<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<meta name="Generator" content="Microsoft Word 15 (filtered medium)">
<style><!--
/* Font Definitions */
@font-face
        {font-family:Wingdings;
        panose-1:5 0 0 0 0 0 0 0 0 0;}
@font-face
        {font-family:"Cambria Math";
        panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
        {font-family:Calibri;
        panose-1:2 15 5 2 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
        {margin:0cm;
        margin-bottom:.0001pt;
        font-size:11.0pt;
        font-family:"Calibri",sans-serif;
        mso-fareast-language:EN-US;}
a:link, span.MsoHyperlink
        {mso-style-priority:99;
        color:#0563C1;
        text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
        {mso-style-priority:99;
        color:#954F72;
        text-decoration:underline;}
p.MsoListParagraph, li.MsoListParagraph, div.MsoListParagraph
        {mso-style-priority:34;
        margin-top:0cm;
        margin-right:0cm;
        margin-bottom:0cm;
        margin-left:36.0pt;
        margin-bottom:.0001pt;
        font-size:11.0pt;
        font-family:"Calibri",sans-serif;
        mso-fareast-language:EN-US;}
span.EmailStyle18
        {mso-style-type:personal;
        font-family:"Calibri",sans-serif;
        color:windowtext;}
span.EmailStyle19
        {mso-style-type:personal;
        font-family:"Calibri",sans-serif;
        color:#1F497D;}
span.EmailStyle21
        {mso-style-type:personal-reply;
        font-family:"Calibri",sans-serif;
        color:#1F497D;}
.MsoChpDefault
        {mso-style-type:export-only;
        font-size:10.0pt;}
@page WordSection1
        {size:612.0pt 792.0pt;
        margin:72.0pt 72.0pt 72.0pt 72.0pt;}
div.WordSection1
        {page:WordSection1;}
/* List Definitions */
@list l0
        {mso-list-id:87586250;
        mso-list-type:hybrid;
        mso-list-template-ids:697060752 201916417 201916419 201916421 201916417 201916419 201916421 201916417 201916419 201916421;}
@list l0:level1
        {mso-level-number-format:bullet;
        mso-level-text:\F0B7;
        mso-level-tab-stop:none;
        mso-level-number-position:left;
        text-indent:-18.0pt;
        font-family:Symbol;}
@list l0:level2
        {mso-level-number-format:bullet;
        mso-level-text:o;
        mso-level-tab-stop:none;
        mso-level-number-position:left;
        text-indent:-18.0pt;
        font-family:"Courier New";}
@list l0:level3
        {mso-level-number-format:bullet;
        mso-level-text:\F0A7;
        mso-level-tab-stop:none;
        mso-level-number-position:left;
        text-indent:-18.0pt;
        font-family:Wingdings;}
@list l0:level4
        {mso-level-number-format:bullet;
        mso-level-text:\F0B7;
        mso-level-tab-stop:none;
        mso-level-number-position:left;
        text-indent:-18.0pt;
        font-family:Symbol;}
@list l0:level5
        {mso-level-number-format:bullet;
        mso-level-text:o;
        mso-level-tab-stop:none;
        mso-level-number-position:left;
        text-indent:-18.0pt;
        font-family:"Courier New";}
@list l0:level6
        {mso-level-number-format:bullet;
        mso-level-text:\F0A7;
        mso-level-tab-stop:none;
        mso-level-number-position:left;
        text-indent:-18.0pt;
        font-family:Wingdings;}
@list l0:level7
        {mso-level-number-format:bullet;
        mso-level-text:\F0B7;
        mso-level-tab-stop:none;
        mso-level-number-position:left;
        text-indent:-18.0pt;
        font-family:Symbol;}
@list l0:level8
        {mso-level-number-format:bullet;
        mso-level-text:o;
        mso-level-tab-stop:none;
        mso-level-number-position:left;
        text-indent:-18.0pt;
        font-family:"Courier New";}
@list l0:level9
        {mso-level-number-format:bullet;
        mso-level-text:\F0A7;
        mso-level-tab-stop:none;
        mso-level-number-position:left;
        text-indent:-18.0pt;
        font-family:Wingdings;}
