial","sans-serif";color:black"><o:p> </o:p></span></p>
<p class="MsoNormal"><b><span lang="EN-GB" style="font-size:8.0pt;font-family:"Arial","sans-serif";color:black;text-transform:uppercase">Big changes start small – conserve resources by not printing every e-mail.</span></b><span lang="EN-US"><o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US"><o:p> </o:p></span></p>
</div>
</div></blockquote><blockquote type="cite"><div><span>_______________________________________________</span><br><span>Openid-specs-mobile-profile mailing list</span><br><span><a href="mailto:Openid-specs-mobile-profile@lists.openid.net">Openid-specs-mobile-profile@lists.openid.net</a></span><br><span><a href="http://lists.openid.net/mailman/listinfo/openid-specs-mobile-profile">http://lists.openid.net/mailman/listinfo/openid-specs-mobile-profile</a></span><br></div></blockquote></body></html>