<div dir="ltr"><div class="gmail_extra"><div class="gmail_quote">On Tue, Apr 18, 2017 at 3:33 PM, Mike Jones <span dir="ltr"><<a href="mailto:Michael.Jones@microsoft.com" target="_blank" class="cremed">Michael.Jones@microsoft.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">





<div lang="EN-US" link="blue" vlink="purple">
<div class="m_-1205405210142103466WordSection1">
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#002060">I meant “event” to designate a SET definition, “risc” to designate the (optional) working group name, “<a href="http://schemas.openid.net" target="_blank" class="cremed">http://schemas.openid.net</a>” root the name in an OpenID namespace,
 and “account-deleted” to be the WG-specific event name.<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#002060"><u></u> <u></u></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#002060">Having both “secevent” and “event” is redundant.</span></p></div></div></blockquote><div><br></div><div>"event" is there to make it clear that this is about an event type, there could be other URIs needed than event types.</div><div> </div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div lang="EN-US" link="blue" vlink="purple"><div class="m_-1205405210142103466WordSection1"><p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#002060"><u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#002060"><u></u> <u></u></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#002060">                              <wbr>                              <wbr>    -- Mike<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#002060"><u></u> <u></u></span></p>
<p class="MsoNormal"><b><span style="font-size:11.0pt;font-family:"Calibri",sans-serif">From:</span></b><span style="font-size:11.0pt;font-family:"Calibri",sans-serif"> Marius Scurtescu [mailto:<a href="mailto:mscurtescu@google.com" target="_blank" class="cremed">mscurtescu@google.com</a>]
<br>
<b>Sent:</b> Tuesday, April 18, 2017 3:31 PM<br>
<b>To:</b> Mike Jones <<a href="mailto:Michael.Jones@microsoft.com" target="_blank" class="cremed">Michael.Jones@microsoft.com</a>><br>
<b>Cc:</b> Hardt, Dick <<a href="mailto:dick@amazon.com" target="_blank" class="cremed">dick@amazon.com</a>>; Phil Hunt <<a href="mailto:phil.hunt@oracle.com" target="_blank" class="cremed">phil.hunt@oracle.com</a>>; <a href="mailto:openid-specs-risc@lists.openid.net" target="_blank" class="cremed">openid-specs-risc@lists.<wbr>openid.net</a></span></p><div><div class="h5"><br>
<b>Subject:</b> Re: [Openid-specs-risc] RISC event URIs<u></u><u></u></div></div><p></p><div><div class="h5">
<p class="MsoNormal"><u></u> <u></u></p>
<div>
<p class="MsoNormal">Hm, maybe you meant "event" to be the working group name, and not short for "event type" (which I had in mind).<u></u><u></u></p>
<div>
<p class="MsoNormal"><u></u> <u></u></p>
</div>
<div>
<p class="MsoNormal">If so, then maybe we should use "secevent":<u></u><u></u></p>
</div>
<div>
<div>
<p class="MsoNormal"><a href="http://schemas.openid.net/secevent/risc/event/account-deleted" target="_blank" class="cremed">http://schemas.openid.net/<wbr>secevent/risc/event/account-<wbr>deleted</a><u></u><u></u></p>
</div>
</div>
<div>
<p class="MsoNormal"><u></u> <u></u></p>
</div>
</div>
<div>
<p class="MsoNormal"><br clear="all">
<u></u><u></u></p>
<div>
<div>
<p class="MsoNormal">Marius<u></u><u></u></p>
</div>
</div>
<p class="MsoNormal"><u></u> <u></u></p>
<div>
<p class="MsoNormal">On Tue, Apr 18, 2017 at 3:20 PM, Mike Jones <<a href="mailto:Michael.Jones@microsoft.com" target="_blank" class="cremed">Michael.Jones@microsoft.com</a>> wrote:<u></u><u></u></p>
<blockquote style="border:none;border-left:solid #cccccc 1.0pt;padding:0in 0in 0in 6.0pt;margin-left:4.8pt;margin-right:0in">
<div>
<div>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#002060">I’d actually do it in the other order.  I think that all OpenID-defined events from all working groups
 should start with <a href="http://schemas.openid.net/event/" target="_blank" class="cremed">http://schemas.openid.net/<wbr>event/</a>.  The event name should follow that, which may optionally include a working group name as part of the event name.  So the right name for account-deleted,
 if “risc” is to be included, is <a href="http://schemas.openid.net/event/risc/account-deleted" target="_blank" class="cremed">
http://schemas.openid.net/<wbr>event/risc/account-deleted</a>.</span><u></u><u></u></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#002060"> </span><u></u><u></u></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#002060">                              <wbr>                              <wbr>    -- Mike</span><u></u><u></u></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#002060"> </span><u></u><u></u></p>
<p class="MsoNormal"><b><span style="font-size:11.0pt;font-family:"Calibri",sans-serif">From:</span></b><span style="font-size:11.0pt;font-family:"Calibri",sans-serif"> Marius Scurtescu [mailto:<a href="mailto:mscurtescu@google.com" target="_blank" class="cremed">mscurtescu@google.com</a>]
<br>
<b>Sent:</b> Tuesday, April 18, 2017 3:17 PM<br>
<b>To:</b> Hardt, Dick <<a href="mailto:dick@amazon.com" target="_blank" class="cremed">dick@amazon.com</a>><br>
