
<div dir="ltr">Ok with 3). You need to record this thread to the ticket though. Just a copy and paste would do. </div><div class="gmail_extra"><br><br><div class="gmail_quote">2013/6/3 John Bradley <span dir="ltr"><<a href="mailto:jbradley@pingidentity.com" target="_blank">jbradley@pingidentity.com</a>></span><br>

<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div style="word-wrap:break-word">That is OK,  I don't think it requires run time checking of the registry,  it is more a rule that can be used in disputes on what is correct.<div>

<br></div><div><div class="im"><br><div>

<div style="font-variant:normal;letter-spacing:normal;line-height:normal;text-align:-webkit-auto;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;word-wrap:break-word"><div style="font-variant:normal;letter-spacing:normal;line-height:normal;text-align:-webkit-auto;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;word-wrap:break-word">

<div style="font-variant:normal;letter-spacing:normal;line-height:normal;text-align:-webkit-auto;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;word-wrap:break-word"><div style="font-variant:normal;letter-spacing:normal;line-height:normal;text-align:-webkit-auto;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;word-wrap:break-word">

<span style="border-collapse:separate;font-variant:normal;letter-spacing:normal;line-height:normal;text-align:-webkit-auto;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;border-spacing:0px"><div style="word-wrap:break-word">

<span style="border-collapse:separate;font-variant:normal;letter-spacing:normal;line-height:normal;text-align:-webkit-auto;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;border-spacing:0px"><div style="word-wrap:break-word">

<div><div style="font-family:Tahoma;font-size:12px;font-weight:normal;font-style:normal;color:rgb(52,54,52);margin:0px"><b>John Bradley</b>  |  Sr. Technical Architect</div><div style="font-family:Arial;font-size:11px;font-weight:normal;font-style:normal;color:rgb(71,135,255);margin:0px">

<span style="font-family:Tahoma;color:rgb(52,54,52)"><b>Ping</b></span><span style="color:rgb(41,41,41)"> </span><span style="font-family:Tahoma;color:rgb(231,35,57)"><b>Identity</b></span><span style="color:rgb(41,41,41)">  |   <a href="http://www.pingidentity.com/" target="_blank">www.pingidentity.com</a></span></div>

<div style="font-family:Arial;font-size:11px;font-weight:normal;font-style:normal;color:rgb(41,41,41);margin:0px;min-height:12px"><br></div><div style="font-family:Arial;font-size:11px;font-weight:normal;font-style:normal;color:rgb(41,41,41);margin:0px">

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -</div><div style="margin:0px"><span style="font-family:Arial;font-size:11px;font-weight:normal;font-style:normal;color:rgb(0,85,104)"><b>O:</b></span><span style="font-family:Arial;font-size:11px;font-weight:normal;font-style:normal;color:rgb(41,41,41)"> <a href="tel:%2B1%20720.306.6055" target="_blank">+1 720.306.6055</a>   </span><span style="font-family:Arial;font-size:11px;font-weight:normal;font-style:normal;color:rgb(0,85,104)"><b>M:</b></span><span style="font-family:Arial;font-size:11px;font-weight:normal;font-style:normal;color:rgb(41,41,41)"> </span><font color="#4787ff" face="Arial"><span style="background-color:transparent;font-size:11px"><u>+1 (303) 396-9546</u></span></font></div>

<div style="font-family:Arial;font-size:11px;font-weight:normal;font-style:normal;color:rgb(71,135,255);margin:0px"><span style="color:rgb(0,85,104)"><b>Email:</b></span><span style="color:rgb(41,41,41)"> <a href="mailto:jbradley@pingidentity.com" target="_blank">jbradley@pingidentity.com</a></span></div>

</div><div style="font-style:normal;font-size:medium;font-family:Helvetica;font-weight:normal"><p><font face="verdana, sans-serif">- - - - - - - - - - - - - - - - - - - - - - - - - - -  - - - - - - - - - -</font></p><table border="0" cellspacing="0" cellpadding="0">

