<html>
<head>
<meta http-equiv="content-type" content="text/html; charset=utf-8">
</head>
<body text="#000000" bgcolor="#FFFFFF">
Hi Jörg,<br>
<br>
thanks for producing a new revision, which covers context and
login_token_hint (@all: it's published at
<a class="moz-txt-link-freetext" href="https://bitbucket.org/openid/mobile/raw/default/draft-mobile-authentication-01.txt">https://bitbucket.org/openid/mobile/raw/default/draft-mobile-authentication-01.txt</a>).<br>
<br>
Please find attached my comments as well as proposed text for
security/privacy considerations sections and other aspects. <br>
<meta http-equiv="content-type" content="text/html; charset=utf-8">
<title></title>
<meta name="generator" content="LibreOffice 4.4.6.3 (Windows)">
<style type="text/css">
@page { margin: 2cm }
pre { direction: ltr; color: #00000a; text-align: left; orphans: 0; widows: 0 }
pre.western { font-family: "Liberation Mono", serif; so-language: de-DE }
pre.cjk { font-family: "NSimSun"; so-language: zh-CN }
pre.ctl { font-family: "Liberation Mono"; so-language: hi-IN }
p { margin-bottom: 0.25cm; direction: ltr; color: #00000a; line-height: 120%; text-align: left; orphans: 0; widows: 0 }
p.western { font-family: "Liberation Serif", serif; font-size: 12pt; so-language: de-DE }
p.cjk { font-family: "SimSun"; font-size: 12pt; so-language: zh-CN }
p.ctl { font-family: "Arial"; font-size: 12pt; so-language: hi-IN }
a:link { so-language: zxx }
</style><br>
I would like to bring one question to the group's attention: Do we
want to require the login_token_hint to be signed? What is the main
reason? Issuer authenticity?<br>
<br>
best regards,<br>
Torsten.<br>
</body>
</html>