@list l1
        {mso-list-id:482963400;
        mso-list-type:hybrid;
        mso-list-template-ids:1197517450 201916417 201916419 201916421 201916417 201916419 201916421 201916417 201916419 201916421;}
@list l1:level1
        {mso-level-number-format:bullet;
        mso-level-text:\F0B7;
        mso-level-tab-stop:none;
        mso-level-number-position:left;
        margin-left:72.0pt;
        text-indent:-18.0pt;
        font-family:Symbol;}
@list l1:level2
        {mso-level-number-format:bullet;
        mso-level-text:o;
        mso-level-tab-stop:none;
        mso-level-number-position:left;
        margin-left:108.0pt;
        text-indent:-18.0pt;
        font-family:"Courier New";}
@list l1:level3
        {mso-level-number-format:bullet;
        mso-level-text:\F0A7;
        mso-level-tab-stop:none;
        mso-level-number-position:left;
        margin-left:144.0pt;
        text-indent:-18.0pt;
        font-family:Wingdings;}
@list l1:level4
        {mso-level-number-format:bullet;
        mso-level-text:\F0B7;
        mso-level-tab-stop:none;
        mso-level-number-position:left;
        margin-left:180.0pt;
        text-indent:-18.0pt;
        font-family:Symbol;}
@list l1:level5
        {mso-level-number-format:bullet;
        mso-level-text:o;
        mso-level-tab-stop:none;
        mso-level-number-position:left;
        margin-left:216.0pt;
        text-indent:-18.0pt;
        font-family:"Courier New";}
@list l1:level6
        {mso-level-number-format:bullet;
        mso-level-text:\F0A7;
        mso-level-tab-stop:none;
        mso-level-number-position:left;
        margin-left:252.0pt;
        text-indent:-18.0pt;
        font-family:Wingdings;}
@list l1:level7
        {mso-level-number-format:bullet;
        mso-level-text:\F0B7;
        mso-level-tab-stop:none;
        mso-level-number-position:left;
        margin-left:288.0pt;
        text-indent:-18.0pt;
        font-family:Symbol;}
@list l1:level8
        {mso-level-number-format:bullet;
        mso-level-text:o;
        mso-level-tab-stop:none;
        mso-level-number-position:left;
        margin-left:324.0pt;
        text-indent:-18.0pt;
        font-family:"Courier New";}
@list l1:level9
        {mso-level-number-format:bullet;
        mso-level-text:\F0A7;
        mso-level-tab-stop:none;
        mso-level-number-position:left;
        margin-left:360.0pt;
        text-indent:-18.0pt;
        font-family:Wingdings;}
@list l2
        {mso-list-id:1071124779;
        mso-list-type:hybrid;
        mso-list-template-ids:-1261270708 201916417 201916419 201916421 201916417 201916419 201916421 201916417 201916419 201916421;}
@list l2:level1
        {mso-level-number-format:bullet;
        mso-level-text:\F0B7;
        mso-level-tab-stop:none;
        mso-level-number-position:left;
        text-indent:-18.0pt;
        font-family:Symbol;}
@list l2:level2
        {mso-level-number-format:bullet;
        mso-level-text:o;
        mso-level-tab-stop:none;
        mso-level-number-position:left;
        text-indent:-18.0pt;
        font-family:"Courier New";}
@list l2:level3
        {mso-level-number-format:bullet;
        mso-level-text:\F0A7;
        mso-level-tab-stop:none;
        mso-level-number-position:left;
        text-indent:-18.0pt;
        font-family:Wingdings;}
@list l2:level4
        {mso-level-number-format:bullet;
        mso-level-text:\F0B7;
        mso-level-tab-stop:none;
        mso-level-number-position:left;
        text-indent:-18.0pt;
        font-family:Symbol;}
@list l2:level5
        {mso-level-number-format:bullet;
        mso-level-text:o;
        mso-level-tab-stop:none;
        mso-level-number-position:left;
        text-indent:-18.0pt;
        font-family:"Courier New";}
@list l2:level6
        {mso-level-number-format:bullet;
        mso-level-text:\F0A7;
        mso-level-tab-stop:none;
        mso-level-number-position:left;
        text-indent:-18.0pt;
        font-family:Wingdings;}
@list l2:level7