<tbody><tr><td nowrap valign="top" style="padding:0in"><p><b><font face="verdana, sans-serif">Join me at Cloud Identity Summit<br></font></b><span style="font-family:verdana,sans-serif"><a href="http://www.cloudidentitysummit.com/" target="_blank">www.cloudidentitysummit.com</a> <br>

</span><span style="font-family:verdana,sans-serif">Twitter: </span><a href="http://twitter.com/#!/@CloudIDSummit" style="font-family:verdana,sans-serif" target="_blank">@CloudIDSummit</a><br><span style="font-family:verdana,sans-serif"><a href="http://facebook.com/CloudIdentitySummit" target="_blank">Facebook.com/CloudIdentitySummit</a></span></p>

</td><td nowrap valign="top" style="padding:0in"><p><font face="verdana, sans-serif"><b>   Connect with me</b><br>   Twitter: </font><a href="https://twitter.com/ve7jtb" target="_blank"></a><a href="http://twitter.com/#!/@user_name" target="_blank">@</a>ve7jtb<font face="verdana, sans-serif"><br>

   </font><a href="http://linkedin.com/in/ve7jtb" style="white-space:normal" target="_blank">LinkedIn.com/in/v7jtb</a></p><div><br></div></td></tr></tbody></table></div><div style="font-style:normal;font-size:medium;font-family:Helvetica;font-weight:normal">

<br></div></div></span><br></div></span><br></div><br></div><br></div><br></div><br><br>

</div>

<br></div><div><div class="h5"><div><div>On 2013-06-03, at 1:19 AM, Mike Jones <<a href="mailto:Michael.Jones@microsoft.com" target="_blank">Michael.Jones@microsoft.com</a>> wrote:</div><br><blockquote type="cite">

<div lang="EN-US" link="blue" vlink="purple" style="font-family:Helvetica;font-size:medium;font-style:normal;font-variant:normal;font-weight:normal;letter-spacing:normal;line-height:normal;text-align:-webkit-auto;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px">

<div><div style="margin:0in 0in 0.0001pt;font-size:12pt;font-family:'Times New Roman',serif"><span style="font-size:11pt;font-family:Calibri,sans-serif;color:rgb(31,73,125)">I could live with this:<u></u><u></u></span></div>

<div style="margin:0in 0in 0.0001pt;font-size:12pt;font-family:'Times New Roman',serif"><span style="font-size:11pt;font-family:Calibri,sans-serif;color:rgb(31,73,125)"> </span></div><div style="margin:0in 0in 0.0001pt;font-size:12pt;font-family:'Times New Roman',serif">

<span style="font-size:11pt;font-family:Calibri,sans-serif;color:rgb(31,73,125)">3) SHOULD with MUST NOT use the values in the registry defined by RFC6711 with different meanings.<u></u><u></u></span></div><div style="margin:0in 0in 0.0001pt;font-size:12pt;font-family:'Times New Roman',serif">

<span style="font-size:11pt;font-family:Calibri,sans-serif;color:rgb(31,73,125)"> </span></div><div style="margin:0in 0in 0.0001pt;font-size:12pt;font-family:'Times New Roman',serif"><span style="font-size:11pt;font-family:Calibri,sans-serif;color:rgb(31,73,125)">Yes, you’re right Nat that we’re talking about claims values, not claim names in this case.  But the principle is the same.  Normally, registered or collision-resistant names should be used.  But “between consenting implementations”, there’s nothing wrong with using private names, any more than there is anything wrong with using private claim names.  Yes collisions could eventually result.  But that’s the risk that people using private names are knowingly taking.<u></u><u></u></span></div>

<div style="margin:0in 0in 0.0001pt;font-size:12pt;font-family:'Times New Roman',serif"><span style="font-size:11pt;font-family:Calibri,sans-serif;color:rgb(31,73,125)"> </span></div><div style="margin:0in 0in 0.0001pt;font-size:12pt;font-family:'Times New Roman',serif">

