[Openid-specs-risc] RISC Profile

Mike Jones Michael.Jones at microsoft.com
Thu Sep 14 10:50:51 UTC 2017


Yes – please remove the IETF legal language and add the OpenID copyright statement. See the .XML source for any of the OpenID specs for how to do this. I’m sending this from a phone, but I know you need to include something like ipr=none to remove the IETF legal language.

For instance, you can pull the appropriate copyright statement from http://openid.net/specs/openid-connect-frontchannel-1_0.xml.

– Mike

From: Phil Hunt (IDM) via Openid-specs-risc<mailto:openid-specs-risc at lists.openid.net>
Sent: Wednesday, September 13, 2017 11:34 PM
To: Marius Scurtescu<mailto:mscurtescu at google.com>
Cc: secevemt at ve7jtb.com<mailto:secevemt at ve7jtb.com>; openid-specs-risc at lists.openid.net<mailto:openid-specs-risc at lists.openid.net>
Subject: Re: [Openid-specs-risc] RISC Profile

I would check with Mike and John. Typically you don't rev specs except for errata.

If you define new events you typically define new specs.

That said, OIDF may have more flexibility for versioning.

The issue becomes compliance. When someone implements what do they support?

Specifically for risc, to distinguish new events defs from old, use versioning or different uris for the events uri. Think about how versioning the draft might change or not change the event family uri.

Consider what are new definitions for old events vs what are just new events.

Phil

On Sep 13, 2017, at 2:14 PM, Marius Scurtescu <mscurtescu at google.com<mailto:mscurtescu at google.com>> wrote:

On Wed, Sep 13, 2017 at 9:56 AM, Richard Backman, Annabelle <richanna at amazon.com<mailto:richanna at amazon.com>> wrote:
Marius,

Why do you expect the events document will change? Is your concern that new RISC events will be introduced over time, and the document will be updated to include those?

Yes.


Updating the original document like that may lead to confusion over what it means for a service to say it “supports RISC”.

Exactly.



--
Annabelle Richard Backman
Identity Services


From: "Phil Hunt (IDM)" <phil.hunt at oracle.com<mailto:phil.hunt at oracle.com>>
Date: Tuesday, September 12, 2017 at 7:08 PM
To: Marius Scurtescu <mscurtescu at google.com<mailto:mscurtescu at google.com>>
Cc: "Richard Backman, Annabelle" <richanna at amazon.com<mailto:richanna at amazon.com>>, "openid-specs-risc at lists.openid.net<mailto:openid-specs-risc at lists.openid.net>" <openid-specs-risc at lists.openid.net<mailto:openid-specs-risc at lists.openid.net>>, "secevemt at ve7jtb.com<mailto:secevemt at ve7jtb.com>" <secevemt at ve7jtb.com<mailto:secevemt at ve7jtb.com>>
Subject: Re: RISC Profile

Oidf has its own publication process and template. Let me know if you need a copy. It uses the older xml2rfc converter.

The life cycles are the same so i would just keep everything in one risc doc unless there is a good information or technical reason to separate (other then doc mgmt).

The IETF would not be a good place for the spec because most cases (at least the explicit cases) stem from OIDC use cases.

The only reason it might be worth discussing at IETF is the implicit cases. That could be done as a new charter in Secevents.  But i think openid is fine unless this is something you feel all email providers need to consider supporting RISC.

Phil

On Sep 12, 2017, at 5:26 PM, Marius Scurtescu <mscurtescu at google.com<mailto:mscurtescu at google.com>> wrote:
I think the RISC profile should be published as an OpenID standard, and not under IETF.

I was planning to create a separate document for the event types. The reasoning was that event types will change more frequent and a separate document makes more sense. Let me know who would like to be an author and I will create the skeleton again in a couple of days.

Marius

On Tue, Sep 12, 2017 at 5:16 PM, Richard Backman, Annabelle <richanna at amazon.com<mailto:richanna at amazon.com>> wrote:
Thanks, Marius!

Two questions:

  1.  Is the intention to publish RISC as RFCs through IETF? Or is it just a convenient organizing structure for now?
  2.  Will the RISC event types be defined in this document, or in a separate document? I recall us talking about this in one of our F2Fs but I cannot remember the outcome. I do recall arguing that events defined in the future should be defined in separate documents.

--
Annabelle Richard Backman
Identity Services


From: Marius Scurtescu <mscurtescu at google.com<mailto:mscurtescu at google.com>>
Date: Saturday, September 9, 2017 at 9:18 PM
To: "openid-specs-risc at lists.openid.net<mailto:openid-specs-risc at lists.openid.net>" <openid-specs-risc at lists.openid.net<mailto:openid-specs-risc at lists.openid.net>>
Cc: Phillip Hunt <phil.hunt at oracle.com<mailto:phil.hunt at oracle.com>>, "Richard Backman, Annabelle" <richanna at amazon.com<mailto:richanna at amazon.com>>, "secevemt at ve7jtb.com<mailto:secevemt at ve7jtb.com>" <secevemt at ve7jtb.com<mailto:secevemt at ve7jtb.com>>
Subject: RISC Profile

The initial skeleton at:
https://bitbucket.org/openid/risc<https://urldefense.proofpoint.com/v2/url?u=https-3A__bitbucket.org_openid_risc&d=DwMFaQ&c=RoP1YumCXCgaWHvlZYR8PQcxBKCX5YTpkKY057SbK10&r=JBm5biRrKugCH0FkITSeGJxPEivzjWwlNKe4C_lLIGk&m=fGVjqygzih2rKAgh_tG96wuTq4FTaObaVe4DMSRcV7k&s=2dWBwy-kCe-JQKTc53o3n76H7RYTu1YQk0YJ0whUKR8&e=>

Marius


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-risc/attachments/20170914/b1873bc1/attachment-0001.html>


More information about the Openid-specs-risc mailing list