<b>Cc:</b> Phil Hunt <<a href="mailto:phil.hunt@oracle.com" target="_blank" class="cremed">phil.hunt@oracle.com</a>>; Mike Jones <<a href="mailto:Michael.Jones@microsoft.com" target="_blank" class="cremed">Michael.Jones@microsoft.com</a>>;
<a href="mailto:openid-specs-risc@lists.openid.net" target="_blank" class="cremed">openid-specs-risc@lists.<wbr>openid.net</a></span><u></u><u></u></p>
<div>
<div>
<p class="MsoNormal"><br>
<b>Subject:</b> Re: [Openid-specs-risc] RISC event URIs<u></u><u></u></p>
</div>
</div>
<div>
<div>
<p class="MsoNormal"> <u></u><u></u></p>
<div>
<p class="MsoNormal">Alright, unless anyone has objections let's go with the URL based event types (and potentially other URIs that the specs may need).<u></u><u></u></p>
<div>
<p class="MsoNormal"> <u></u><u></u></p>
</div>
<div>
<p class="MsoNormal">As John mentioned on the call yesterday, this also has the advantage that we could setup documentation pages behind these URLs, so URIs have obvious documentation attached.<u></u><u></u></p>
</div>
<div>
<p class="MsoNormal"> <u></u><u></u></p>
</div>
<div>
<p class="MsoNormal">As a nit, I think the account-deleted event type should be:<u></u><u></u></p>
</div>
<div>
<p class="MsoNormal"><a href="http://schemas.openid.net/risc/event/account-deleted" target="_blank" class="cremed">http://schemas.openid.net/<wbr>risc/event/account-deleted</a><u></u><u></u></p>
</div>
<div>
<p class="MsoNormal"> <u></u><u></u></p>
</div>
<div>
<p class="MsoNormal">I moved "risc" before "event". We might need other RISC URIs which are not event types.<u></u><u></u></p>
</div>
<div>
<p class="MsoNormal"> <u></u><u></u></p>
</div>
</div>
<div>
<p class="MsoNormal"><br clear="all">
<u></u><u></u></p>
<div>
<div>
<p class="MsoNormal">Marius<u></u><u></u></p>
</div>
</div>
<p class="MsoNormal"> <u></u><u></u></p>
<div>
<p class="MsoNormal">On Wed, Apr 12, 2017 at 3:55 PM, Hardt, Dick <<a href="mailto:dick@amazon.com" target="_blank" class="cremed">dick@amazon.com</a>> wrote:<u></u><u></u></p>
<blockquote style="border:none;border-left:solid #cccccc 1.0pt;padding:0in 0in 0in 6.0pt;margin-left:4.8pt;margin-top:5.0pt;margin-right:0in;margin-bottom:5.0pt">
<div>
<div>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif">The advantage of Marius’s original proposal is that it ensures that the event identifier will be globally unique
 without coordination between anyone profiling secevent since all events in the profile will need to start with a profile specific string.</span><u></u><u></u></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif"> </span><u></u><u></u></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif">In other words, there is the possibility of an event name collision if secevent leaves each profile to determine
 the event ID with no other guidance.</span><u></u><u></u></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif"> </span><u></u><u></u></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif">If secevent requires a URI and that the profile use a domain that is associated with the profile, then the collision
 risk is avoided.</span><u></u><u></u></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif"> </span><u></u><u></u></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif">Assuming that is in secevent, then</span><u></u><u></u></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif"> </span><u></u><u></u></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif"><a href="https://urldefense.proofpoint.com/v2/url?u=http-3A__schemas.openid.net_event_risc_account-2Ddeleted&d=DwMGaQ&c=RoP1YumCXCgaWHvlZYR8PQcxBKCX5YTpkKY057SbK10&r=JBm5biRrKugCH0FkITSeGJxPEivzjWwlNKe4C_lLIGk&m=IT6azVbuki1_pmbosRf1uN_NZqVzNldI8AI9fWdg32o&s=Fv9F4TKG7qD9gN9r9NPaA4dYsqek-m-sctnLBHLfKcc&e=" target="_blank" class="cremed">http://schemas.openid.net/<wbr>event/risc/account-deleted</a></span><u></u><u></u></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif"> </span><u></u><u></u></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif">works fine.</span><u></u><u></u></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif"> </span><u></u><u></u></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif">/Dick</span><u></u><u></u></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif"> </span><u></u><u></u></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif"> </span><u></u><u></u></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif"> </span><u></u><u></u></p>
<div>
<div>
<p class="MsoNormal" style="margin-left:.5in">
On 4/12/17, 2:05 PM, someone claiming to be "Openid-specs-risc on behalf of Phil Hunt" <<a href="mailto:openid-specs-risc-bounces@lists.openid.net" target="_blank" class="cremed">openid-specs-risc-bounces@<wbr>lists.openid.net</a> on behalf of
<a href="mailto:phil.hunt@oracle.com" target="_blank" class="cremed">phil.hunt@oracle.com</a>> wrote:<u></u><u></u></p>
</div>
</div>
<div>
<p class="MsoNormal" style="margin-left:.5in">
 <u></u><u></u></p>
</div>
<p class="MsoNormal" style="margin-left:.5in">
I agree with Mike. <u></u><u></u></p>
<div>
<p class="MsoNormal" style="margin-left:.5in">
 <u></u><u></u></p>
</div>
<div>
<p class="MsoNormal" style="margin-left:.5in">
I don’t think you really have to have a hierarchy.<u></u><u></u></p>
</div>
<div>
<p class="MsoNormal" style="margin-left:.5in">
 <u></u><u></u></p>
</div>
<div>
<p class="MsoNormal" style="margin-left:.5in">
