<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<meta name="Generator" content="Microsoft Word 15 (filtered medium)">
<style><!--
/* Font Definitions */
@font-face
        {font-family:"Cambria Math";
        panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
        {font-family:Calibri;
        panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
        {font-family:Consolas;
        panose-1:2 11 6 9 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
        {margin:0in;
        margin-bottom:.0001pt;
        font-size:11.0pt;
        font-family:"Calibri",sans-serif;}
a:link, span.MsoHyperlink
        {mso-style-priority:99;
        color:blue;
        text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
        {mso-style-priority:99;
        color:purple;
        text-decoration:underline;}
pre
        {mso-style-priority:99;
        mso-style-link:"HTML Preformatted Char";
        margin:0in;
        margin-bottom:.0001pt;
        font-size:10.0pt;
        font-family:"Courier New";}
p.MsoListParagraph, li.MsoListParagraph, div.MsoListParagraph
        {mso-style-priority:34;
        margin-top:0in;
        margin-right:0in;
        margin-bottom:0in;
        margin-left:.5in;
        margin-bottom:.0001pt;
        font-size:11.0pt;
        font-family:"Calibri",sans-serif;}
p.msonormal0, li.msonormal0, div.msonormal0
        {mso-style-name:msonormal;
        mso-margin-top-alt:auto;
        margin-right:0in;
        mso-margin-bottom-alt:auto;
        margin-left:0in;
        font-size:11.0pt;
        font-family:"Calibri",sans-serif;}
span.HTMLPreformattedChar
        {mso-style-name:"HTML Preformatted Char";
        mso-style-priority:99;
        mso-style-link:"HTML Preformatted";
        font-family:"Consolas",serif;}
span.apple-style-span
        {mso-style-name:apple-style-span;}
span.EmailStyle21
        {mso-style-type:personal-reply;
        font-family:"Calibri",sans-serif;
        color:windowtext;}
.MsoChpDefault
        {mso-style-type:export-only;
        font-size:10.0pt;}
@page WordSection1
        {size:8.5in 11.0in;
        margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
        {page:WordSection1;}
/* List Definitions */
@list l0
        {mso-list-id:354042568;
        mso-list-type:hybrid;
        mso-list-template-ids:-1550142052 67698705 67698713 67698715 67698703 67698713 67698715 67698703 67698713 67698715;}
@list l0:level1
        {mso-level-text:"%1\)";
        mso-level-tab-stop:none;
        mso-level-number-position:left;
        text-indent:-.25in;}
@list l0:level2
        {mso-level-number-format:alpha-lower;
        mso-level-tab-stop:none;
        mso-level-number-position:left;
        text-indent:-.25in;}
@list l0:level3
        {mso-level-number-format:roman-lower;
        mso-level-tab-stop:none;
        mso-level-number-position:right;
        text-indent:-9.0pt;}
@list l0:level4
        {mso-level-tab-stop:none;
        mso-level-number-position:left;
        text-indent:-.25in;}
@list l0:level5
        {mso-level-number-format:alpha-lower;
        mso-level-tab-stop:none;
        mso-level-number-position:left;
        text-indent:-.25in;}
@list l0:level6
        {mso-level-number-format:roman-lower;
        mso-level-tab-stop:none;
        mso-level-number-position:right;
        text-indent:-9.0pt;}
@list l0:level7
        {mso-level-tab-stop:none;
        mso-level-number-position:left;
        text-indent:-.25in;}
@list l0:level8
        {mso-level-number-format:alpha-lower;
        mso-level-tab-stop:none;
        mso-level-number-position:left;
        text-indent:-.25in;}
@list l0:level9
        {mso-level-number-format:roman-lower;
        mso-level-tab-stop:none;
        mso-level-number-position:right;
        text-indent:-9.0pt;}
@list l1
        {mso-list-id:2027515436;
        mso-list-type:hybrid;
        mso-list-template-ids:108325580 1665676260 67698713 67698715 67698703 67698713 67698715 67698703 67698713 67698715;}
@list l1:level1
        {mso-level-text:"\(%1\)";
        mso-level-tab-stop:none;
        mso-level-number-position:left;
        text-indent:-.25in;}
@list l1:level2
        {mso-level-number-format:alpha-lower;
        mso-level-tab-stop:none;
        mso-level-number-position:left;
        text-indent:-.25in;}
@list l1:level3
        {mso-level-number-format:roman-lower;
        mso-level-tab-stop:none;
        mso-level-number-position:right;
        text-indent:-9.0pt;}
@list l1:level4
        {mso-level-tab-stop:none;
        mso-level-number-position:left;
        text-indent:-.25in;}
@list l1:level5
        {mso-level-number-format:alpha-lower;
        mso-level-tab-stop:none;
        mso-level-number-position:left;
        text-indent:-.25in;}
@list l1:level6
        {mso-level-number-format:roman-lower;
        mso-level-tab-stop:none;
        mso-level-number-position:right;
        text-indent:-9.0pt;}
@list l1:level7
        {mso-level-tab-stop:none;
        mso-level-number-position:left;
        text-indent:-.25in;}
@list l1:level8
        {mso-level-number-format:alpha-lower;
        mso-level-tab-stop:none;
        mso-level-number-position:left;
        text-indent:-.25in;}
@list l1:level9
        {mso-level-number-format:roman-lower;
        mso-level-tab-stop:none;
        mso-level-number-position:right;
        text-indent:-9.0pt;}
ol
        {margin-bottom:0in;}
ul
        {margin-bottom:0in;}
--></style>
</head>
<body lang="EN-US" link="blue" vlink="purple">
