<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<meta name="Generator" content="Microsoft Word 14 (filtered medium)">
<style><!--
/* Font Definitions */
@font-face
        {font-family:Wingdings;
        panose-1:5 0 0 0 0 0 0 0 0 0;}
@font-face
        {font-family:Wingdings;
        panose-1:5 0 0 0 0 0 0 0 0 0;}
@font-face
        {font-family:Calibri;
        panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
        {font-family:Tahoma;
        panose-1:2 11 6 4 3 5 4 4 2 4;}
@font-face
        {font-family:Consolas;
        panose-1:2 11 6 9 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
        {margin:0cm;
        margin-bottom:.0001pt;
        font-size:12.0pt;
        font-family:"Times New Roman","serif";}
a:link, span.MsoHyperlink
        {mso-style-priority:99;
        color:blue;
        text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
        {mso-style-priority:99;
        color:purple;
        text-decoration:underline;}
p.MsoPlainText, li.MsoPlainText, div.MsoPlainText
        {mso-style-priority:99;
        mso-style-link:"Plain Text Char";
        margin:0cm;
        margin-bottom:.0001pt;
        font-size:12.0pt;
        font-family:"Times New Roman","serif";}
pre
        {mso-style-priority:99;
        mso-style-link:"HTML Preformatted Char";
        margin:0cm;
        margin-bottom:.0001pt;
        font-size:12.0pt;
        font-family:"Times New Roman","serif";}
p.MsoAcetate, li.MsoAcetate, div.MsoAcetate
        {mso-style-priority:99;
        mso-style-link:"Balloon Text Char";
        margin:0cm;
        margin-bottom:.0001pt;
        font-size:8.0pt;
        font-family:"Tahoma","sans-serif";}
p.MsoListParagraph, li.MsoListParagraph, div.MsoListParagraph
        {mso-style-priority:34;
        margin-top:0cm;
        margin-right:0cm;
        margin-bottom:0cm;
        margin-left:36.0pt;
        margin-bottom:.0001pt;
        font-size:12.0pt;
        font-family:"Times New Roman","serif";}
span.HTMLPreformattedChar
        {mso-style-name:"HTML Preformatted Char";
        mso-style-priority:99;
        mso-style-link:"HTML Preformatted";
        font-family:Consolas;}
span.PlainTextChar
        {mso-style-name:"Plain Text Char";
        mso-style-priority:99;
        mso-style-link:"Plain Text";
        font-family:"Calibri","sans-serif";}
span.BalloonTextChar
        {mso-style-name:"Balloon Text Char";
        mso-style-priority:99;
        mso-style-link:"Balloon Text";
        font-family:"Tahoma","sans-serif";}
p.emailquote, li.emailquote, div.emailquote
        {mso-style-name:emailquote;
        mso-margin-top-alt:auto;
        margin-right:0cm;
        mso-margin-bottom-alt:auto;
        margin-left:1.0pt;
        font-size:12.0pt;
        font-family:"Times New Roman","serif";}
p.PrformatHTML, li.PrformatHTML, div.PrformatHTML
        {mso-style-name:"Préformaté HTML";
        mso-style-link:"Préformaté HTML Car";
        margin:0cm;
        margin-bottom:.0001pt;
        font-size:12.0pt;
        font-family:"Times New Roman","serif";}
span.PrformatHTMLCar
        {mso-style-name:"Préformaté HTML Car";
        mso-style-priority:99;
        mso-style-link:"Préformaté HTML";
        font-family:Consolas;}
p.Textebrut, li.Textebrut, div.Textebrut
        {mso-style-name:"Texte brut";
        mso-style-link:"Texte brut Car";
        margin:0cm;
        margin-bottom:.0001pt;
        font-size:12.0pt;
        font-family:"Times New Roman","serif";}
span.TextebrutCar
        {mso-style-name:"Texte brut Car";
        mso-style-priority:99;
        mso-style-link:"Texte brut";
        font-family:Consolas;}
span.EmailStyle29
        {mso-style-type:personal;
        font-family:"Calibri","sans-serif";
        color:#1F497D;}
span.nt
        {mso-style-name:nt;}
span.na
        {mso-style-name:na;}
span.s
        {mso-style-name:s;}
p.Textedebulles, li.Textedebulles, div.Textedebulles
        {mso-style-name:"Texte de bulles";
        mso-style-link:"Texte de bulles Car";
        margin:0cm;
        margin-bottom:.0001pt;
        font-size:12.0pt;
        font-family:"Times New Roman","serif";}
span.TextedebullesCar
        {mso-style-name:"Texte de bulles Car";
        mso-style-priority:99;
        mso-style-link:"Texte de bulles";
        font-family:"Tahoma","sans-serif";}
span.EmailStyle35
        {mso-style-type:personal;
        font-family:"Calibri","sans-serif";
        color:#1F497D;}
span.EmailStyle36
        {mso-style-type:personal-reply;
        font-family:"Calibri","sans-serif";
        color:#1F497D;}
.MsoChpDefault
        {mso-style-type:export-only;
        font-size:10.0pt;}
@page WordSection1
        {size:612.0pt 792.0pt;
        margin:70.85pt 70.85pt 2.0cm 70.85pt;}
div.WordSection1
        {page:WordSection1;}
/* List Definitions */
@list l0
        {mso-list-id:583343650;
        mso-list-type:hybrid;
        mso-list-template-ids:1593450300 -1708327666 67698691 67698693 67698689 67698691 67698693 67698689 67698691 67698693;}
@list l0:level1
        {mso-level-start-at:0;
        mso-level-number-format:bullet;
        mso-level-text:-;
        mso-level-tab-stop:none;
        mso-level-number-position:left;
        margin-left:114.0pt;
        text-indent:-42.0pt;
        font-family:"Calibri","sans-serif";
        mso-fareast-font-family:Calibri;
        mso-bidi-font-family:"Times New Roman";}
@list l0:level2
        {mso-level-number-format:bullet;
        mso-level-text:o;
        mso-level-tab-stop:none;
        mso-level-number-position:left;
        text-indent:-18.0pt;
        font-family:"Courier New";}
@list l0:level3
        {mso-level-number-format:bullet;
        mso-level-text:\F0A7;
        mso-level-tab-stop:none;
        mso-level-number-position:left;
        text-indent:-18.0pt;
        font-family:Wingdings;}
@list l0:level4
        {mso-level-number-format:bullet;
        mso-level-text:\F0B7;
        mso-level-tab-stop:none;
        mso-level-number-position:left;
        text-indent:-18.0pt;
        font-family:Symbol;}
@list l0:level5
        {mso-level-number-format:bullet;
        mso-level-text:o;
        mso-level-tab-stop:none;
        mso-level-number-position:left;
        text-indent:-18.0pt;