<span style="font-size:11pt;font-family:Calibri,sans-serif;color:rgb(31,73,125)">If we weren’t in a space-constrained environment, I wouldn’t have any problem with a MUST.  But we are, so brevity is essential, and absolute URIs are far from brief.  We should therefore never have a MUST that effectively requires their use.<u></u><u></u></span></div>

<div style="margin:0in 0in 0.0001pt;font-size:12pt;font-family:'Times New Roman',serif"><span style="font-size:11pt;font-family:Calibri,sans-serif;color:rgb(31,73,125)"> </span></div><div style="margin:0in 0in 0.0001pt;font-size:12pt;font-family:'Times New Roman',serif">

<span style="font-size:11pt;font-family:Calibri,sans-serif;color:rgb(31,73,125)">                                                            -- Mike<u></u><u></u></span></div><div style="margin:0in 0in 0.0001pt;font-size:12pt;font-family:'Times New Roman',serif">

<span style="font-size:11pt;font-family:Calibri,sans-serif;color:rgb(31,73,125)"> </span></div><div style="margin:0in 0in 0.0001pt;font-size:12pt;font-family:'Times New Roman',serif"><b><span style="font-size:10pt;font-family:Tahoma,sans-serif">From:</span></b><span style="font-size:10pt;font-family:Tahoma,sans-serif"><span> </span>Nat Sakimura [mailto:<a href="mailto:sakimura@" target="_blank">sakimura@</a><a href="http://gmail.com" target="_blank">gmail.com</a>]<span> </span><br>

<b>Sent:</b><span> </span>Sunday, June 02, 2013 4:01 PM<br><b>To:</b><span> </span>John Bradley<br><b>Cc:</b><span> </span>Mike Jones; <a href="mailto:openid-specs-ab@lists.openid.net" target="_blank">openid-specs-ab@lists.openid.net</a><br>

<b>Subject:</b><span> </span>Re: [Openid-specs-ab] acr text<u></u><u></u></span></div><div style="margin:0in 0in 0.0001pt;font-size:12pt;font-family:'Times New Roman',serif"><u></u> <u></u></div><div><div style="margin:0in 0in 0.0001pt;font-size:12pt;font-family:'Times New Roman',serif">

+1, in as much as I do not want people to use <span>RS256 with other private meanings in JWS. </span><u></u><u></u></div><div><div style="margin:0in 0in 0.0001pt;font-size:12pt;font-family:'Times New Roman',serif">

<u></u> <u></u></div></div><div><div style="margin:0in 0in 0.0001pt;font-size:12pt;font-family:'Times New Roman',serif"><span>My preference. </span><u></u><u></u></div></div><div><div style="margin:0in 0in 0.0001pt;font-size:12pt;font-family:'Times New Roman',serif">

<u></u> <u></u></div></div><div><div style="margin:0in 0in 0.0001pt;font-size:12pt;font-family:'Times New Roman',serif"><span>1) MUST</span><u></u><u></u></div></div><div><div style="margin:0in 0in 0.0001pt;font-size:12pt;font-family:'Times New Roman',serif">

<span>2) SHOULD with MUST NOT use the values defined in RFC6711. </span><u></u><u></u></div></div><div><div style="margin:0in 0in 0.0001pt;font-size:12pt;font-family:'Times New Roman',serif"><u></u> <u></u></div></div>

<div><div style="margin:0in 0in 0.0001pt;font-size:12pt;font-family:'Times New Roman',serif"><span>As I stated before, 2) is rather difficult to implement. It requires the developers to pull RFC6711 registry every time it requests / responds a private acr value. IMHO, 1) is the way to go. </span><u></u><u></u></div>

</div></div><div><p class="MsoNormal" style="margin:0in 0in 12pt;font-size:12pt;font-family:'Times New Roman',serif"><u></u> <u></u></p><div><div style="margin:0in 0in 0.0001pt;font-size:12pt;font-family:'Times New Roman',serif">