The real issue is the value of having a vetted central registry. I do think there is some value to eliminate duplication and confusion.<u></u><u></u></p>
</div>
<div>
<p class="MsoNormal" style="margin-left:.5in">
 <u></u><u></u></p>
</div>
<div>
<p class="MsoNormal" style="margin-left:.5in">
I’m on the fence. It would be good get some rough proposed event definitions from RISC and SCIM for example and compare and contrast the similarities and differences and decide if they should be expressed differently.<u></u><u></u></p>
</div>
<div>
<p class="MsoNormal" style="margin-left:.5in">
 <u></u><u></u></p>
</div>
<div>
<div>
<div>
<div>
<div>
<div>
<div>
<div>
<div>
<div>
<div>
<div>
<div>
<div>
<div>
<div>
<p class="MsoNormal" style="margin-left:.5in">
<span style="color:black">Phil</span><u></u><u></u></p>
</div>
<div>
<p class="MsoNormal" style="margin-left:.5in">
<span style="color:black"> </span><u></u><u></u></p>
</div>
<div>
<p class="MsoNormal" style="margin-left:.5in">
<span style="color:black">Oracle Corporation, Identity Cloud Services Architect & Standards</span><u></u><u></u></p>
</div>
<div>
<p class="MsoNormal" style="margin-left:.5in">
<span style="color:black">@independentid</span><u></u><u></u></p>
</div>
<div>
<p class="MsoNormal" style="margin-left:.5in">
<span style="color:black"><a href="http://www.independentid.com" target="_blank" class="cremed">www.independentid.com</a></span><u></u><u></u></p>
</div>
</div>
</div>
</div>
<p class="MsoNormal" style="margin-left:.5in">
<span style="color:black"><a href="mailto:phil.hunt@oracle.com" target="_blank" class="cremed">phil.hunt@oracle.com</a></span><u></u><u></u></p>
</div>
<div>
<p class="MsoNormal" style="margin-left:.5in">
<span style="color:black"> </span><u></u><u></u></p>
</div>
</div>
<p class="MsoNormal" style="margin-left:.5in">
<span style="color:black"> </span><u></u><u></u></p>
</div>
<p class="MsoNormal" style="margin-left:.5in">
<span style="color:black"> </span><u></u><u></u></p>
</div>
<p class="MsoNormal" style="margin-left:.5in">
<span style="color:black"> </span><u></u><u></u></p>
</div>
<p class="MsoNormal" style="margin-left:.5in">
<span style="color:black"> </span><u></u><u></u></p>
</div>
<p class="MsoNormal" style="margin-left:.5in">
<span style="color:black"> </span><u></u><u></u></p>
</div>
<p class="MsoNormal" style="margin-left:.5in">
<span style="color:black"> </span><u></u><u></u></p>
</div>
<p class="MsoNormal" style="margin-left:.5in">
<span style="color:black"> </span><u></u><u></u></p>
</div>
<p class="MsoNormal" style="margin-left:.5in">
<span style="color:black"> </span><u></u><u></u></p>
</div>
<p class="MsoNormal" style="margin-bottom:12.0pt;margin-left:.5in">
 <u></u><u></u></p>
</div>
<p class="MsoNormal" style="margin-left:.5in">
 <u></u><u></u></p>
<div>
<blockquote style="margin-top:5.0pt;margin-bottom:5.0pt">
<div>
<p class="MsoNormal" style="margin-left:.5in">
On Apr 12, 2017, at 1:50 PM, Mike Jones <<a href="mailto:Michael.Jones@microsoft.com" target="_blank" class="cremed">Michael.Jones@microsoft.com</a>> wrote:<u></u><u></u></p>
</div>
<p class="MsoNormal" style="margin-left:.5in">
 <u></u><u></u></p>
<div>
<div>
<p class="MsoNormal" style="margin-left:.5in">
<span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#002060">openid.ns values in<span class="m_-1205405210142103466m-7831483904858795323m1503270523410313260apple-converted-space"> </span><a href="https://urldefense.proofpoint.com/v2/url?u=http-3A__openid.net_specs_openid-2Dauthentication-2D2-5F0.html-23anchor4&d=DwMGaQ&c=RoP1YumCXCgaWHvlZYR8PQcxBKCX5YTpkKY057SbK10&r=JBm5biRrKugCH0FkITSeGJxPEivzjWwlNKe4C_lLIGk&m=IT6azVbuki1_pmbosRf1uN_NZqVzNldI8AI9fWdg32o&s=_DGYGG9FeymBn6OqVohCgnpnHEKx-iORfkoGbfvw9Sw&e=" target="_blank" class="cremed"><span style="color:purple">http://openid.net/specs/<wbr>openid-authentication-2_0.<wbr>html#anchor4</span></a></span><u></u><u></u></p>
</div>
<div>
<p class="MsoNormal" style="margin-left:.5in">
<span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#002060">Claimed Identifier URI in<span class="m_-1205405210142103466m-7831483904858795323m1503270523410313260apple-converted-space"> </span><a href="https://urldefense.proofpoint.com/v2/url?u=http-3A__openid.net_specs_openid-2Dauthentication-2D2-5F0.html-23discovery&d=DwMGaQ&c=RoP1YumCXCgaWHvlZYR8PQcxBKCX5YTpkKY057SbK10&r=JBm5biRrKugCH0FkITSeGJxPEivzjWwlNKe4C_lLIGk&m=IT6azVbuki1_pmbosRf1uN_NZqVzNldI8AI9fWdg32o&s=i_Efd_jqHWw_nd402qXtksQfNlpOo9adIUyBmsnKDHw&e=" target="_blank" class="cremed"><span style="color:purple">http://openid.net/specs/<wbr>openid-authentication-2_0.<wbr>html#discovery</span></a></span><u></u><u></u></p>
</div>
<div>
<p class="MsoNormal" style="margin-left:.5in">
<span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#002060">                (there are plenty more in this spec)</span><u></u><u></u></p>
</div>
<div>
<p class="MsoNormal" style="margin-left:.5in">
<span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#002060">Attribute exchange namespace at<span class="m_-1205405210142103466m-7831483904858795323m1503270523410313260apple-converted-space"> </span><a href="https://urldefense.proofpoint.com/v2/url?u=http-3A__openid.net_specs_openid-2Dattribute-2Dexchange-2D1-5F0.html-23anchor2&d=DwMGaQ&c=RoP1YumCXCgaWHvlZYR8PQcxBKCX5YTpkKY057SbK10&r=JBm5biRrKugCH0FkITSeGJxPEivzjWwlNKe4C_lLIGk&m=IT6azVbuki1_pmbosRf1uN_NZqVzNldI8AI9fWdg32o&s=ht1coU3G-1vOvg5hIdxr1IDgU2bC2vdyoe9z1JXOVp8&e=" target="_blank" class="cremed"><span style="color:purple">http://openid.net/specs/<wbr>openid-attribute-exchange-1_0.<wbr>html#anchor2</span></a></span><u></u><u></u></p>