        font-family:"Courier New";}
@list l0:level6
        {mso-level-number-format:bullet;
        mso-level-text:\F0A7;
        mso-level-tab-stop:none;
        mso-level-number-position:left;
        text-indent:-18.0pt;
        font-family:Wingdings;}
@list l0:level7
        {mso-level-number-format:bullet;
        mso-level-text:\F0B7;
        mso-level-tab-stop:none;
        mso-level-number-position:left;
        text-indent:-18.0pt;
        font-family:Symbol;}
@list l0:level8
        {mso-level-number-format:bullet;
        mso-level-text:o;
        mso-level-tab-stop:none;
        mso-level-number-position:left;
        text-indent:-18.0pt;
        font-family:"Courier New";}
@list l0:level9
        {mso-level-number-format:bullet;
        mso-level-text:\F0A7;
        mso-level-tab-stop:none;
        mso-level-number-position:left;
        text-indent:-18.0pt;
        font-family:Wingdings;}
@list l1
        {mso-list-id:1082874580;
        mso-list-type:hybrid;
        mso-list-template-ids:-1929475584 -1708327666 67698691 67698693 67698689 67698691 67698693 67698689 67698691 67698693;}
@list l1:level1
        {mso-level-start-at:0;
        mso-level-number-format:bullet;
        mso-level-text:-;
        mso-level-tab-stop:none;
        mso-level-number-position:left;
        margin-left:114.0pt;
        text-indent:-42.0pt;
        font-family:"Calibri","sans-serif";
        mso-fareast-font-family:Calibri;
        mso-bidi-font-family:"Times New Roman";}
@list l1:level2
        {mso-level-number-format:bullet;
        mso-level-text:o;
        mso-level-tab-stop:none;
        mso-level-number-position:left;
        text-indent:-18.0pt;
        font-family:"Courier New";}
@list l1:level3
        {mso-level-number-format:bullet;
        mso-level-text:\F0A7;
        mso-level-tab-stop:none;
        mso-level-number-position:left;
        text-indent:-18.0pt;
        font-family:Wingdings;}
@list l1:level4
        {mso-level-number-format:bullet;
        mso-level-text:\F0B7;
        mso-level-tab-stop:none;
        mso-level-number-position:left;
        text-indent:-18.0pt;
        font-family:Symbol;}
@list l1:level5
        {mso-level-number-format:bullet;
        mso-level-text:o;
        mso-level-tab-stop:none;
        mso-level-number-position:left;
        text-indent:-18.0pt;
        font-family:"Courier New";}
@list l1:level6
        {mso-level-number-format:bullet;
        mso-level-text:\F0A7;
        mso-level-tab-stop:none;
        mso-level-number-position:left;
        text-indent:-18.0pt;
        font-family:Wingdings;}
@list l1:level7
        {mso-level-number-format:bullet;
        mso-level-text:\F0B7;
        mso-level-tab-stop:none;
        mso-level-number-position:left;
        text-indent:-18.0pt;
        font-family:Symbol;}
@list l1:level8
        {mso-level-number-format:bullet;
        mso-level-text:o;
        mso-level-tab-stop:none;
        mso-level-number-position:left;
        text-indent:-18.0pt;
        font-family:"Courier New";}
@list l1:level9
        {mso-level-number-format:bullet;
        mso-level-text:\F0A7;
        mso-level-tab-stop:none;
        mso-level-number-position:left;
        text-indent:-18.0pt;
        font-family:Wingdings;}
@list l2
        {mso-list-id:1755586265;
        mso-list-type:hybrid;
        mso-list-template-ids:-1402046628 -1708327666 67698691 67698693 67698689 67698691 67698693 67698689 67698691 67698693;}
@list l2:level1
        {mso-level-start-at:0;
        mso-level-number-format:bullet;
        mso-level-text:-;
        mso-level-tab-stop:none;
        mso-level-number-position:left;
        margin-left:114.0pt;
        text-indent:-42.0pt;
        font-family:"Calibri","sans-serif";
        mso-fareast-font-family:Calibri;
        mso-bidi-font-family:"Times New Roman";}
@list l2:level2
        {mso-level-number-format:bullet;
        mso-level-text:o;
        mso-level-tab-stop:none;
        mso-level-number-position:left;
        margin-left:126.0pt;
        text-indent:-18.0pt;
        font-family:"Courier New";}
@list l2:level3
        {mso-level-number-format:bullet;
        mso-level-text:\F0A7;
        mso-level-tab-stop:none;
        mso-level-number-position:left;
        margin-left:162.0pt;
        text-indent:-18.0pt;
        font-family:Wingdings;}
@list l2:level4
        {mso-level-number-format:bullet;
        mso-level-text:\F0B7;
        mso-level-tab-stop:none;
        mso-level-number-position:left;
        margin-left:198.0pt;
        text-indent:-18.0pt;
        font-family:Symbol;}
@list l2:level5
        {mso-level-number-format:bullet;
        mso-level-text:o;
        mso-level-tab-stop:none;
        mso-level-number-position:left;
        margin-left:234.0pt;
        text-indent:-18.0pt;
        font-family:"Courier New";}
@list l2:level6
        {mso-level-number-format:bullet;
        mso-level-text:\F0A7;
        mso-level-tab-stop:none;
        mso-level-number-position:left;
        margin-left:270.0pt;
        text-indent:-18.0pt;
        font-family:Wingdings;}
@list l2:level7
        {mso-level-number-format:bullet;
        mso-level-text:\F0B7;
        mso-level-tab-stop:none;
        mso-level-number-position:left;
        margin-left:306.0pt;
        text-indent:-18.0pt;
        font-family:Symbol;}
@list l2:level8
        {mso-level-number-format:bullet;
        mso-level-text:o;
        mso-level-tab-stop:none;
        mso-level-number-position:left;
        margin-left:342.0pt;
        text-indent:-18.0pt;
        font-family:"Courier New";}
@list l2:level9
        {mso-level-number-format:bullet;
        mso-level-text:\F0A7;
        mso-level-tab-stop:none;
        mso-level-number-position:left;
        margin-left:378.0pt;
        text-indent:-18.0pt;
        font-family:Wingdings;}
ol
        {margin-bottom:0cm;}
ul
        {margin-bottom:0cm;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang="EN-US" link="blue" vlink="purple">
<div class="WordSection1">
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">Hi Nicolas,<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">Thanks for the update.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">I think it is best to continue the discussion of single topics in single emails. So here it goes.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">Regarding error_code:<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">OAuth2 says in