        {mso-level-number-format:bullet;
        mso-level-text:\F0B7;
        mso-level-tab-stop:none;
        mso-level-number-position:left;
        text-indent:-18.0pt;
        font-family:Symbol;}
@list l2:level8
        {mso-level-number-format:bullet;
        mso-level-text:o;
        mso-level-tab-stop:none;
        mso-level-number-position:left;
        text-indent:-18.0pt;
        font-family:"Courier New";}
@list l2:level9
        {mso-level-number-format:bullet;
        mso-level-text:\F0A7;
        mso-level-tab-stop:none;
        mso-level-number-position:left;
        text-indent:-18.0pt;
        font-family:Wingdings;}
@list l3
        {mso-list-id:1429155206;
        mso-list-type:hybrid;
        mso-list-template-ids:1751709740 1387686142 67567619 67567621 67567617 67567619 67567621 67567617 67567619 67567621;}
@list l3:level1
        {mso-level-start-at:2;
        mso-level-number-format:bullet;
        mso-level-text:-;
        mso-level-tab-stop:none;
        mso-level-number-position:left;
        text-indent:-18.0pt;
        font-family:"Calibri",sans-serif;
        mso-fareast-font-family:Calibri;
        mso-bidi-font-family:"Times New Roman";}
@list l3:level2
        {mso-level-number-format:bullet;
        mso-level-text:o;
        mso-level-tab-stop:none;
        mso-level-number-position:left;
        text-indent:-18.0pt;
        font-family:"Courier New";}
@list l3:level3
        {mso-level-tab-stop:108.0pt;
        mso-level-number-position:left;
        text-indent:-18.0pt;}
@list l3:level4
        {mso-level-tab-stop:144.0pt;
        mso-level-number-position:left;
        text-indent:-18.0pt;}
@list l3:level5
        {mso-level-tab-stop:180.0pt;
        mso-level-number-position:left;
        text-indent:-18.0pt;}
@list l3:level6
        {mso-level-tab-stop:216.0pt;
        mso-level-number-position:left;
        text-indent:-18.0pt;}
@list l3:level7
        {mso-level-tab-stop:252.0pt;
        mso-level-number-position:left;
        text-indent:-18.0pt;}
@list l3:level8
        {mso-level-tab-stop:288.0pt;
        mso-level-number-position:left;
        text-indent:-18.0pt;}
@list l3:level9
        {mso-level-tab-stop:324.0pt;
        mso-level-number-position:left;
        text-indent:-18.0pt;}
ol
        {margin-bottom:0cm;}
ul
        {margin-bottom:0cm;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang="EN-AU" link="#0563C1" vlink="#954F72">
<div class="WordSection1">
<p class="MsoNormal"><span style="color:#1F497D">Draft 04 (14 Feb 2017) of draft-account-porting has been published.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D">This is a fairly minor update from draft 03. A bigger update is required to switch to encrypting the port_token with the Old OP’s public key, instead of with a symmetric client_secret shared by Old OP & New OP.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal">Xml: draft-account-porting.xml in <a href="https://bitbucket.org/openid/mobile/src">
https://bitbucket.org/openid/mobile/src</a><o:p></o:p></p>
<p class="MsoNormal">Web: <a href="https://id.cto.telstra.com/2016/openid/draft-account-porting.html">
https://id.cto.telstra.com/2016/openid/draft-account-porting.html</a><o:p></o:p></p>
<p class="MsoNormal"><span style="color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D">Changes:<o:p></o:p></span></p>
<p class="MsoListParagraph" style="text-indent:-18.0pt;mso-list:l0 level1 lfo5"><![if !supportLists]><span style="font-family:Symbol;color:#1F497D"><span style="mso-list:Ignore"><span style="font:7.0pt "Times New Roman"">        
</span></span></span><![endif]><span style="color:#1F497D">Promoted “Encrypting "port_token"” from a sub-section to its own section<o:p></o:p></span></p>
<p class="MsoListParagraph" style="text-indent:-18.0pt;mso-list:l0 level1 lfo5"><![if !supportLists]><span style="font-family:Symbol;color:#1F497D"><span style="mso-list:Ignore"><span style="font:7.0pt "Times New Roman"">        