</div>
<div>
<p class="MsoNormal" style="margin-left:.5in">
<span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#002060">PAPE namespace at<span class="m_-1205405210142103466m-7831483904858795323m1503270523410313260apple-converted-space"> </span><a href="https://urldefense.proofpoint.com/v2/url?u=http-3A__openid.net_specs_openid-2Dprovider-2Dauthentication-2Dpolicy-2Dextension-2D1-5F0.html-23anchor3&d=DwMGaQ&c=RoP1YumCXCgaWHvlZYR8PQcxBKCX5YTpkKY057SbK10&r=JBm5biRrKugCH0FkITSeGJxPEivzjWwlNKe4C_lLIGk&m=IT6azVbuki1_pmbosRf1uN_NZqVzNldI8AI9fWdg32o&s=U8rYDwzBzOU4Vtkp0KRTXd22-a8bq0fxVnQcToUb1Ns&e=" target="_blank" class="cremed"><span style="color:purple">http://openid.net/specs/<wbr>openid-provider-<wbr>authentication-policy-<wbr>extension-1_0.html#anchor3</span></a></span><u></u><u></u></p>
</div>
<div>
<p class="MsoNormal" style="margin-left:.5in">
<span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#002060">Issuer URI at<span class="m_-1205405210142103466m-7831483904858795323m1503270523410313260apple-converted-space"> </span><a href="https://urldefense.proofpoint.com/v2/url?u=https-3A__openid.net_specs_openid-2Dconnect-2Ddiscovery-2D1-5F0.html-23IssuerDiscovery&d=DwMGaQ&c=RoP1YumCXCgaWHvlZYR8PQcxBKCX5YTpkKY057SbK10&r=JBm5biRrKugCH0FkITSeGJxPEivzjWwlNKe4C_lLIGk&m=IT6azVbuki1_pmbosRf1uN_NZqVzNldI8AI9fWdg32o&s=oXmQRXaMpUPH-nB4gDeKjSWILDF7BdTtLHiV5zb3rUU&e=" target="_blank" class="cremed"><span style="color:purple">https://openid.net/specs/<wbr>openid-connect-discovery-1_0.<wbr>html#IssuerDiscovery</span></a></span><u></u><u></u></p>
</div>
<div>
<p class="MsoNormal" style="margin-left:.5in">
<span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#002060">Backchannel Logout event at<span class="m_-1205405210142103466m-7831483904858795323m1503270523410313260apple-converted-space"> </span><a href="https://urldefense.proofpoint.com/v2/url?u=http-3A__openid.net_specs_openid-2Dconnect-2Dbackchannel-2D1-5F0.html-23LogoutToken&d=DwMGaQ&c=RoP1YumCXCgaWHvlZYR8PQcxBKCX5YTpkKY057SbK10&r=JBm5biRrKugCH0FkITSeGJxPEivzjWwlNKe4C_lLIGk&m=IT6azVbuki1_pmbosRf1uN_NZqVzNldI8AI9fWdg32o&s=wPXcz4P307OtW13LMmlvJGx7dIvt3F4z9-HH42ojRzY&e=" target="_blank" class="cremed"><span style="color:purple">http://openid.net/specs/<wbr>openid-connect-backchannel-1_<wbr>0.html#LogoutToken</span></a></span><u></u><u></u></p>
</div>
<div>
<p class="MsoNormal" style="margin-left:.5in">
<span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#002060">MODRNA policies at<span class="m_-1205405210142103466m-7831483904858795323m1503270523410313260apple-converted-space"> </span></span><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:purple"><a class="cremed">file:///C:/mbj/DSG/OpenID/<wbr>MODRNA/openid-connect-modrna-<wbr>authentication-1_0.html#rfc.<wbr>section.4</a></span><u></u><u></u></p>
</div>
<div>
<p class="MsoNormal" style="margin-left:.5in">
<span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#002060">EAP ACR URIs at<span class="m_-1205405210142103466m-7831483904858795323m1503270523410313260apple-converted-space"> </span><a href="https://urldefense.proofpoint.com/v2/url?u=http-3A__openid.net_specs_openid-2Dconnect-2Deap-2Dacr-2Dvalues-2D1-5F0.html-23ClaimsContents&d=DwMGaQ&c=RoP1YumCXCgaWHvlZYR8PQcxBKCX5YTpkKY057SbK10&r=JBm5biRrKugCH0FkITSeGJxPEivzjWwlNKe4C_lLIGk&m=IT6azVbuki1_pmbosRf1uN_NZqVzNldI8AI9fWdg32o&s=u6DfdgmHebc9XFcNGx5icscB9essDnJRqYjUo2SnAmA&e=" target="_blank" class="cremed"><span style="color:purple">http://openid.net/specs/<wbr>openid-connect-eap-acr-values-<wbr>1_0.html#ClaimsContents</span></a></span><u></u><u></u></p>
</div>
<div>
<p class="MsoNormal" style="margin-left:.5in">
<span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#002060">Etc.</span><u></u><u></u></p>
</div>
<div>
<p class="MsoNormal" style="margin-left:.5in">
<span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#002060"> </span><u></u><u></u></p>
</div>
<div>
<p class="MsoNormal" style="margin-left:.5in">
<span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#002060">There are plenty more.  These are just a quick subset I knew about off the top of my head.</span><u></u><u></u></p>
</div>
<div>
<p class="MsoNormal" style="margin-left:.5in">
<span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#002060"> </span><u></u><u></u></p>
</div>
<div>
<p class="MsoNormal" style="margin-left:.5in">
<span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#002060">Yes, it would be OK to put “risc” in the name.  The, for instance you might use this URI for Account Deleted:</span><u></u><u></u></p>
</div>
<div>
<p class="MsoNormal" style="margin-left:.5in">
<span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#002060">              Assum</span><u></u><u></u></p>
</div>
<div>
<div>
<div>
<p class="MsoNormal" style="margin-left:.5in">
<span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#002060"> </span><u></u><u></u></p>
</div>
<div>
<p class="MsoNormal" style="margin-left:.5in">