<a href="https://tools.ietf.org/html/rfc6749#section-5.2">https://tools.ietf.org/html/rfc6749#section-5.2</a> e.g.:<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Courier New"">HTTP/1.1 400 Bad Request<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Courier New"">     Content-Type: application/json;charset=UTF-8<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Courier New"">     Cache-Control: no-store<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Courier New"">     Pragma: no-cache<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Courier New""><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Courier New"">     {<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Courier New"">       "error":"invalid_request"<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Courier New"">     }<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">UQ says
<a href="https://xml2rfc.tools.ietf.org/cgi-bin/xml2rfc.cgi?Submit=Submit&format=ascii&mode=html&type=ascii&url=https://bitbucket.org/openid/mobile/raw/tip/draft-user-questioning-api.xml">
https://xml2rfc.tools.ietf.org/cgi-bin/xml2rfc.cgi?Submit=Submit&format=ascii&mode=html&type=ascii&url=https://bitbucket.org/openid/mobile/raw/tip/draft-user-questioning-api.xml</a><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">In section Errors:<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Courier New"">{<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Courier New"">        "error_code":"unknown_user",<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Courier New"">        "error_description":"The user is unknown",<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Courier New"">        "error_uri":"https://server.example.com/errors/unknown_user"<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Courier New"">}<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">Why is UQ using “error_code” while OAuth2 uses “error” for the same value?<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">I agree with you – I think this is what you intended – that using “error_code” for the error code is better than using “error” for the error code.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">But OAuth2 uses “error” for the error_code and specs deriving from OAuth2 should not change the field names.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">MODRNA authentication
<a href="https://bitbucket.org/openid/mobile/raw/default/draft-mobile-authentication-01.txt">
https://bitbucket.org/openid/mobile/raw/default/draft-mobile-authentication-01.txt</a> does not mention error structures at all. Maybe this is the way to go for UQ too – just list the possible error code (section 5.1) and drop the text re-explaining the JSON
 structure…<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">Sorry I was not clear in my review remarks<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">Cheers<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">Axel<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"><o:p> </o:p></span></p>
<div>
<div style="border:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt 0cm 0cm 0cm">
<p class="MsoNormal"><b><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif"">From:</span></b><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif""> nicolas.aillery@orange.com [mailto:nicolas.aillery@orange.com]
<br>
<b>Sent:</b> Tuesday, November 22, 2016 6:58 PM<br>
<b>To:</b> Nennker, Axel<br>
<b>Cc:</b> openid-specs-mobile-profile@lists.openid.net; Lodderstedt, Torsten; MARAIS Charles IMT/OLPS; CLEMENT Philippe IMT TECHNO; VASSELET Mickaël IMT/OLN<br>
<b>Subject:</b> RE: User Questioning RE: [Openid-specs-mobile-profile] minutes of MODRNA WG Call Nov 16th 2016<o:p></o:p></span></p>
</div>
</div>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal"><span lang="FR" style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">Hello Axel,<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="FR" style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">   Thank you for your review.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">   Please find my comments in your remarks,<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">Regards,<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">Nicolas<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"><o:p> </o:p></span></p>
<div>
<div style="border:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt 0cm 0cm 0cm">
<p class="MsoNormal"><b><span lang="FR" style="font-size:10.0pt;font-family:"Tahoma","sans-serif"">De :</span></b><span lang="FR" style="font-size:10.0pt;font-family:"Tahoma","sans-serif"">
<a href="mailto:Axel.Nennker@telekom.de">Axel.Nennker@telekom.de</a> [<a href="mailto:Axel.Nennker@telekom.de">mailto:Axel.Nennker@telekom.de</a>]
<br>
<b>Envoyé :</b> jeudi 17 novembre 2016 13:25<br>
<b>À :</b> AILLERY Nicolas IMT/OLPS; MARAIS Charles IMT/OLPS<br>
<b>Cc :</b> <a href="mailto:Torsten.Lodderstedt@telekom.de">Torsten.Lodderstedt@telekom.de</a>;
<a href="mailto:openid-specs-mobile-profile@lists.openid.net">openid-specs-mobile-profile@lists.openid.net</a><br>
<b>Objet :</b> User Questioning RE: [Openid-specs-mobile-profile] minutes of MODRNA WG Call Nov 16th 2016<o:p></o:p></span></p>
</div>
</div>
<p class="MsoNormal"><span lang="FR"><o:p> </o:p></span></p>
<p class="MsoPlainText"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif"">Hi Nicolas, hi Charles,<o:p></o:p></span></p>
<p class="MsoPlainText"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif""><o:p> </o:p></span></p>
<p class="MsoPlainText"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif"">I reviewed the UQ draft and here are my first remarks:<o:p></o:p></span></p>
<p class="MsoPlainText"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif""><o:p> </o:p></span></p>
<p class="MsoPlainText" style="margin-left:114.0pt;text-indent:-42.0pt;mso-list:l0 level1 lfo2">
<![if !supportLists]><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"><span style="mso-list:Ignore">-<span style="font:7.0pt "Times New Roman"">                         
