[Openid-specs-ab] Feedback on UserInfo schema

Henrik Biering hb at peercraft.com
Fri Mar 8 01:44:07 UTC 2013


+1
(could not agree more to every aspect of this)

Henrik

Den 08-03-2013 02:04, John Bradley wrote:
> The discussion on the call was not against verification in any way but 
> that multiple phone numbers etc are all part of existing schemas.
>
> For complicated provisioning we should be pointing to SCIM or some 
> other schema rather than incrementally adding to the simple account 
> registration schema that we defined for the user_info endpoint.
>
> Once we start adding elements piecemeal it is a slippery slope.   What 
> about work and personal mobile and home vs work landline.  We also 
> have Multiple postal , home and work addresses each of those can also 
> be verified as in the Yahoo Japan case.
>
> So I would not characterize the discussion as rejecting the notion of 
> phone verification only saying that the existing schema is intended to 
> be as simple as possible for account registration based on current RP 
> experience from Google Facebook and others.
>
> If we are going to do something more complex it needs to be done as a 
> proper schema design and not tacked on to the current account 
> registration schema incrementally.
>
> That leaves SCIM, portableContacts , EDUPerson and perhaps AD schemas 
> as possibilities. (some much better than others)
>
> We need to have that discussion in a larger group.     I prefer to 
> have the larger discussion rather than picking elements off one at a time.
>
> John B.
>
> On 2013-03-08, at 9:14 AM, Nat Sakimura <sakimura at gmail.com 
> <mailto:sakimura at gmail.com>> wrote:
>
>> As the chair of the WG, I have a bit of problem to state that "the 
>> working group decided" here. WG is not just the people who have 
>> called in to a telephone conference but the sum of the all people who 
>> is expressing their desire.
>>
>> From the minute, I see that John Bradley, Mike Jones, Roland Hedberg, 
>> Justin Richer, Brian Campbell, Edmund Jay, George Fletcher, Pamela 
>> Dingle was in the call but those people on this thread, me, nov, Ryo, 
>> Chuck, and Torsten expressing the desire in having mobile number were 
>> not. Given that I heard this desire from another WG person, I suspect 
>> that there are more people thinking the same. I gather that the 
>> consensus is not yet reached.
>>
>> I would float the issue for a few more days -- till Sunday US time.
>>
>> Please discuss.
>>
>> Nat
>>
>> 2013/3/8 Mike Jones <Michael.Jones at microsoft.com 
>> <mailto:Michael.Jones at microsoft.com>>
>>
>>     FYI, the working group decided to keep only a single phone
>>     number, because even that isn't typically needed for our design
>>     use case for the UserInfo Endpoint, which is enabling easy
>>     interaction with basic RPs.  In particular, people felt strongly
>>     that we shouldn't be inventing new Connect-specific phone number
>>     schemas; if people need more specific data, they should probably
>>     use schemas that already exist, such as Portable Contacts or SCIM.
>>
>>     We *did*, however, decide to clarify how phone numbers with
>>     extensions should be represented.
>>
>>     See https://bitbucket.org/openid/connect/issue/800/ for more details.
>>
>>                                     -- Mike
>>
>>     -----Original Message-----
>>     From: openid-specs-ab-bounces at lists.openid.net
>>     <mailto:openid-specs-ab-bounces at lists.openid.net>
>>     [mailto:openid-specs-ab-bounces at lists.openid.net
>>     <mailto:openid-specs-ab-bounces at lists.openid.net>] On Behalf Of
>>     Chuck Mortimore
>>     Sent: Thursday, March 07, 2013 8:51 AM
>>     To: Ryo Ito