2013/6/3 John Bradley <<a href="mailto:jbradley@pingidentity.com" style="color:purple;text-decoration:underline" target="_blank">jbradley@pingidentity.com</a>><u></u><u></u></div><div><div style="margin:0in 0in 0.0001pt;font-size:12pt;font-family:'Times New Roman',serif">

I prefer the value to be a URI unless a registered name is used.  That prevents collisions and configuration errors.    I don't think making a private name a URI is overly restrictive.<u></u><u></u></div><div><div style="margin:0in 0in 0.0001pt;font-size:12pt;font-family:'Times New Roman',serif">

<u></u> <u></u></div></div><div><div style="margin:0in 0in 0.0001pt;font-size:12pt;font-family:'Times New Roman',serif">It needs to at least be a SHOULD perhaps with a warning about use of unregistered short names being dangerous outside of testing due to possible name collisions.<u></u><u></u></div>

</div><div><div style="margin:0in 0in 0.0001pt;font-size:12pt;font-family:'Times New Roman',serif"><u></u> <u></u></div></div><div><div style="margin:0in 0in 0.0001pt;font-size:12pt;font-family:'Times New Roman',serif">

It doesn't take much to do the registration.   I prefer to keep it tight and not have lots of people using values like "3" all with separate definitions.<u></u><u></u></div></div><div><div style="margin:0in 0in 0.0001pt;font-size:12pt;font-family:'Times New Roman',serif">

<u></u> <u></u></div></div><div><div style="margin:0in 0in 0.0001pt;font-size:12pt;font-family:'Times New Roman',serif"><u></u> <u></u></div><div><div><div><div><div><div><div><div><div><div style="margin:0in 0in 0.0001pt;font-size:12pt;font-family:'Times New Roman',serif">

<b><span style="font-size:9pt;font-family:Tahoma,sans-serif;color:rgb(52,54,52)">John Bradley</span></b><span style="font-size:9pt;font-family:Tahoma,sans-serif;color:rgb(52,54,52)">  |  Sr. Technical Architect<u></u><u></u></span></div>

</div><div><div style="margin:0in 0in 0.0001pt;font-size:12pt;font-family:'Times New Roman',serif"><b><span style="font-size:8.5pt;font-family:Tahoma,sans-serif;color:rgb(52,54,52)">Ping</span></b><span style="font-size:8.5pt;font-family:Arial,sans-serif;color:rgb(41,41,41)"> </span><b><span style="font-size:8.5pt;font-family:Tahoma,sans-serif;color:rgb(231,35,57)">Identity</span></b><span style="font-size:8.5pt;font-family:Arial,sans-serif;color:rgb(41,41,41)">  |   <a href="http://www.pingidentity.com/" style="color:purple;text-decoration:underline" target="_blank">www.pingidentity.com</a></span><span style="font-size:8.5pt;font-family:Arial,sans-serif;color:rgb(71,135,255)"><u></u><u></u></span></div>

</div><div><div style="margin:0in 0in 0.0001pt;font-size:12pt;font-family:'Times New Roman',serif"><span style="font-size:8.5pt;font-family:Arial,sans-serif;color:rgb(41,41,41)"> </span></div></div><div><div style="margin:0in 0in 0.0001pt;font-size:12pt;font-family:'Times New Roman',serif">

<span style="font-size:8.5pt;font-family:Arial,sans-serif;color:rgb(41,41,41)">- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -<u></u><u></u></span></div></div><div><div style="margin:0in 0in 0.0001pt;font-size:12pt;font-family:'Times New Roman',serif">

<b><span style="font-size:8.5pt;font-family:Arial,sans-serif;color:rgb(0,85,104)">O:</span></b><span style="font-size:8.5pt;font-family:Arial,sans-serif;color:rgb(41,41,41)"> <a href="tel:%2B1%20720.306.6055" style="color:purple;text-decoration:underline" target="_blank">+1 720.306.6055</a>   </span><b><span style="font-size:8.5pt;font-family:Arial,sans-serif;color:rgb(0,85,104)">M:</span></b><span style="font-size:8.5pt;font-family:Arial,sans-serif;color:rgb(41,41,41)"> </span><u><span style="font-size:8.5pt;font-family:Arial,sans-serif;color:rgb(71,135,255)">+1 (303) 396-9546</span></u><u></u><u></u></div>