</span></span></span><![endif]><span style="font-size:11.0pt;font-family:"Calibri","sans-serif"">Please consider whether the word “FORBIDDEN” can be replaced by “MUST NOT”<br>
e.g. in 4.1.1 I suggest to reverse the order and rephrase to avoid FORBIDDEN:<br>
“MANDATORY if the Access Token is not tied with an End-User. MUST NOT be present if the Access Token is tied with an End-User,”<span style="color:#1F497D"><o:p></o:p></span></span></p>
<p class="MsoPlainText" style="margin-left:114.0pt;text-indent:-42.0pt;mso-list:l0 level1 lfo2">
<![if !supportLists]><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"><span style="mso-list:Ignore">-<span style="font:7.0pt "Times New Roman"">                         
</span></span></span><![endif]><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:red">[NAY] OK, draft modified</span><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"><o:p></o:p></span></p>
<p class="MsoPlainText"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif""><o:p> </o:p></span></p>
<p class="MsoPlainText"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif"">Regarding 4.1.1 User Questioning Request<o:p></o:p></span></p>
<p class="MsoPlainText" style="margin-left:114.0pt;text-indent:-42.0pt;mso-list:l2 level1 lfo4">
<![if !supportLists]><span style="font-size:11.0pt;font-family:"Calibri","sans-serif""><span style="mso-list:Ignore">-<span style="font:7.0pt "Times New Roman"">                         
</span></span></span><![endif]><span style="font-size:11.0pt;font-family:"Calibri","sans-serif"">“AUTHORIZATION” the paragraph seems to exclude the possibility to use client_id/client_secret and BASIC auth, right? Or does use of client_id/client_secret constitute
 the case “not tied to the user” while an access token constitutes the case “tied to the user”?<o:p></o:p></span></p>
<p class="MsoPlainText" style="margin-left:114.0pt;text-indent:-42.0pt;mso-list:l2 level1 lfo4">
<![if !supportLists]><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:red"><span style="mso-list:Ignore">-<span style="font:7.0pt "Times New Roman"">                         
</span></span></span><![endif]><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:red">[NAY] UQ API is defined as an OAuth 2.0 API, requiring an access_token. Client_id/client_secret or HTTP Basic Auth are excluded.<o:p></o:p></span></p>
<p class="MsoPlainText"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoPlainText" style="margin-left:114.0pt;text-indent:-42.0pt;mso-list:l2 level1 lfo4">
<![if !supportLists]><span style="font-size:11.0pt;font-family:"Calibri","sans-serif""><span style="mso-list:Ignore">-<span style="font:7.0pt "Times New Roman"">                         
</span></span></span><![endif]><span style="font-size:11.0pt;font-family:"Calibri","sans-serif"">user_id “tied to the user” should be explained. I suggest adding text to the paragraph about “AUTHORIZATION” and the access token.<o:p></o:p></span></p>
<p class="MsoPlainText" style="margin-left:114.0pt;text-indent:-42.0pt;mso-list:l2 level1 lfo4">
<![if !supportLists]><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:red"><span style="mso-list:Ignore">-<span style="font:7.0pt "Times New Roman"">                         
</span></span></span><![endif]><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:red">[NAY] OK, draft modified (4.1.2.1)<o:p></o:p></span></p>
<p class="MsoPlainText"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoPlainText" style="margin-left:114.0pt;text-indent:-42.0pt;mso-list:l2 level1 lfo4">
<![if !supportLists]><span style="font-size:11.0pt;font-family:"Calibri","sans-serif""><span style="mso-list:Ignore">-<span style="font:7.0pt "Times New Roman"">                         
</span></span></span><![endif]><span style="font-size:11.0pt;font-family:"Calibri","sans-serif"">user_id versus sub<br>
Why not use sub always instead of user_id? “sub” has the advantage that it is not widely known because it was assigned by the OP to the user for this Client. “sub” is never reassigned while a user_id might not be eternally assigned to the user. Yes, User_id_type
 can be sub but sub is harder to misuse by a rogue Client.<o:p></o:p></span></p>
<p class="MsoPlainText" style="margin-left:114.0pt;text-indent:-42.0pt;mso-list:l2 level1 lfo4">
<![if !supportLists]><span style="font-size:11.0pt;font-family:"Calibri","sans-serif""><span style="mso-list:Ignore">-<span style="font:7.0pt "Times New Roman"">                         
</span></span></span><![endif]><span style="font-size:11.0pt;font-family:"Calibri","sans-serif"">4.1.2.2 says “user_id as a reachability means”: Should the OP be free to decide how to contact the user on which device? Or does the Client decide on that by requesting
 a certain channel/device to be used?<o:p></o:p></span></p>
<p class="MsoPlainText" style="margin-left:114.0pt;text-indent:-42.0pt;mso-list:l2 level1 lfo4">
<![if !supportLists]><span style="font-size:11.0pt;font-family:"Calibri","sans-serif""><span style="mso-list:Ignore">-<span style="font:7.0pt "Times New Roman"">                         
</span></span></span><![endif]><span style="font-size:11.0pt;font-family:"Calibri","sans-serif"">I suggest to add “sub” as MANDATORY to the UQ request.<o:p></o:p></span></p>
<p class="MsoPlainText" style="margin-left:114.0pt;text-indent:-42.0pt;mso-list:l2 level1 lfo4">
<![if !supportLists]><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:red"><span style="mso-list:Ignore">-<span style="font:7.0pt "Times New Roman"">                         
</span></span></span><![endif]><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:red">[NAY] ‘sub’ is an option, but other types  (e.g MSISDN) must be allowed for RP that don’t use (or don’t known) the sub. The OP must find a mean to reach
 the user. If the user_id is a reachability identifier, it should be used.<o:p></o:p></span></p>
<p class="MsoPlainText"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoPlainText" style="margin-left:114.0pt;text-indent:-42.0pt;mso-list:l2 level1 lfo4">
<![if !supportLists]><span style="font-size:11.0pt;font-family:"Calibri","sans-serif""><span style="mso-list:Ignore">-<span style="font:7.0pt "Times New Roman"">                         