</span></span></span><![endif]><span style="color:#1F497D">Clarified text to addresses Torsten’s comments<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D">Specific responses to feedback are provided inline below.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D">--<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D">James Manger<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"><o:p> </o:p></span></p>
<div>
<div style="border:none;border-top:solid #E1E1E1 1.0pt;padding:3.0pt 0cm 0cm 0cm">
<p class="MsoNormal"><b><span lang="EN-US" style="mso-fareast-language:EN-AU">From:</span></b><span lang="EN-US" style="mso-fareast-language:EN-AU"> Torsten.Lodderstedt@telekom.de [mailto:Torsten.Lodderstedt@telekom.de]
<br>
<b>Sent:</b> Friday, 18 November 2016 10:22 PM<br>
<b>To:</b> Manger, James <James.H.Manger@team.telstra.com>; openid-specs-mobile-profile@lists.openid.net<br>
<b>Subject:</b> AW: Account porting draft 03<o:p></o:p></span></p>
</div>
</div>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal"><span lang="EN-US" style="color:#1F497D">Hi James,<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="color:#1F497D">thanks a lot for bringing account porting forward. The draft reads very well!<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="color:#1F497D">Here are my comments:<o:p></o:p></span></p>
<p class="MsoListParagraph" style="text-indent:-18.0pt;mso-list:l3 level1 lfo2"><![if !supportLists]><span lang="EN-US" style="color:#1F497D"><span style="mso-list:Ignore">-<span style="font:7.0pt "Times New Roman"">         
</span></span></span><![endif]><span lang="EN-US" style="color:#1F497D">Abstract<o:p></o:p></span></p>
<p class="MsoListParagraph" style="margin-left:72.0pt;text-indent:-18.0pt;mso-list:l3 level2 lfo2">
<![if !supportLists]><span lang="EN-US" style="font-family:"Courier New";color:#1F497D"><span style="mso-list:Ignore">o<span style="font:7.0pt "Times New Roman"">  
</span></span></span><![endif]><span lang="EN-US" style="color:#1F497D">“This specification defines mechanisms to support a user porting from one OpenID Connect Provider to another”. I would suggest to modify it to “This specification defines mechanisms to
 support a user porting her <b>user account</b> from one OpenID Connect Provider to another”. This would support a clear distinction between the user herself and her account with a certain OP.<o:p></o:p></span></p>
<p class="MsoListParagraph" style="margin-left:72.0pt;text-indent:-18.0pt;mso-list:l3 level2 lfo2">
<![if !supportLists]><span lang="EN-US" style="font-family:"Courier New";color:#1F497D"><span style="mso-list:Ignore">o<span style="font:7.0pt "Times New Roman"">  
</span></span></span><![endif]><span lang="EN-US" style="color:#1F497D">Consequently, I would also prefer to use the term “user account” throughout the document where appropriate.<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="color:red">NOT DONE. Porting a “user account” isn’t quite correct as a user has separate accounts at the Old OP and New OP (and RPs). We are really creating links between accounts, as opposed to moving an account.<o:p></o:p></span></p>
<p class="MsoListParagraph" style="text-indent:-18.0pt;mso-list:l3 level1 lfo2"><![if !supportLists]><span lang="EN-US" style="color:#1F497D"><span style="mso-list:Ignore">-<span style="font:7.0pt "Times New Roman"">         
</span></span></span><![endif]><span lang="EN-US" style="color:#1F497D">Section 3<o:p></o:p></span></p>
<p class="MsoListParagraph" style="margin-left:72.0pt;text-indent:-18.0pt;mso-list:l3 level2 lfo2">
<![if !supportLists]><span lang="EN-US" style="font-family:"Courier New";color:#1F497D"><span style="mso-list:Ignore">o<span style="font:7.0pt "Times New Roman"">  
</span></span></span><![endif]><span lang="EN-US" style="color:#1F497D">“An Old OP will generally know via other processes when and to whom a user is porting.”. That might be true in the case of a mobile operator but not in the general case of an OpenId OP.