<div class="WordSection1">
<p class="MsoNormal" style="margin-left:.5in"><a name="_MailOriginalBody"><o:p> </o:p></a></p>
<div>
<p class="MsoNormal" style="margin-left:.5in"><span style="mso-bookmark:_MailOriginalBody">My feeling is that any RISC Profile should only deal in issues or opportunities unique to RISC.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="mso-bookmark:_MailOriginalBody"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="mso-bookmark:_MailOriginalBody">I agree. If an aspect is clearly specified somewhere else, and meets RISC’s requirements, we should use it.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="mso-bookmark:_MailOriginalBody"><o:p> </o:p></span></p>
<p class="MsoNormal" style="margin-left:.5in"><span style="mso-bookmark:_MailOriginalBody">It has not been clear what those RISC specific scoping issue are. Hence, I do not see the purpose for the current RISC Profile draft. For my part, I was expecting a draft
 that actually defined RISC Events.<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal" style="margin-left:.5in"><span style="mso-bookmark:_MailOriginalBody"><o:p> </o:p></span></p>
</div>
<div>
<p class="MsoNormal" style="margin-left:.5in"><span style="mso-bookmark:_MailOriginalBody">Dick commented on Feb 5 that:<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal" style="margin-left:.5in"><span style="mso-bookmark:_MailOriginalBody"></span><a href="http://lists.openid.net/pipermail/openid-specs-risc/Week-of-Mon-20180205/000439.html"><span style="mso-bookmark:_MailOriginalBody">http://lists.openid.net/pipermail/openid-specs-risc/Week-of-Mon-20180205/000439.html</span><span style="mso-bookmark:_MailOriginalBody"></span></a><span style="mso-bookmark:_MailOriginalBody"><o:p></o:p></span></p>
</div>
<div>
<blockquote style="margin-top:5.0pt;margin-bottom:5.0pt">
<pre style="margin-left:.5in;background:white;white-space:pre-wrap"><span style="mso-bookmark:_MailOriginalBody">I think “need” is too strong. A single management API is desired.<o:p></o:p></span></pre>
<pre style="margin-left:.5in;background:white"><span style="mso-bookmark:_MailOriginalBody">Another aspect is that the management requirements of RISC, SCIM, OIDC etc. so far look quite different.<o:p></o:p></span></pre>
<pre style="margin-left:.5in;background:white"><span style="mso-bookmark:_MailOriginalBody">RISC has specific needs, and with a concrete API, there can more easily be a discussion on commonalities, or lack thereof with other SecEvent profiles.<o:p></o:p></span></pre>
</blockquote>
<div>
<p class="MsoNormal" style="margin-left:.5in"><span style="mso-bookmark:_MailOriginalBody">These statements don’t really play out. The RISC group has not really identified why RISC is unique. <o:p></o:p></span></p>
<p class="MsoNormal"><span style="mso-bookmark:_MailOriginalBody"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="mso-bookmark:_MailOriginalBody">Let me clarify then. As I see it, RISC has the following control plane requirements:<o:p></o:p></span></p>
<p class="MsoNormal"><span style="mso-bookmark:_MailOriginalBody"><o:p> </o:p></span></p>
<ol style="margin-top:0in" start="1" type="1">
<li class="MsoListParagraph" style="margin-left:0in;mso-list:l0 level1 lfo1"><span style="mso-bookmark:_MailOriginalBody">Add/remove subjects when the subject is not added implicitly
<o:p></o:p></span></li><li class="MsoListParagraph" style="margin-left:0in;mso-list:l0 level1 lfo1"><span style="mso-bookmark:_MailOriginalBody">Check operational status of the event stream<o:p></o:p></span></li></ol>
<p class="MsoNormal"><span style="mso-bookmark:_MailOriginalBody"><o:p> </o:p></span></p>
<ol style="margin-top:0in" start="1" type="1">
<li class="MsoListParagraph" style="margin-left:0in;mso-list:l1 level1 lfo2"><span style="mso-bookmark:_MailOriginalBody">Is not required by either OIDC or SCIM as subjects are determined implicitly by the protocol. Using SCIM for subject management in RISC
 has been deemed heavy for everyone except those already using SCIM. There currently is no WG document in SecEvents for subject management.<o:p></o:p></span></li><li class="MsoListParagraph" style="margin-left:0in;mso-list:l1 level1 lfo2"><span style="mso-bookmark:_MailOriginalBody">Is unique to SCIM. There currently is no WG document in SecEvents for subject management.<o:p></o:p></span></li></ol>
<p class="MsoNormal"><span style="mso-bookmark:_MailOriginalBody"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="mso-bookmark:_MailOriginalBody">If SecEvents WG sees (1) and/or (2) to have common usage across SecEvents, and the SecEvents WG adopted a WG document for them, then it would make sense to not do that work in RISC, but that
 is not the current state, and given the contention in SecEvents, I think it is important for the RISC WG to move forward and create specifications that meet its requirements.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="mso-bookmark:_MailOriginalBody"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="mso-bookmark:_MailOriginalBody">I agree that RISC should be agnostic on what protocol is being used for how 2 parties have a mutual subject, be that OIDC, SAML, shared email, or shared phone number.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="mso-bookmark:_MailOriginalBody"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="mso-bookmark:_MailOriginalBody">/Dick<o:p></o:p></span></p>
</div>
</div>
</div>
</body>
</html>