</span></span></span><![endif]><span style="font-size:11.0pt;font-family:"Calibri","sans-serif"">“wished_acr” Why not use “acr_values” from OpenID.Core?<o:p></o:p></span></p>
<p class="MsoPlainText" style="margin-left:114.0pt;text-indent:-42.0pt;mso-list:l2 level1 lfo4">
<![if !supportLists]><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:red"><span style="mso-list:Ignore">-<span style="font:7.0pt "Times New Roman"">                         
</span></span></span><![endif]><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:red">[NAY] there is more semantic in ‘wished’<o:p></o:p></span></p>
<p class="MsoPlainText"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoPlainText" style="margin-left:114.0pt;text-indent:-42.0pt;mso-list:l2 level1 lfo4">
<![if !supportLists]><span style="font-size:11.0pt;font-family:"Calibri","sans-serif""><span style="mso-list:Ignore">-<span style="font:7.0pt "Times New Roman"">                         
</span></span></span><![endif]><span style="font-size:11.0pt;font-family:"Calibri","sans-serif"">“wished_amr” like acr_values?: amr_values?<o:p></o:p></span></p>
<p class="MsoPlainText" style="margin-left:114.0pt;text-indent:-42.0pt;mso-list:l2 level1 lfo4">
<![if !supportLists]><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:red"><span style="mso-list:Ignore">-<span style="font:7.0pt "Times New Roman"">                         
</span></span></span><![endif]><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:red">[NAY] there is more semantic in ‘wished’<o:p></o:p></span></p>
<p class="MsoPlainText"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoPlainText" style="margin-left:114.0pt;text-indent:-42.0pt;mso-list:l2 level1 lfo4">
<![if !supportLists]><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:red"><span style="mso-list:Ignore">-<span style="font:7.0pt "Times New Roman"">                         
</span></span></span><![endif]><span style="font-size:11.0pt;font-family:"Calibri","sans-serif"">“wished_*” is the order of the values important? There is no text regarding the order.<span style="color:red">
<o:p></o:p></span></span></p>
<p class="MsoPlainText" style="margin-left:114.0pt;text-indent:-42.0pt;mso-list:l2 level1 lfo4">
<![if !supportLists]><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:red"><span style="mso-list:Ignore">-<span style="font:7.0pt "Times New Roman"">                         
</span></span></span><![endif]><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:red">[NAY] OK, draft modified (order SHOULD be considered by OP)<o:p></o:p></span></p>
<p class="MsoPlainText" style="margin-left:114.0pt"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif""><o:p> </o:p></span></p>
<p class="MsoPlainText"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif"">Regarding 4.1.2.2 Processing user_id<o:p></o:p></span></p>
<p class="MsoPlainText" style="margin-left:114.0pt;text-indent:-42.0pt;mso-list:l1 level1 lfo6">
<![if !supportLists]><span style="font-size:11.0pt;font-family:"Calibri","sans-serif""><span style="mso-list:Ignore">-<span style="font:7.0pt "Times New Roman"">                         
</span></span></span><![endif]><span style="font-size:11.0pt;font-family:"Calibri","sans-serif"">I would not conflate user_id as sub and user_id as reachability means!<o:p></o:p></span></p>
<p class="MsoPlainText" style="margin-left:114.0pt;text-indent:-42.0pt;mso-list:l1 level1 lfo6">
<![if !supportLists]><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:red"><span style="mso-list:Ignore">-<span style="font:7.0pt "Times New Roman"">                         
</span></span></span><![endif]><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:red">[NAY] a user_id is just a user identifier. It can be of different types. Some types can be directly used to reach the user (e.g. MSISDN), other cannot
 (e.g. sub). The way the user is reach is up to the OP. The user_id is a mean for the RP to designate the User. If the access_token is associated with a user, the user_id is useless.<o:p></o:p></span></p>
<p class="MsoPlainText" style="margin-left:114.0pt"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:red"><o:p> </o:p></span></p>
<pre style="mso-margin-top-alt:0cm;margin-right:0cm;margin-bottom:12.0pt;margin-left:114.0pt;text-indent:-42.0pt;mso-list:l1 level1 lfo6"><![if !supportLists]><span style="font-size:10.0pt;font-family:"Calibri","sans-serif""><span style="mso-list:Ignore">-<span style="font:7.0pt "Times New Roman"">           </span></span></span><![endif]><span style="font-size:10.0pt;font-family:"Courier New"">Wondering about the wording here:<br>“If the user_id is present in both the User Questioning Request and the Access Token, an error is raised.”<br>If the access token is “SlAV32hkKG” does this cover the “present in” wording?<br>How about: “If the user_id is present but the Access Token is bound to a user then the user_id and the sub associated with the Access Token MUST be identical”. (Not replacing user_id by sub in this for now. I think the parameter “user_id” should be replaced by “sub” and a reachability parameter)<o:p></o:p></span></pre>
<p class="MsoPlainText" style="margin-left:114.0pt;text-indent:-42.0pt;mso-list:l1 level1 lfo6">
<![if !supportLists]><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:red"><span style="mso-list:Ignore">-<span style="font:7.0pt "Times New Roman"">                         
</span></span></span><![endif]><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:red">[NAY] If the identifiers are identical, one is useless. The spec states that the Client has to choose to identify the user thanks to either the AT or
 the user_id, but not both. <o:p></o:p></span></p>
<p class="MsoPlainText" style="margin-left:114.0pt"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:red"><o:p> </o:p></span></p>
<p class="MsoPlainText"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif"">Regarding 4.1.3 Successful Response<o:p></o:p></span></p>
<p class="MsoPlainText" style="margin-left:114.0pt;text-indent:-42.0pt;mso-list:l1 level1 lfo6">
<![if !supportLists]><span style="font-size:11.0pt;font-family:"Calibri","sans-serif""><span style="mso-list:Ignore">-<span style="font:7.0pt "Times New Roman"">                         