>>     Cc: openid-specs-ab at lists.openid.net
>>     <mailto:openid-specs-ab at lists.openid.net>
>>     Subject: Re: [Openid-specs-ab] Feedback on UserInfo schema
>>
>>     +1 although I wouldn't constrain to SMS as the verification
>>     method, and
>>     +simply say mobile_phone_verified
>>
>>     - cmort
>>
>>     On Mar 7, 2013, at 8:30 AM, "Ryo Ito" <ritou.06 at gmail.com
>>     <mailto:ritou.06 at gmail.com>> wrote:
>>
>>     > Some services verify user's mobile phone number by sending SMS.
>>     > "sms_verified" claim may be useful if "mobile_phone" scope is
>>     defined.
>>     > This is the same as relations of "email" and "email_verified"
>>     claims.
>>     >
>>     > Ryo
>>     >
>>     > 2013/3/8 nov matake <nov at matake.jp <mailto:nov at matake.jp>>:
>>     >> Does "phone" scope include "mobile_number" claim?
>>     >> or do we need another scope for mobile phone?
>>     >>
>>     >> I think we need "mobile_phone" scope.
>>     >>
>>     >> On 2013/03/07, at 6:54, Nat Sakimura <sakimura at gmail.com
>>     <mailto:sakimura at gmail.com>> wrote:
>>     >>
>>     >> I am fine with it, though how to create "formatted phone number"
>>     >> needs to be clarified. Is it just how the user entered or created
>>     >> algorithmically? If the later, the OP needs to have translation
>>     >> template for each countries as they widely varies. As to the
>>     syntax
>>     >> is concerned, I prefer phone_number_formatted instead of
>>     >> formatted_phone_number. Also, a +1 for making E.164 a MUST for
>>     the machine consumption.
>>     >>
>>     >> With respect to phone number, it just reminded me of the fact that
>>     >> multiple sources expressed desire to differentiate land line phone
>>     >> number and mobile phone number. Their characteristics as to the
>>     >> binding strength to the subject is very different. Land line
>>     usually
>>     >> is only bound to the "home / household" or "office location", the
>>     >> mobile phone number is much more tightly coupled with the person /
>>     >> subject. So, actually, you may not want to treat them as a
>>     single class.
>>     >>
>>     >> So, in addition to phone_number, I would like to propose
>>     >> mobile_number as well.
>>     >>
>>     >> Nat
>>     >>
>>     >>
>>     >> 2013/3/7 Mike Jones <Michael.Jones at microsoft.com
>>     <mailto:Michael.Jones at microsoft.com>>
>>     >>>
>>     >>> I would be fine with having both phone number claims.
>>     >>> "formatted_phone_number" could be the display form (just like
>>     >>> "formatted" is the address display form) and "phone_number"
>>     could be an RFC 3966 phone
>>     >>> number.   The "phone" scope would request both.
>>     >>>
>>     >>> What claim names is Google actually using for these values today?
>>     >>>
>>     >>> What do others think?
>>     >>>
>>     >>>                                -- Mike
>>     >>>
>>     >>> -----Original Message-----
>>     >>> From: openid-specs-ab-bounces at lists.openid.net
>>     <mailto:openid-specs-ab-bounces at lists.openid.net>
>>     >>> [mailto:openid-specs-ab-bounces at lists.openid.net
>>     <mailto:openid-specs-ab-bounces at lists.openid.net>] On Behalf Of Breno
>>     >>> de Medeiros
>>     >>> Sent: Wednesday, March 06, 2013 9:15 AM
>>     >>> To: openid-specs-ab at lists.openid.net
>>     <mailto:openid-specs-ab at lists.openid.net>
>>     >>> Subject: [Openid-specs-ab] Feedback on UserInfo schema
>>     >>>
>>     >>> Google returns phone numbers in two different formats: The
>>     >>> display-friendly displayable format that follows the user
>>     >>> preferences on how they see the number, and a
>>     standard-compliant form for machines.