</div><div><div style="margin:0in 0in 0.0001pt;font-size:12pt;font-family:'Times New Roman',serif"><b><span style="font-size:8.5pt;font-family:Arial,sans-serif;color:rgb(0,85,104)">Email:</span></b><span style="font-size:8.5pt;font-family:Arial,sans-serif;color:rgb(41,41,41)"> <a href="mailto:jbradley@pingidentity.com" style="color:purple;text-decoration:underline" target="_blank">jbradley@pingidentity.com</a></span><span style="font-size:8.5pt;font-family:Arial,sans-serif;color:rgb(71,135,255)"><u></u><u></u></span></div>

</div></div><div><p style="margin-right:0in;margin-left:0in;font-size:12pt;font-family:'Times New Roman',serif"><span style="font-size:13.5pt;font-family:Verdana,sans-serif">- - - - - - - - - - - - - - - - - - - - - - - - - - -  - - - - - - - - - -</span><span style="font-size:13.5pt;font-family:Helvetica,sans-serif"><u></u><u></u></span></p>

<table border="0" cellspacing="0" cellpadding="0"><tbody><tr><td nowrap valign="top" style="padding:0in"><p style="margin-right:0in;margin-left:0in;font-size:12pt;font-family:'Times New Roman',serif"><b><span style="font-family:Verdana,sans-serif">Join me at Cloud Identity Summit<br>

</span></b><span style="font-family:Verdana,sans-serif"><a href="http://www.cloudidentitysummit.com/" style="color:purple;text-decoration:underline" target="_blank">www.cloudidentitysummit.com</a> <br>Twitter: </span><a href="http://twitter.com/#!/@CloudIDSummit" style="color:purple;text-decoration:underline" target="_blank"><span style="font-family:Verdana,sans-serif">@CloudIDSummit</span></a><br>

<span style="font-family:Verdana,sans-serif"><a href="http://facebook.com/CloudIdentitySummit" style="color:purple;text-decoration:underline" target="_blank">Facebook.com/CloudIdentitySummit</a></span><u></u><u></u></p></td>

<td nowrap valign="top" style="padding:0in"><p style="margin-right:0in;margin-left:0in;font-size:12pt;font-family:'Times New Roman',serif"><b><span style="font-family:Verdana,sans-serif">   Connect with me</span></b><span style="font-family:Verdana,sans-serif"><br>

   Twitter: </span><a href="http://twitter.com/#!/@user_name" style="color:purple;text-decoration:underline" target="_blank">@</a>ve7jtb<span style="font-family:Verdana,sans-serif"><br>   </span><a href="http://linkedin.com/in/ve7jtb" style="color:purple;text-decoration:underline" target="_blank">LinkedIn.com/in/v7jtb</a><u></u><u></u></p>

</td></tr></tbody></table></div><div><div style="margin:0in 0in 0.0001pt;font-size:12pt;font-family:'Times New Roman',serif"><span style="font-size:13.5pt;font-family:Helvetica,sans-serif"> </span></div></div></div>

<div style="margin:0in 0in 0.0001pt;font-size:12pt;font-family:'Times New Roman',serif"><u></u> <u></u></div></div><div style="margin:0in 0in 0.0001pt;font-size:12pt;font-family:'Times New Roman',serif"><u></u> <u></u></div>

</div><div style="margin:0in 0in 0.0001pt;font-size:12pt;font-family:'Times New Roman',serif"><u></u> <u></u></div></div><div style="margin:0in 0in 0.0001pt;font-size:12pt;font-family:'Times New Roman',serif">

<u></u> <u></u></div></div><div style="margin:0in 0in 0.0001pt;font-size:12pt;font-family:'Times New Roman',serif"><u></u> <u></u></div></div><p class="MsoNormal" style="margin:0in 0in 12pt;font-size:12pt;font-family:'Times New Roman',serif">