</span></span></span><![endif]><span style="font-size:11.0pt;font-family:"Calibri","sans-serif"">I am not sure whether transporting the polling URL in the Location header.<o:p></o:p></span></p>
<p class="MsoPlainText" style="margin-left:114.0pt;text-indent:-42.0pt;mso-list:l1 level1 lfo6">
<![if !supportLists]><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:red"><span style="mso-list:Ignore">-<span style="font:7.0pt "Times New Roman"">                         
</span></span></span><![endif]><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:red">[NAY] OK, draft modified (JSON is used)<o:p></o:p></span></p>
<p class="MsoPlainText"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoPlainText" style="margin-left:114.0pt;text-indent:-42.0pt;mso-list:l1 level1 lfo6">
<![if !supportLists]><span style="font-size:11.0pt;font-family:"Calibri","sans-serif""><span style="mso-list:Ignore">-<span style="font:7.0pt "Times New Roman"">                         
</span></span></span><![endif]><span style="font-size:11.0pt;font-family:"Calibri","sans-serif"">I am not sure whether the polling location should be dynamic.<br>
Being dynamic has advantages because it can be dynamic based on client and/or question and/or server load etc…<o:p></o:p></span></p>
<p class="MsoPlainText" style="margin-left:114.0pt;text-indent:-42.0pt;mso-list:l1 level1 lfo6">
<![if !supportLists]><span style="font-size:11.0pt;font-family:"Calibri","sans-serif""><span style="mso-list:Ignore">-<span style="font:7.0pt "Times New Roman"">                         
</span></span></span><![endif]><span style="font-size:11.0pt;font-family:"Calibri","sans-serif"">Being dynamic has the disadvantage that the Client has to decide at polling time whether some policy might forbid it to talk to the polling endpoint.<o:p></o:p></span></p>
<p class="MsoPlainText" style="margin-left:114.0pt;text-indent:-42.0pt;mso-list:l1 level1 lfo6">
<![if !supportLists]><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:red"><span style="mso-list:Ignore">-<span style="font:7.0pt "Times New Roman"">                         
</span></span></span><![endif]><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:red">[NAY] It a pending discussion<o:p></o:p></span></p>
<p class="MsoPlainText"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoPlainText"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"><o:p> </o:p></span></p>
<pre><span style="font-size:10.0pt;font-family:"Courier New"">The example does not contain a JSON structure! Should this read like this:<br>HTTP/1.1 200 OK<o:p></o:p></span></pre>
<p class="MsoNormal"><a name="draft-user-questioning-api.xml-750"></a><span style="font-size:10.0pt;font-family:"Courier New"">{  “Location”: “<a href="https://server.example.com/questions_polling/984dcc7d3d4d4b0f9f8022e344f9">https://server.example.com/questions_polling/984dcc7d3d4d4b0f9f8022e344f9</a>”,<o:p></o:p></span></p>
<p class="MsoNormal"><a name="draft-user-questioning-api.xml-751"></a><span style="font-size:10.0pt;font-family:"Courier New"">   “Question_id”: “984dcc7d3d4d4b0f9f8022e344f9”<br>
}<o:p></o:p></span></p>
<p class="MsoPlainText" style="margin-left:114.0pt;text-indent:-42.0pt;mso-list:l1 level1 lfo6">
<![if !supportLists]><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:red"><span style="mso-list:Ignore">-<span style="font:7.0pt "Times New Roman"">                         
</span></span></span><![endif]><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:red">[NAY] OK, draft modified (JSON is used)<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Courier New""><o:p> </o:p></span></p>
<p class="MsoPlainText"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif"">Regarding 4.1.4 Error Response:<o:p></o:p></span></p>
<p class="MsoPlainText"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif"">Why is this different to OAuth2 Section 5.2 Error Response?<o:p></o:p></span></p>
<p class="MsoPlainText"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif""><a href="https://tools.ietf.org/html/rfc6749#page-45">https://tools.ietf.org/html/rfc6749#page-45</a><o:p></o:p></span></p>
<p class="MsoPlainText" style="margin-left:114.0pt;text-indent:-42.0pt;mso-list:l2 level1 lfo4">
<![if !supportLists]><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:red"><span style="mso-list:Ignore">-<span style="font:7.0pt "Times New Roman"">                         
</span></span></span><![endif]><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:red">[NAY] It detailed in §5 that uses the same structure as OAuth. The way the structure (error_info) is transmitted depends on the endpoint (400 or POST)<o:p></o:p></span></p>
<p class="MsoPlainText"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoPlainText"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif"">Regarding 4.3.2 Error Response<o:p></o:p></span></p>
<p class="MsoPlainText"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif"">Like 4.1.4 make this look more like OAuth2 Section 5.2 Error Response?<o:p></o:p></span></p>
<p class="MsoPlainText" style="margin-left:114.0pt;text-indent:-42.0pt;mso-list:l2 level1 lfo4">
<![if !supportLists]><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:red"><span style="mso-list:Ignore">-<span style="font:7.0pt "Times New Roman"">                         
</span></span></span><![endif]><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:red">[NAY] It detailed in §5 that uses the same structure as OAuth. The way the structure (error_info) is transmitted depends on the endpoint (400 or POST)<o:p></o:p></span></p>
<p class="MsoPlainText"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoPlainText"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif"">Regarding 6.1 Implementation of questioning methods<o:p></o:p></span></p>
<p class="MsoPlainText" style="margin-left:114.0pt;text-indent:-42.0pt;mso-list:l1 level1 lfo6">
<![if !supportLists]><span style="font-size:11.0pt;font-family:"Calibri","sans-serif""><span style="mso-list:Ignore">-<span style="font:7.0pt "Times New Roman"">                         