 Moreover, an user might be unable to port her MSISDN but interested to port her login data. I would therefore suggest to modify the text along the following lines “In some cases (such as mobile phone number porting from one MNO to another) the OP knows about
 an ongoing porting process.”<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:red">Done</span><span lang="EN-US" style="color:red"><o:p></o:p></span></p>
<p class="MsoListParagraph" style="text-indent:-18.0pt;mso-list:l3 level1 lfo2"><![if !supportLists]><span lang="EN-US" style="color:#1F497D"><span style="mso-list:Ignore">-<span style="font:7.0pt "Times New Roman"">         
</span></span></span><![endif]><span lang="EN-US" style="color:#1F497D">Section 4.1<o:p></o:p></span></p>
<p class="MsoListParagraph" style="margin-left:72.0pt;text-indent:-18.0pt;mso-list:l3 level2 lfo2">
<![if !supportLists]><span lang="EN-US" style="font-family:"Courier New";color:#1F497D"><span style="mso-list:Ignore">o<span style="font:7.0pt "Times New Roman"">  
</span></span></span><![endif]><span lang="EN-US" style="color:#1F497D">I have to admit I’m not sure whether the porting token is always encrypted. Could you please clarify this?<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="color:red">Done. The section (now 4) starts by saying “ "port_token" value received by a New OP is encrypted to create an "enc_port_token" value, which is passed to an RP, then back to the Old OP”.<o:p></o:p></span></p>
<p class="MsoListParagraph" style="margin-left:72.0pt;text-indent:-18.0pt;mso-list:l3 level2 lfo2">
<![if !supportLists]><span lang="EN-US" style="font-family:"Courier New";color:#1F497D"><span style="mso-list:Ignore">o<span style="font:7.0pt "Times New Roman"">  
</span></span></span><![endif]><span lang="EN-US" style="color:#1F497D">I’m still not happy with always using the client secret (or a derivate of it) to encrypt the porting token. In my opinion, this facilitates use of shared secrets for client authentication,
 which we should get rid of. I know we do not directly say that, but I have heard the craziest excuses for people doing weird things in my live. I suggest to at least add asymmetric encryption using the OP’s public key. 
<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="color:red">PENDING<o:p></o:p></span></p>
<p class="MsoListParagraph" style="text-indent:-18.0pt;mso-list:l3 level1 lfo2"><![if !supportLists]><span lang="EN-US" style="color:#1F497D"><span style="mso-list:Ignore">-<span style="font:7.0pt "Times New Roman"">         
</span></span></span><![endif]><span lang="EN-US" style="color:#1F497D">Section 5<o:p></o:p></span></p>
<p class="MsoListParagraph" style="margin-left:72.0pt;text-indent:-18.0pt;mso-list:l3 level2 lfo2">
<![if !supportLists]><span lang="EN-US" style="font-family:"Courier New";color:#1F497D"><span style="mso-list:Ignore">o<span style="font:7.0pt "Times New Roman"">  
</span></span></span><![endif]><span lang="EN-US" style="color:#1F497D">“Access to the Porting check API requires authentication of the RP.” I suggest to add some text explaining the basic idea, something like “The RP uses the same client_id towards the old
 OP it also uses for the regular OpenId Connect authentication process. This way the old OP is able to collute those interactions and to apply the same client policy (including the respective user id policy).”<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="color:red">Done<o:p></o:p></span></p>
<p class="MsoListParagraph" style="margin-left:72.0pt;text-indent:-18.0pt;mso-list:l3 level2 lfo2">
<![if !supportLists]><span lang="EN-US" style="font-family:"Courier New";color:#1F497D"><span style="mso-list:Ignore">o<span style="font:7.0pt "Times New Roman"">  
</span></span></span><![endif]><span lang="EN-US" style="color:#1F497D">“The Old OP MUST include the "remove" member when "sub" is present.”. You assume there are case where no sub is included in the port check response? When shall this happen and could you
 state this more explicit?<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="color:red">Done. Description of “sub” member says “This member MAY be absent if the Old OP knows the user never logged in to this RP”.<o:p></o:p></span></p>
<p class="MsoListParagraph" style="text-indent:-18.0pt;mso-list:l3 level1 lfo2"><![if !supportLists]><span lang="EN-US" style="color:#1F497D"><span style="mso-list:Ignore">-<span style="font:7.0pt "Times New Roman"">         
</span></span></span><![endif]><span lang="EN-US" style="color:#1F497D">Section 6<o:p></o:p></span></p>
<p class="MsoListParagraph" style="margin-left:72.0pt;text-indent:-18.0pt;mso-list:l3 level2 lfo2">
<![if !supportLists]><span lang="EN-US" style="font-family:"Courier New";color:#1F497D"><span style="mso-list:Ignore">o<span style="font:7.0pt "Times New Roman"">  
</span></span></span><![endif]><span lang="EN-US" style="color:#1F497D">“The New OP to whom the user ported is not identified in the error response for privacy reasons.” I think there are security reasons as well. The old OP could try to misguide the RP.<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="color:#1F497D">best regards,<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="color:#1F497D">Torsten.<o:p></o:p></span></p>
</div>
</body>
</html>