<span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#002060">IETF and “secevent” don’t really have a reason to be in these event names, because it’s the OpenID RISC WG defining these events, not the IETF or the SecEvent WG.</span><u></u><u></u></p>
</div>
<div>
<p class="MsoNormal" style="margin-left:.5in">
<span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#002060"> </span><u></u><u></u></p>
</div>
<div>
<p class="MsoNormal" style="margin-left:.5in">
<span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#002060">                              <wbr>                              <wbr>    -- Mike</span><u></u><u></u></p>
</div>
<div>
<p class="MsoNormal" style="margin-left:.5in">
<span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#002060"> </span><u></u><u></u></p>
</div>
<div>
<p class="MsoNormal" style="margin-left:.5in">
<b><span style="font-size:11.0pt;font-family:"Calibri",sans-serif">From:</span></b><span class="m_-1205405210142103466m-7831483904858795323m1503270523410313260apple-converted-space"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif"> </span></span><span style="font-size:11.0pt;font-family:"Calibri",sans-serif">Marius
 Scurtescu [<a href="mailto:mscurtescu@google.com" target="_blank" class="cremed">mailto:mscurtescu@google.com</a>]<span class="m_-1205405210142103466m-7831483904858795323m1503270523410313260apple-converted-space"><wbr> </span><br>
<b>Sent:</b><span class="m_-1205405210142103466m-7831483904858795323m1503270523410313260apple-converted-space"> </span>Wednesday, April 12, 2017 1:34 PM<br>
<b>To:</b><span class="m_-1205405210142103466m-7831483904858795323m1503270523410313260apple-converted-space"> </span>Mike Jones <<a href="mailto:Michael.Jones@microsoft.com" target="_blank" class="cremed">Michael.Jones@microsoft.com</a>><br>
<b>Cc:</b><span class="m_-1205405210142103466m-7831483904858795323m1503270523410313260apple-converted-space"> </span>Phil Hunt (IDM) <<a href="mailto:phil.hunt@oracle.com" target="_blank" class="cremed">phil.hunt@oracle.com</a>>;
<a href="mailto:openid-specs-risc@lists.openid.net" target="_blank" class="cremed">openid-specs-risc@lists.<wbr>openid.net</a><br>
<b>Subject:</b><span class="m_-1205405210142103466m-7831483904858795323m1503270523410313260apple-converted-space"> </span>Re: [Openid-specs-risc] RISC event URIs</span><u></u><u></u></p>
</div>
<div>
<p class="MsoNormal" style="margin-left:.5in">
 <u></u><u></u></p>
</div>
<div>
<div>
<div>
<div>
<p class="MsoNormal" style="margin-left:.5in">
On Wed, Apr 12, 2017 at 1:31 PM, Marius Scurtescu <<a href="mailto:mscurtescu@google.com" target="_blank" class="cremed"><span style="color:purple">mscurtescu@google.com</span></a>> wrote:<u></u><u></u></p>
</div>
<blockquote style="border:none;border-left:solid #cccccc 1.0pt;padding:0in 0in 0in 6.0pt;margin-left:4.8pt;margin-top:5.0pt;margin-right:0in;margin-bottom:5.0pt">
<div>
<div>
<p class="MsoNormal" style="margin-left:.5in">
Shouldn't "risc" (the profile name) be part of the URI?<u></u><u></u></p>
</div>
</div>
</blockquote>
<div>
<div>
<p class="MsoNormal" style="margin-left:.5in">
 <u></u><u></u></p>
</div>
</div>
<div>
<div>
<p class="MsoNormal" style="margin-left:.5in">
Similarly, what about "ietf" and "secevent" being part of the URI?<u></u><u></u></p>
</div>
</div>
<div>
<div>
<p class="MsoNormal" style="margin-left:.5in">
 <u></u><u></u></p>
</div>
</div>
<blockquote style="border:none;border-left:solid #cccccc 1.0pt;padding:0in 0in 0in 6.0pt;margin-left:4.8pt;margin-top:5.0pt;margin-right:0in;margin-bottom:5.0pt">
<div>
<div>
<div>
<p class="MsoNormal" style="margin-left:.5in">
 <u></u><u></u></p>
</div>
</div>
<div>
<div>
<p class="MsoNormal" style="margin-left:.5in">
Can you point to some of these other specifications and URIs?<u></u><u></u></p>
</div>
</div>
</div>
<div>
<div>
<p class="MsoNormal" style="margin-left:.5in">
<span style="color:#888888"><br clear="all">
</span><u></u><u></u></p>
</div>
<div>
<div>
<div>
<p class="MsoNormal" style="margin-left:.5in">
<span style="color:#888888">Marius</span><u></u><u></u></p>
</div>
</div>
</div>
<div>
<div>
<div>
<p class="MsoNormal" style="margin-left:.5in">
 <u></u><u></u></p>
</div>
<div>
<div>
<p class="MsoNormal" style="margin-left:.5in">
On Wed, Apr 12, 2017 at 1:25 PM, Mike Jones <<a href="mailto:Michael.Jones@microsoft.com" target="_blank" class="cremed"><span style="color:purple">Michael.Jones@microsoft.com</span></a>> wrote:<u></u><u></u></p>
</div>
<blockquote style="border:none;border-left:solid #cccccc 1.0pt;padding:0in 0in 0in 6.0pt;margin-left:4.8pt;margin-top:5.0pt;margin-right:0in;margin-bottom:5.0pt">
<div>
<div>
<div>
<p class="MsoNormal" style="margin-left:.5in">
<span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#002060">I’d suggest that RISC event names be<span class="m_-1205405210142103466m-7831483904858795323m1503270523410313260apple-converted-space"> </span><a href="https://urldefense.proofpoint.com/v2/url?u=http-3A__openid.net&d=DwMGaQ&c=RoP1YumCXCgaWHvlZYR8PQcxBKCX5YTpkKY057SbK10&r=JBm5biRrKugCH0FkITSeGJxPEivzjWwlNKe4C_lLIGk&m=IT6azVbuki1_pmbosRf1uN_NZqVzNldI8AI9fWdg32o&s=dzuYBPXCYMEBvFpUEktnn8u3lkEPeUHcausoF2NU45c&e=" target="_blank" class="cremed"><span style="color:purple">openid.net</span></a><span class="m_-1205405210142103466m-7831483904858795323m1503270523410313260apple-converted-space"> </span>URIs. 
