<div dir="ltr">OK. My message was held in moderation queue because the attachment was too big. I just released it :-(</div><div class="gmail_extra"><br><br><div class="gmail_quote">2013/6/4 Nat Sakimura <span dir="ltr"><<a href="mailto:sakimura@gmail.com" target="_blank">sakimura@gmail.com</a>></span><br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr">I +1'ed to #848. <div><br></div><div>Re: authentication definition: In reviewing your comment back to my word comment, I found a descrepancy with the current definition. We are using a phrase like authenticate client and client authentication. Thus, the definition of authentication MUST NOT include "End-user". This is a Messages issue, by the way. </div>
<div><br></div><div>I have done this detail of the read only to Standard. Has anyone else did a careful read on other specs? </div><div>If we distribute the work, we could finish it in one day. I have only a few hours a day that I can allocate to this, and is taking too long to do. (Now, decreasing sleeping hours is not an option here. I have been working more than 20 hours a day last couple of business days.) I do not want to hold it off, but the goal of 2nd Implementer's draft is to publish something completely stable. I think we are in a pretty good shape for Standard now. (If we remove the examples for JWS and JWE, I doubt that we need to touch the text even JWS/JWE changes.) </div>
<div><br></div><div>The question is: has the same level of vetting done on other specs? </div><div><br></div><div><br></div></div><div class="gmail_extra"><div><div class="h5"><br><br><div class="gmail_quote">2013/6/4 Mike Jones <span dir="ltr"><<a href="mailto:Michael.Jones@microsoft.com" target="_blank">Michael.Jones@microsoft.com</a>></span><br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">OK - I'll give you this "SHOULD" if you give me the language proposed in #848 that John signed off on. :-)<br>
<br>
Then, subject to other working group input, I think we will have reached closure on all the proposed changes so we can get back to having proposed Implementer's Drafts today again.<br>
<span><font color="#888888"><br>
-- Mike<br>
</font></span><div><br>
-----Original Message-----<br>
From: Nat Sakimura [mailto:<a href="mailto:sakimura@gmail.com" target="_blank">sakimura@gmail.com</a>]<br>
</div><div><div>Sent: Monday, June 03, 2013 9:16 AM<br>
To: Mike Jones<br>
Cc: <a href="mailto:openid-specs-ab@lists.openid.net" target="_blank">openid-specs-ab@lists.openid.net</a>; John Bradley<br>
Subject: Re: Connect Standard annotated word version<br>
<br>
Jun 4, 2013 0:34�$B!"�(BMike Jones <<a href="mailto:Michael.Jones@microsoft.com" target="_blank">Michael.Jones@microsoft.com</a>> wrote:<br>
<br>
> As for changing the prompt:consent MUST to a SHOULD, I don’t<br>
> understand the “obvious from other actions” comment,<br>
<br>
It is quite well known concept.<br>
For example, when you have ordered something to be delivered to your home, you do not need an explicit consent for it since it is obvious.<br>
<br>
Explicit consent really only one of the possible conditions for processing even in EU Data Protection directive.<br>
<br>
In Japan, we are even talking of banning unnecessary explicit consent right now in a government committee. A protocol should not step on these legal issues. It MAY say SHOULD but not MUST.<br>
<br>
As to Pavlov effect, we are not talking about one RP here. It is potentially thousands of them. An OP should have some room to deal with it in the sense of consumer protection. Again, a protocol should not be prescriptive here. OP should be able not to show the consent dialogue and return an assertion without attributes other than that of authentication event.<br>
</div></div></blockquote></div><br><br clear="all"><div><br></div></div></div><div class="im">-- <br>Nat Sakimura (=nat)<div>Chairman, OpenID Foundation<br><a href="http://nat.sakimura.org/" target="_blank">http://nat.sakimura.org/</a><br>
@_nat_en</div>
</div></div>
</blockquote></div><br><br clear="all"><div><br></div>-- <br>Nat Sakimura (=nat)<div>Chairman, OpenID Foundation<br><a href="http://nat.sakimura.org/" target="_blank">http://nat.sakimura.org/</a><br>@_nat_en</div>
</div>