<u></u> <u></u></p></div><div style="margin:0in 0in 0.0001pt;font-size:12pt;font-family:'Times New Roman',serif"><u></u> <u></u></div><div><div><div style="margin:0in 0in 0.0001pt;font-size:12pt;font-family:'Times New Roman',serif">

On 2013-06-02, at 11:36 PM, Mike Jones <<a href="mailto:Michael.Jones@microsoft.com" style="color:purple;text-decoration:underline" target="_blank">Michael.Jones@microsoft.com</a>> wrote:<u></u><u></u></div></div><div style="margin:0in 0in 0.0001pt;font-size:12pt;font-family:'Times New Roman',serif">

<br><br><u></u><u></u></div><div><div><div><div style="margin:0in 0in 0.0001pt;font-size:12pt;font-family:'Times New Roman',serif"><span style="font-size:11pt;font-family:Calibri,sans-serif;color:rgb(31,73,125)">A must wouldn’t be consistent with the rest of how we use claims.  Where two parties have a private agreement on the meanings of claims, we allow the use of private, unregistered names, per<a href="http://tools.ietf.org/html/draft-ietf-oauth-json-web-token-08#section-4.3" style="color:purple;text-decoration:underline" target="_blank"><span style="color:purple">http://tools.ietf.org/html/draft-ietf-oauth-json-web-token-08#section-4.3</span></a>.  I don’t think we should absolutely mandate the use of registered names in this case, when we don’t anywhere else.</span><u></u><u></u></div>

</div><div><div><div style="margin:0in 0in 0.0001pt;font-size:12pt;font-family:'Times New Roman',serif"><span style="font-size:11pt;font-family:Calibri,sans-serif;color:rgb(31,73,125)"> </span><u></u><u></u></div>

</div><div><div style="margin:0in 0in 0.0001pt;font-size:12pt;font-family:'Times New Roman',serif"><span style="font-size:11pt;font-family:Calibri,sans-serif;color:rgb(31,73,125)">Also, some trust frameworks may experiment with a name before deciding that it’s time to register it.  We shouldn’t make that illegal.</span><u></u><u></u></div>

</div><div><div style="margin:0in 0in 0.0001pt;font-size:12pt;font-family:'Times New Roman',serif"><span style="font-size:11pt;font-family:Calibri,sans-serif;color:rgb(31,73,125)"> </span><u></u><u></u></div></div>

<div><div style="margin:0in 0in 0.0001pt;font-size:12pt;font-family:'Times New Roman',serif"><span style="font-size:11pt;font-family:Calibri,sans-serif;color:rgb(31,73,125)">A “SHOULD” is fine.</span><u></u><u></u></div>

</div><div><div style="margin:0in 0in 0.0001pt;font-size:12pt;font-family:'Times New Roman',serif"><span style="font-size:11pt;font-family:Calibri,sans-serif;color:rgb(31,73,125)"> </span><u></u><u></u></div></div>

<div><div style="margin:0in 0in 0.0001pt;font-size:12pt;font-family:'Times New Roman',serif"><span style="font-size:11pt;font-family:Calibri,sans-serif;color:rgb(31,73,125)">                                                            -- Mike</span><u></u><u></u></div>

</div><div><div style="margin:0in 0in 0.0001pt;font-size:12pt;font-family:'Times New Roman',serif"><span style="font-size:11pt;font-family:Calibri,sans-serif;color:rgb(31,73,125)"> </span><u></u><u></u></div></div>