 For instance, I’d use the event name<span class="m_-1205405210142103466m-7831483904858795323m1503270523410313260apple-converted-space"> </span></span><span style="font-size:11.0pt;font-family:"Courier New";color:#002060"><a href="https://urldefense.proofpoint.com/v2/url?u=http-3A__schemas.openid.net_event_account-2Ddeleted&d=DwMGaQ&c=RoP1YumCXCgaWHvlZYR8PQcxBKCX5YTpkKY057SbK10&r=JBm5biRrKugCH0FkITSeGJxPEivzjWwlNKe4C_lLIGk&m=IT6azVbuki1_pmbosRf1uN_NZqVzNldI8AI9fWdg32o&s=KerUNwzFrztEwKDzo7GXe2-W_8iuWNrnLZ-5Kvv2Afk&e=" target="_blank" class="cremed"><span style="color:purple">http://schemas.openid.<wbr>net/event/account-deleted</span></a></span><span class="m_-1205405210142103466m-7831483904858795323m1503270523410313260apple-converted-space"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#002060"> </span></span><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#002060">for
 the Account Deleted event that Marius described.  That would be consistent with how other things have been historically named in OpenID specifications.</span><u></u><u></u></p>
</div>
<div>
<p class="MsoNormal" style="margin-left:.5in">
<span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#002060"> </span><u></u><u></u></p>
</div>
<div>
<p class="MsoNormal" style="margin-left:.5in">
<span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#002060">                              <wbr>                              <wbr>    -- Mike</span><u></u><u></u></p>
</div>
<div>
<p class="MsoNormal" style="margin-left:.5in">
<span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#002060"> </span><u></u><u></u></p>
</div>
<div>
<div style="border:none;border-top:solid #e1e1e1 1.0pt;padding:3.0pt 0in 0in 0in">
<div>
<p class="MsoNormal" style="margin-left:.5in">
<b><span style="font-size:11.0pt;font-family:"Calibri",sans-serif">From:</span></b><span class="m_-1205405210142103466m-7831483904858795323m1503270523410313260apple-converted-space"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif"> </span></span><span style="font-size:11.0pt;font-family:"Calibri",sans-serif">Openid-specs-risc
 [mailto:<a href="mailto:openid-specs-risc-bounces@lists.openid.net" target="_blank" class="cremed"><span style="color:purple">openid-specs-risc-<wbr>bounces@lists.openid.net</span></a>]<span class="m_-1205405210142103466m-7831483904858795323m1503270523410313260apple-converted-space"> </span><b>On
 Behalf Of<span class="m_-1205405210142103466m-7831483904858795323m1503270523410313260apple-converted-space"> </span></b>Phil Hunt (IDM)<br>
<b>Sent:</b><span class="m_-1205405210142103466m-7831483904858795323m1503270523410313260apple-converted-space"> </span>Tuesday, April 11, 2017 3:00 PM<br>
<b>To:</b><span class="m_-1205405210142103466m-7831483904858795323m1503270523410313260apple-converted-space"> </span>Marius Scurtescu <<a href="mailto:mscurtescu@google.com" target="_blank" class="cremed"><span style="color:purple">mscurtescu@google.com</span></a>><br>
<b>Cc:</b><span class="m_-1205405210142103466m-7831483904858795323m1503270523410313260apple-converted-space"> </span><a href="mailto:openid-specs-risc@lists.openid.net" target="_blank" class="cremed"><span style="color:purple">openid-specs-risc@lists.<wbr>openid.net</span></a><br>
<b>Subject:</b><span class="m_-1205405210142103466m-7831483904858795323m1503270523410313260apple-converted-space"> </span>Re: [Openid-specs-risc] RISC event URIs</span><u></u><u></u></p>
</div>
</div>
</div>
<div>
<div>
<div>
<p class="MsoNormal" style="margin-left:.5in">
 <u></u><u></u></p>
</div>
<div>
<div>
<p class="MsoNormal" style="margin-left:.5in">
That said. It is perfectly ok for risc to use urns while the core spec specified uri. <u></u><u></u></p>
</div>
</div>
<div id="m_-1205405210142103466m_-7831483904858795323m_1503270523410313260gmail-m_4690585652410678300m_5364652117048815074AppleMailSignature">
<div>
<p class="MsoNormal" style="margin-left:.5in">
 <u></u><u></u></p>
</div>
</div>
<div id="m_-1205405210142103466m_-7831483904858795323m_1503270523410313260gmail-m_4690585652410678300m_5364652117048815074AppleMailSignature">
<div>
<p class="MsoNormal" style="margin-left:.5in">
There would just be no central event registry except within risc. <br>
<br>
Phil<u></u><u></u></p>
</div>
</div>
<div>
<p class="MsoNormal" style="margin-bottom:12.0pt;margin-left:.5in">
<br>
On Apr 11, 2017, at 2:37 PM, Marius Scurtescu <<a href="mailto:mscurtescu@google.com" target="_blank" class="cremed"><span style="color:purple">mscurtescu@google.com</span></a>> wrote:<u></u><u></u></p>
</div>
<blockquote style="margin-top:5.0pt;margin-bottom:5.0pt">
<div>
<div>
<div>
<p class="MsoNormal" style="margin-left:.5in">
Good point, will start the discussion on the secevent list.<u></u><u></u></p>
</div>
</div>
<div>
<div>
<p class="MsoNormal" style="margin-left:.5in">
<br clear="all">
<u></u><u></u></p>
</div>
<div>
<div>
<div>
<p class="MsoNormal" style="margin-left:.5in">
Marius<u></u><u></u></p>
</div>
</div>
</div>
<div>
<p class="MsoNormal" style="margin-left:.5in">
 <u></u><u></u></p>
</div>
<div>
<div>
<p class="MsoNormal" style="margin-left:.5in">
On Tue, Apr 11, 2017 at 2:34 PM, Hardt, Dick <<a href="mailto:dick@amazon.com" target="_blank" class="cremed"><span style="color:purple">dick@amazon.com</span></a>> wrote:<u></u><u></u></p>