</span></span></span><![endif]><span style="font-size:11.0pt;font-family:"Calibri","sans-serif"">Change headline to headline style (Capitalized Words)<o:p></o:p></span></p>
<p class="MsoPlainText" style="margin-left:114.0pt;text-indent:-42.0pt;mso-list:l1 level1 lfo6">
<![if !supportLists]><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:red"><span style="mso-list:Ignore">-<span style="font:7.0pt "Times New Roman"">                         
</span></span></span><![endif]><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:red">[NAY] I did not understand the comment<o:p></o:p></span></p>
<p class="MsoPlainText"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoPlainText" style="margin-left:114.0pt;text-indent:-42.0pt;mso-list:l1 level1 lfo6">
<![if !supportLists]><span style="font-size:11.0pt;font-family:"Calibri","sans-serif""><span style="mso-list:Ignore">-<span style="font:7.0pt "Times New Roman"">                         
</span></span></span><![endif]><span style="font-size:11.0pt;font-family:"Calibri","sans-serif"">Add supported AMR and ACR etc to discovery.<br>
“To prevent these errors, it can inform the Clients of its limitation and limit the possible questions or statements.”<o:p></o:p></span></p>
<p class="MsoPlainText" style="margin-left:114.0pt;text-indent:-42.0pt;mso-list:l1 level1 lfo6">
<![if !supportLists]><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:red"><span style="mso-list:Ignore">-<span style="font:7.0pt "Times New Roman"">                         
</span></span></span><![endif]><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:red">[NAY] OK, draft modified (amr_list, acr_list)<o:p></o:p></span></p>
<p class="MsoPlainText" style="margin-left:114.0pt;text-indent:-42.0pt;mso-list:l1 level1 lfo6">
<![if !supportLists]><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:red"><span style="mso-list:Ignore">-<span style="font:7.0pt "Times New Roman"">                         
</span></span></span><![endif]><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:red">[NAY] Would you add ‘displayed_question_length’, ‘displayed_statement_length’, ‘displayed_statement_number’ in discovery ?<o:p></o:p></span></p>
<p class="MsoPlainText"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif""><o:p> </o:p></span></p>
<p class="MsoPlainText"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif""><o:p> </o:p></span></p>
<p class="MsoPlainText"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif"">Have to go now – So stopped reviewing for now before section 7 Security Considerations.<o:p></o:p></span></p>
<p class="MsoPlainText"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif""><o:p> </o:p></span></p>
<p class="MsoPlainText"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif"">Cheers<o:p></o:p></span></p>
<p class="MsoPlainText"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif"">Axel<o:p></o:p></span></p>
<p class="MsoPlainText"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif""><o:p> </o:p></span></p>
<p class="MsoPlainText"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif""><o:p> </o:p></span></p>
<p class="MsoPlainText"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif""><o:p> </o:p></span></p>
<p class="MsoPlainText"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif""><o:p> </o:p></span></p>
<p class="MsoPlainText"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif"">From: Openid-specs-mobile-profile [<a href="mailto:openid-specs-mobile-profile-bounces@lists.openid.net">mailto:openid-specs-mobile-profile-bounces@lists.openid.net</a>]
 On Behalf Of <a href="mailto:philippe.clement@orange.com">philippe.clement@orange.com</a><o:p></o:p></span></p>
<p class="MsoPlainText"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif"">Sent: Wednesday, November 16, 2016 6:07 PM<o:p></o:p></span></p>
<p class="MsoPlainText"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif"">To: Lodderstedt, Torsten;
<a href="mailto:openid-specs-mobile-profile@lists.openid.net">openid-specs-mobile-profile@lists.openid.net</a><o:p></o:p></span></p>
<p class="MsoPlainText"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif"">Subject: [Openid-specs-mobile-profile] minutes of MODRNA WG Call Nov 16th 2016<o:p></o:p></span></p>
<p class="MsoPlainText"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif""><o:p> </o:p></span></p>
<p class="MsoPlainText"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif"">Please find below the preliminary notes of the call.
<o:p></o:p></span></p>
<p class="MsoPlainText"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif"">Should you detect any error or misunderstanding, please let me know.<o:p></o:p></span></p>
<p class="MsoPlainText"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif""> <o:p></o:p></span></p>
<p class="MsoPlainText"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif"">Participants : John, Axel, Bjorn, Charles, Torsten, Joerg<o:p></o:p></span></p>
<p class="MsoPlainText"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif""> <o:p></o:p></span></p>
<p class="MsoPlainText"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif"">Agenda :<o:p></o:p></span></p>
<p class="MsoPlainText"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif""> <o:p></o:p></span></p>
<p class="MsoPlainText"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif"">• Review UQ specs<o:p></o:p></span></p>
<p class="MsoPlainText"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif"">• Review SIBA specs<o:p></o:p></span></p>
<p class="MsoPlainText"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif"">• Next workshop<o:p></o:p></span></p>
<p class="MsoPlainText"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif""> <o:p></o:p></span></p>
<p class="MsoPlainText"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif"">Discussion :<o:p></o:p></span></p>
<p class="MsoPlainText"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif"">User Questionning<o:p></o:p></span></p>
<p class="MsoPlainText"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif"">A new draft has been released by Orange, following questions/remarks from Torsten<o:p></o:p></span></p>
<p class="MsoPlainText"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif"">Axel and Bjorn volunteer to review the UQ draft specs.