>>     >>>
>>     >>> The UserInfo spec documents a 'phone_number' field that
>>     appears to
>>     >>> try to be both. It's the user 'preferred' phone number
>>     (indicating
>>     >>> some allowance for display-friendliness) and then only
>>     RECOMMENDS format compliance.
>>     >>>
>>     >>> Option 1. Define two fields: display_phone_number and
>>     >>> std_phone_number, where the latter MUST be in the E164 or RFC3966
>>     >>> (the latter deals with phone extensions as well).
>>     >>>
>>     >>> Option 2. Clarify the current language by replacing
>>     RECOMMENDED with
>>     >>> MUST if the desire is to support machine use cases
>>     >>>
>>     >>> Option 3. Clarity the current language by saying that this is for
>>     >>> display purposes only.
>>     >>>
>>     >>> --
>>     >>> --Breno
>>     >>> _______________________________________________
>>     >>> Openid-specs-ab mailing list
>>     >>> Openid-specs-ab at lists.openid.net
>>     <mailto:Openid-specs-ab at lists.openid.net>
>>     >>> http://lists.openid.net/mailman/listinfo/openid-specs-ab
>>     >>> _______________________________________________
>>     >>> Openid-specs-ab mailing list
>>     >>> Openid-specs-ab at lists.openid.net
>>     <mailto:Openid-specs-ab at lists.openid.net>
>>     >>> http://lists.openid.net/mailman/listinfo/openid-specs-ab
>>     >>
>>     >>
>>     >>
>>     >>
>>     >> --
>>     >> Nat Sakimura (=nat)
>>     >> Chairman, OpenID Foundation
>>     >> http://nat.sakimura.org/
>>     >> @_nat_en
>>     >> _______________________________________________
>>     >> Openid-specs-ab mailing list
>>     >> Openid-specs-ab at lists.openid.net
>>     <mailto:Openid-specs-ab at lists.openid.net>
>>     >> http://lists.openid.net/mailman/listinfo/openid-specs-ab
>>     >>
>>     >>
>>     >>
>>     >> _______________________________________________
>>     >> Openid-specs-ab mailing list
>>     >> Openid-specs-ab at lists.openid.net
>>     <mailto:Openid-specs-ab at lists.openid.net>
>>     >> http://lists.openid.net/mailman/listinfo/openid-specs-ab
>>     >
>>     >
>>     >
>>     > --
>>     > ====================
>>     > Ryo Ito
>>     > Email : ritou.06 at gmail.com <mailto:ritou.06 at gmail.com>
>>     > ====================
>>     > _______________________________________________
>>     > Openid-specs-ab mailing list
>>     > Openid-specs-ab at lists.openid.net
>>     <mailto:Openid-specs-ab at lists.openid.net>
>>     > http://lists.openid.net/mailman/listinfo/openid-specs-ab
>>     _______________________________________________
>>     Openid-specs-ab mailing list
>>     Openid-specs-ab at lists.openid.net
>>     <mailto:Openid-specs-ab at lists.openid.net>
>>     http://lists.openid.net/mailman/listinfo/openid-specs-ab
>>     _______________________________________________
>>     Openid-specs-ab mailing list
>>     Openid-specs-ab at lists.openid.net
>>     <mailto:Openid-specs-ab at lists.openid.net>
>>     http://lists.openid.net/mailman/listinfo/openid-specs-ab
>>
>>
>>
>>
>> -- 
>> Nat Sakimura (=nat)
>> Chairman, OpenID Foundation
>> http://nat.sakimura.org/
>> @_nat_en
>> _______________________________________________
>> Openid-specs-ab mailing list
>> Openid-specs-ab at lists.openid.net 
>> <mailto:Openid-specs-ab at lists.openid.net>
>> http://lists.openid.net/mailman/listinfo/openid-specs-ab
>
>
>
> _______________________________________________
> Openid-specs-ab mailing list
> Openid-specs-ab at lists.openid.net
> http://lists.openid.net/mailman/listinfo/openid-specs-ab

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20130308/6c9736be/attachment-0001.html>


More information about the Openid-specs-ab mailing list