</div>
<blockquote style="border:none;border-left:solid #cccccc 1.0pt;padding:0in 0in 0in 6.0pt;margin-left:4.8pt;margin-top:5.0pt;margin-right:0in;margin-bottom:5.0pt">
<div>
<div>
<div>
<p class="MsoNormal" style="margin-left:.5in">
<span style="font-size:11.0pt;font-family:"Calibri",sans-serif">I think the format of these should be decided in secevent.</span><u></u><u></u></p>
</div>
<div>
<p class="MsoNormal" style="margin-left:.5in">
<span style="font-size:11.0pt;font-family:"Calibri",sans-serif"> </span><u></u><u></u></p>
</div>
<div>
<p class="MsoNormal" style="margin-left:.5in">
<span style="font-size:11.0pt;font-family:"Calibri",sans-serif">I think your proposal of secevents starting with “urn:ietf:params:secevent:<wbr>event-type:” is one worth proposing in secevent.</span><u></u><u></u></p>
</div>
<div>
<p class="MsoNormal" style="margin-left:.5in">
<span style="font-size:11.0pt;font-family:"Calibri",sans-serif"> </span><u></u><u></u></p>
</div>
<div>
<p class="MsoNormal" style="margin-left:.5in">
<span style="font-size:11.0pt;font-family:"Calibri",sans-serif">"urn:ietf:params:secevent:aud-<wbr>client-id:<client-id>" is clearly a secevent discussion item</span><u></u><u></u></p>
</div>
<div>
<p class="MsoNormal" style="margin-left:.5in">
<span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#888888"> </span><u></u><u></u></p>
</div>
<div>
<p class="MsoNormal" style="margin-left:.5in">
<span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#888888">/Dick</span><u></u><u></u></p>
</div>
<div>
<div>
<div>
<p class="MsoNormal" style="margin-left:.5in">
<span style="font-size:11.0pt;font-family:"Calibri",sans-serif"> </span><u></u><u></u></p>
</div>
<div>
<div>
<div style="margin-left:.5in">
<p class="MsoNormal" style="margin-left:.5in">
On 4/11/17, 2:16 PM, someone claiming to be "Marius Scurtescu" <<a href="mailto:mscurtescu@google.com" target="_blank" class="cremed"><span style="color:purple">mscurtescu@google.com</span></a>> wrote:<u></u><u></u></p>
</div>
</div>
</div>
<div>
<div style="margin-left:.5in">
<p class="MsoNormal" style="margin-left:.5in">
 <u></u><u></u></p>
</div>
</div>
<div>
<div style="margin-left:.5in">
<p class="MsoNormal" style="margin-left:.5in">
"urn:ietf:params:secevent:<wbr>event-type:risc:sessions-<wbr>revoked" would be an event URI, the key under the "events" claim<u></u><u></u></p>
</div>
<div>
<div style="margin-left:.5in">
<p class="MsoNormal" style="margin-left:.5in">
 <u></u><u></u></p>
</div>
</div>
<div>
<div style="margin-left:.5in">
<p class="MsoNormal" style="margin-left:.5in">
"urn:ietf:params:secevent:aud-<wbr>client-id:<client-id>" would be the aud claim, and this solves the "SET re-played as an access token" issue<u></u><u></u></p>
</div>
</div>
<div>
<div style="margin-left:.5in">
<p class="MsoNormal" style="margin-left:.5in">
 <u></u><u></u></p>
</div>
<div>
<div style="margin-left:.5in">
<p class="MsoNormal" style="margin-left:.5in">
<br clear="all">
<u></u><u></u></p>
</div>
<div>
<div>
<div style="margin-left:.5in">
<p class="MsoNormal" style="margin-left:.5in">
Marius<u></u><u></u></p>
</div>
</div>
</div>
<div style="margin-left:.5in">
<p class="MsoNormal" style="margin-left:.5in">
 <u></u><u></u></p>
</div>
<div>
<div style="margin-left:.5in">
<p class="MsoNormal" style="margin-left:.5in">
On Tue, Apr 11, 2017 at 2:07 PM, Hardt, Dick <<a href="mailto:dick@amazon.com" target="_blank" class="cremed"><span style="color:purple">dick@amazon.com</span></a>> wrote:<u></u><u></u></p>
</div>
<blockquote style="border:none;border-left:solid #cccccc 1.0pt;padding:0in 0in 0in 6.0pt;margin-left:4.8pt;margin-top:5.0pt;margin-right:0in;margin-bottom:5.0pt">
<div>
<div>
<div style="margin-left:.5in">
<p class="MsoNormal" style="margin-left:.5in">
<span style="font-size:11.0pt;font-family:"Calibri",sans-serif">Where are you thinking this is in the secevent SET Marius?</span><u></u><u></u></p>
</div>
<div>
<div>
<div style="margin-left:.5in">
<p class="MsoNormal" style="margin-left:.5in">
<span style="font-size:11.0pt;font-family:"Calibri",sans-serif"> </span><u></u><u></u></p>
</div>
<div>
<div>
<div style="margin-left:1.0in">
<p class="MsoNormal" style="margin-left:.5in">
On 4/11/17, 10:56 AM, someone claiming to be "Openid-specs-risc on behalf of Marius Scurtescu" <<a href="mailto:openid-specs-risc-bounces@lists.openid.net" target="_blank" class="cremed"><span style="color:purple">openid-specs-risc-bounces@<wbr>lists.openid.net</span></a><span class="m_-1205405210142103466m-7831483904858795323m1503270523410313260apple-converted-space"> </span>on
 behalf of<span class="m_-1205405210142103466m-7831483904858795323m1503270523410313260apple-converted-space"> </span><a href="mailto:mscurtescu@google.com" target="_blank" class="cremed"><span style="color:purple">mscurtescu@google.com</span></a>> wrote:<u></u><u></u></p>
</div>
</div>
</div>
<div>
<div style="margin-left:1.0in">
<p class="MsoNormal" style="margin-left:.5in">
 <u></u><u></u></p>
</div>
</div>
<div>
<div>
<div style="margin-left:1.0in">
<p class="MsoNormal" style="margin-left:.5in">
While talking about events, we should also decide how the event URI will look like for RISC.<u></u><u></u></p>