<o:p></o:p></span></p>
<p class="MsoPlainText"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif"">Torsten to send a reminder to the list for reviewing, before entering the implementers draft process.<o:p></o:p></span></p>
<p class="MsoPlainText"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif"">A proposal is made for OIF to present a status update of UQ work at the next PET GSMA meeting (end of November). Orange will help to draft this presentation. PET chairman
 to be contacted for insertion into the agenda.  <o:p></o:p></span></p>
<p class="MsoPlainText"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif""> <o:p></o:p></span></p>
<p class="MsoPlainText"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif"">SIBA<o:p></o:p></span></p>
<p class="MsoPlainText"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif"">Questions about the context parameter that shows up in the specs. Discussions in Paris had only stated a use for the binding message to interlock devices. Recommendation
 from the call is to remove this parameter. <o:p></o:p></span></p>
<p class="MsoPlainText"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif"">Charles volunteers to post comments on SIBA specs, other comments are awaited from the list.<o:p></o:p></span></p>
<p class="MsoPlainText"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif"">Mentionning the Use Cases in SIBA specs is requested to understand some choices in the specs, and will avoid any duplication with User Questionning.<o:p></o:p></span></p>
<p class="MsoPlainText"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif""> <o:p></o:p></span></p>
<p class="MsoPlainText"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif"">Idea of merging some parts of SIBA and UQ are set on the table, but draft specs should be more mature.<o:p></o:p></span></p>
<p class="MsoPlainText"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif""> <o:p></o:p></span></p>
<p class="MsoPlainText"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif"">Next workshop<o:p></o:p></span></p>
<p class="MsoPlainText"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif"">For information, John should be in London January 18 and 19th, to take into consideration.<o:p></o:p></span></p>
<p class="MsoPlainText"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif""> <o:p></o:p></span></p>
<p class="MsoPlainText"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif"">AOB: push style<o:p></o:p></span></p>
<p class="MsoPlainText"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif"">Discussion occurs on OAuth list regarding push style for the device flow.<o:p></o:p></span></p>
<p class="MsoPlainText"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif"">Some arguments are presented to balance push vs pull approach, for UQ.<o:p></o:p></span></p>
<p class="MsoPlainText"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif"">• Complexity for the RP to implement 2 solutions<o:p></o:p></span></p>
<p class="MsoPlainText"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif"">• Resource optimization from an OP side<o:p></o:p></span></p>
<p class="MsoPlainText"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif"">• Number of requests per second<o:p></o:p></span></p>
<p class="MsoPlainText"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif"">• Delay for the user to answer the question (seconds, minutes ?)<o:p></o:p></span></p>
<p class="MsoPlainText"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif"">Discussion to be continued on the list through the specs<o:p></o:p></span></p>
<p class="MsoPlainText"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif""> <o:p></o:p></span></p>
<p class="MsoPlainText"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif"">Best regards,<o:p></o:p></span></p>
<p class="MsoPlainText"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif"">Philippe<o:p></o:p></span></p>
<p class="MsoPlainText"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif""> <o:p></o:p></span></p>
<p class="MsoPlainText"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif"">_________________________________________________________________________________________________________________________<o:p></o:p></span></p>
<p class="MsoPlainText"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif""><o:p> </o:p></span></p>
<p class="MsoPlainText"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif"">Ce message et ses pieces jointes peuvent contenir des informations confidentielles ou privilegiees et ne doivent donc<o:p></o:p></span></p>
<p class="MsoPlainText"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif"">pas etre diffuses, exploites ou copies sans autorisation. Si vous avez recu ce message par erreur, veuillez le signaler<o:p></o:p></span></p>
<p class="MsoPlainText"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif"">a l'expediteur et le detruire ainsi que les pieces jointes. Les messages electroniques etant susceptibles d'alteration,<o:p></o:p></span></p>
<p class="MsoPlainText"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif"">Orange decline toute responsabilite si ce message a ete altere, deforme ou falsifie. Merci.<o:p></o:p></span></p>
<p class="MsoPlainText"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif""><o:p> </o:p></span></p>
<p class="MsoPlainText"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif"">This message and its attachments may contain confidential or privileged information that may be protected by law;<o:p></o:p></span></p>
<p class="MsoPlainText"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif"">they should not be distributed, used or copied without authorisation.<o:p></o:p></span></p>
<p class="MsoPlainText"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif"">If you have received this email in error, please notify the sender and delete this message and its attachments.<o:p></o:p></span></p>
<p class="MsoPlainText"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif"">As emails may be altered, Orange is not liable for messages that have been modified, changed or falsified.<o:p></o:p></span></p>
<p class="MsoPlainText"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif"">Thank you.<o:p></o:p></span></p>
<pre><span lang="FR" style="font-size:10.0pt;font-family:"Courier New"">_________________________________________________________________________________________________________________________<o:p></o:p></span></pre>
<pre><span lang="FR" style="font-size:10.0pt;font-family:"Courier New""><o:p> </o:p></span></pre>
<pre><span lang="FR" style="font-size:10.0pt;font-family:"Courier New"">Ce message et ses pieces jointes peuvent contenir des informations confidentielles ou privilegiees et ne doivent donc<o:p></o:p></span></pre>
<pre><span lang="FR" style="font-size:10.0pt;font-family:"Courier New"">pas etre diffuses, exploites ou copies sans autorisation. Si vous avez recu ce message par erreur, veuillez le signaler<o:p></o:p></span></pre>
<pre><span lang="FR" style="font-size:10.0pt;font-family:"Courier New"">a l'expediteur et le detruire ainsi que les pieces jointes. Les messages electroniques etant susceptibles d'alteration,<o:p></o:p></span></pre>
<pre><span lang="FR" style="font-size:10.0pt;font-family:"Courier New"">Orange decline toute responsabilite si ce message a ete altere, deforme ou falsifie. Merci.<o:p></o:p></span></pre>
<pre><span lang="FR" style="font-size:10.0pt;font-family:"Courier New""><o:p> </o:p></span></pre>
<pre><span lang="FR" style="font-size:10.0pt;font-family:"Courier New"">This message and its attachments may contain confidential or privileged information that may be protected by law;<o:p></o:p></span></pre>
<pre><span lang="FR" style="font-size:10.0pt;font-family:"Courier New"">they should not be distributed, used or copied without authorisation.<o:p></o:p></span></pre>
<pre><span lang="FR" style="font-size:10.0pt;font-family:"Courier New"">If you have received this email in error, please notify the sender and delete this message and its attachments.<o:p></o:p></span></pre>
<pre><span lang="FR" style="font-size:10.0pt;font-family:"Courier New"">As emails may be altered, Orange is not liable for messages that have been modified, changed or falsified.<o:p></o:p></span></pre>
<pre><span lang="FR" style="font-size:10.0pt;font-family:"Courier New"">Thank you.<o:p></o:p></span></pre>
</div>
</body>
</html>