[Openid-specs-risc] subscription/enrolment - why do we need a receiver API for it?

Hardt, Dick dick at amazon.com
Sun Feb 19 23:16:07 UTC 2017

I expect to let users opt out of sharing. I can envision giving the user an option to decline security event sharing when federating.

We will need a standard API to subscribe subjects when we are not federating. The amazon.com use case where we are sharing security events based on email address.


On 2/18/17, 3:34 PM, someone claiming to be "Phil Hunt" <phil.hunt at oracle.com<mailto:phil.hunt at oracle.com>> wrote:

More importantly, I have not heard a case where users would be allowed to decline security event sharing and still consent to federation.

The consent we've talked about is part of legal terms in the explicit dialog or of service provider TOS when users supply a foreign recovery email.

If that is the case I am not sure we need to have a standard api for registration of subscriber subjects.


On Feb 18, 2017, at 12:04 PM, Hardt, Dick <dick at amazon.com<mailto:dick at amazon.com>> wrote:
Good question

When Adam was labeling the implicit and explicit RPs, I originally thought the implicit was the OAuth flow as there was an implicit subscription by the RP of RISC events.

-- Dick

On Feb 18, 2017, at 8:55 AM, Phil Hunt <phil.hunt at oracle.com<mailto:phil.hunt at oracle.com>> wrote:
A few questions following Thursday’s F2F…

Is there ever a time in RISC where a user who has chosen to federate would not be added to the stream between providers?  And if so, doesn’t the IDP already know this? Why wouldn’t an IDP who is a transmitter just do this automatically?

Why wouldn’t an IDP just put a subject, who has consented to federation, in the event list for an audience automatically?

What purpose does it serve to have the receiver call back to register the subject if the receiver has already agreed to an event stream?


Oracle Corporation, Identity Cloud Services & Identity Standards
phil.hunt at oracle.com<mailto:phil.hunt at oracle.com>

Openid-specs-risc mailing list
Openid-specs-risc at lists.openid.net<mailto:Openid-specs-risc at lists.openid.net>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-risc/attachments/20170219/7e6e2d4b/attachment.html>

More information about the Openid-specs-risc mailing list