</div>
</div>
<div>
<div style="margin-left:1.0in">
<p class="MsoNormal" style="margin-left:.5in">
 <u></u><u></u></p>
</div>
</div>
<div>
<div style="margin-left:1.0in">
<p class="MsoNormal" style="margin-left:.5in">
I propose we use URN sub-delegation for "ietf" namespace (RFC 3553), something like:<u></u><u></u></p>
</div>
</div>
<div>
<div style="margin-left:1.0in">
<p class="MsoNormal" style="margin-left:.5in">
urn:ietf:params:secevent:<wbr>event-type:risc:sessions-<wbr>revoked<u></u><u></u></p>
</div>
</div>
<div>
<div style="margin-left:1.0in">
<p class="MsoNormal" style="margin-left:.5in">
urn:ietf:params:secevent:<wbr>event-type:risc:tokens-revoked<u></u><u></u></p>
</div>
</div>
<div>
<div style="margin-left:1.0in">
<p class="MsoNormal" style="margin-left:.5in">
urn:ietf:params:secevent:<wbr>event-type:risc:account-<wbr>deleted<u></u><u></u></p>
</div>
</div>
<div>
<div style="margin-left:1.0in">
<p class="MsoNormal" style="margin-left:.5in">
urn:ietf:params:secevent:<wbr>event-type:risc:all ?<u></u><u></u></p>
</div>
</div>
<div>
<div style="margin-left:1.0in">
<p class="MsoNormal" style="margin-left:.5in">
 <u></u><u></u></p>
</div>
</div>
<div>
<div style="margin-left:1.0in">
<p class="MsoNormal" style="margin-left:.5in">
Maybe instead of "event-type" in the above URNs we should use "profile"? Since "risc" above signifies a whole class of event type and not a particular one:<u></u><u></u></p>
</div>
</div>
<div>
<div>
<div style="margin-left:1.0in">
<p class="MsoNormal" style="margin-left:.5in">
urn:ietf:params:secevent:<wbr>profile:risc:sessions-revoked<u></u><u></u></p>
</div>
</div>
</div>
<div>
<div style="margin-left:1.0in">
<p class="MsoNormal" style="margin-left:.5in">
...<u></u><u></u></p>
</div>
</div>
<div>
<div style="margin-left:1.0in">
<p class="MsoNormal" style="margin-left:.5in">
 <u></u><u></u></p>
</div>
</div>
<div>
<div style="margin-left:1.0in">
<p class="MsoNormal" style="margin-left:.5in">
We can use this scheme for other RISC related URNs, like a prefixed aud:<u></u><u></u></p>
</div>
</div>
<div>
<div style="margin-left:1.0in">
<p class="MsoNormal" style="margin-left:.5in">
urn:ietf:params:secevent:aud-<wbr>client-id:<client-id><u></u><u></u></p>
</div>
</div>
<div>
<div style="margin-left:1.0in">
<p class="MsoNormal" style="margin-left:.5in">
 <u></u><u></u></p>
</div>
</div>
<div>
<div style="margin-left:1.0in">
<p class="MsoNormal" style="margin-left:.5in">
Thoughts?<u></u><u></u></p>
</div>
</div>
<div>
<div style="margin-left:1.0in">
<p class="MsoNormal" style="margin-left:.5in">
 <u></u><u></u></p>
</div>
</div>
<div>
<div>
<div style="margin-left:1.0in">
<p class="MsoNormal" style="margin-left:.5in">
Marius<u></u><u></u></p>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</blockquote>
</div>
<div style="margin-left:.5in">
<p class="MsoNormal" style="margin-left:.5in">
 <u></u><u></u></p>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</blockquote>
</div>
<div>
<p class="MsoNormal" style="margin-left:.5in">
 <u></u><u></u></p>
</div>
</div>
</div>
</blockquote>
<blockquote style="margin-top:5.0pt;margin-bottom:5.0pt">
<div>
<div>
<p class="MsoNormal" style="margin-left:.5in">
______________________________<wbr>_________________<br>
Openid-specs-risc mailing list<br>
<a href="mailto:Openid-specs-risc@lists.openid.net" target="_blank" class="cremed"><span style="color:purple">Openid-specs-risc@lists.<wbr>openid.net</span></a><br>
<a href="https://urldefense.proofpoint.com/v2/url?u=http-3A__lists.openid.net_mailman_listinfo_openid-2Dspecs-2Drisc&d=DwICAg&c=RoP1YumCXCgaWHvlZYR8PQcxBKCX5YTpkKY057SbK10&r=JBm5biRrKugCH0FkITSeGJxPEivzjWwlNKe4C_lLIGk&m=xWx68AhS5M_By2Kzn2sWKxgaTcobfi-OdzG-BY75oQ0&s=GlmLO4LTDZglq1yIkAKmtEZG9Fwx_e5fxSEQGspbwAo&e=" target="_blank" class="cremed"><span style="color:purple">https://urldefense.proofpoint.<wbr>com/v2/url?u=http-3A__lists.<wbr>openid.net_mailman_listinfo_<wbr>openid-2Dspecs-2Drisc&d=<wbr>DwICAg&c=<wbr>RoP1YumCXCgaWHvlZYR8PQcxBKCX5Y<wbr>TpkKY057SbK10&r=<wbr>JBm5biRrKugCH0FkITSeGJxPEivzjW<wbr>wlNKe4C_lLIGk&m=xWx68AhS5M_<wbr>By2Kzn2sWKxgaTcobfi-OdzG-<wbr>BY75oQ0&s=<wbr>GlmLO4LTDZglq1yIkAKmtEZG9Fwx_<wbr>e5fxSEQGspbwAo&e=</span></a><u></u><u></u></p>
</div>
</div>
</blockquote>
</div>
</div>
</div>
</div>
</blockquote>
</div>
</div>
</div>
</div>
</blockquote>
</div>
</div>
</div>
</div>
</div>
</div>
</blockquote>
</div>
<p class="MsoNormal" style="margin-left:.5in">
 <u></u><u></u></p>
</div>
</div>
</div>
<p class="MsoNormal" style="margin-bottom:12.0pt"><br>
______________________________<wbr>_________________<br>
Openid-specs-risc mailing list<br>
<a href="mailto:Openid-specs-risc@lists.openid.net" target="_blank" class="cremed">Openid-specs-risc@lists.<wbr>openid.net</a><br>
<a href="http://lists.openid.net/mailman/listinfo/openid-specs-risc" target="_blank" class="cremed">http://lists.openid.net/<wbr>mailman/listinfo/openid-specs-<wbr>risc</a><u></u><u></u></p>
</blockquote>
</div>
<p class="MsoNormal"> <u></u><u></u></p>
</div>
</div>
</div>
</div>
</div>
</blockquote>
</div>
<p class="MsoNormal"><u></u> <u></u></p>
</div>
</div></div></div>
</div>

</blockquote></div><br></div></div>