<div><div style="border-style:solid none none;border-top-width:1pt;border-top-color:rgb(181,196,223);padding:3pt 0in 0in"><div style="margin:0in 0in 0.0001pt;font-size:12pt;font-family:'Times New Roman',serif"><b><span style="font-size:10pt;font-family:Tahoma,sans-serif">From:</span></b><span style="font-size:10pt;font-family:Tahoma,sans-serif"> <a href="mailto:openid-specs-ab-bounces@lists.openid.net" style="color:purple;text-decoration:underline" target="_blank">openid-specs-ab-bounces@lists.openid.net</a><span> </span>[mailto:<a href="mailto:openid-" style="color:purple;text-decoration:underline" target="_blank">openid-</a><a href="mailto:specs-ab-bounces@lists.openid.net" style="color:purple;text-decoration:underline" target="_blank">specs-ab-bounces@lists.openid.net</a>] <b>On Behalf Of </b>Nat Sakimura<br>

<b>Sent:</b> Sunday, June 02, 2013 2:31 PM<br><b>To:</b> Bradley John;<span> </span><a href="mailto:openid-specs-ab@lists.openid.net" style="color:purple;text-decoration:underline" target="_blank">openid-specs-ab@lists.openid.net</a><br>

<b>Subject:</b> [Openid-specs-ab] acr text</span><u></u><u></u></div></div></div><div><div style="margin:0in 0in 0.0001pt;font-size:12pt;font-family:'Times New Roman',serif"> <u></u><u></u></div></div><div><div style="margin:0in 0in 0.0001pt;font-size:12pt;font-family:'Times New Roman',serif">

Especially to John, <u></u><u></u></div></div><div><div style="margin:0in 0in 0.0001pt;font-size:12pt;font-family:'Times New Roman',serif"> <u></u><u></u></div></div><div><div style="margin:0in 0in 0.0001pt;font-size:12pt;font-family:'Times New Roman',serif">

acr text says:<u></u><u></u></div></div><div><div style="margin:0in 0in 0.0001pt;font-size:12pt;font-family:'Times New Roman',serif"> <u></u><u></u></div></div><div><div style="margin:0in 0in 0.0001pt;font-size:12pt;font-family:'Times New Roman',serif">

 An absolute URI or a <a href="http://openid.bitbucket.org/openid-connect-messages-1_0.html#RFC6711" style="color:purple;text-decoration:underline" target="_blank"><b>registered name</b></a> [RFC6711] MAY be used as an <tt style="font-family:'Courier New'"><span style="font-size:10pt">acr</span></tt> value.<u></u><u></u></div>

</div><div><div style="margin:0in 0in 0.0001pt;font-size:12pt;font-family:'Times New Roman',serif"> <u></u><u></u></div></div><div><div style="margin:0in 0in 0.0001pt;font-size:12pt;font-family:'Times New Roman',serif">

Is it really MAY? Is it not MUST? <u></u><u></u></div></div><div><div style="margin:0in 0in 0.0001pt;font-size:12pt;font-family:'Times New Roman',serif"><br>=nat <u></u><u></u></div></div></div></div><div style="margin:0in 0in 0.0001pt;font-size:12pt;font-family:'Times New Roman',serif">

<span style="font-size:13.5pt;font-family:Helvetica,sans-serif">_______________________________________________<br>Openid-specs-ab mailing list<br><a href="mailto:Openid-specs-ab@lists.openid.net" style="color:purple;text-decoration:underline" target="_blank"><span style="color:purple">Openid-specs-ab@lists.openid.net</span></a><br>

<a href="http://lists.openid.net/mailman/listinfo/openid-specs-ab" style="color:purple;text-decoration:underline" target="_blank"><span style="color:purple">http://lists.openid.net/mailman/listinfo/openid-specs-ab</span></a><u></u><u></u></span></div>

</div></div><div style="margin:0in 0in 0.0001pt;font-size:12pt;font-family:'Times New Roman',serif"><u></u> <u></u></div></div></div></div><div style="margin:0in 0in 0.0001pt;font-size:12pt;font-family:'Times New Roman',serif">

<br><br clear="all"><u></u><u></u></div><div><div style="margin:0in 0in 0.0001pt;font-size:12pt;font-family:'Times New Roman',serif"><u></u> <u></u></div></div><div style="margin:0in 0in 0.0001pt;font-size:12pt;font-family:'Times New Roman',serif">

--<span> </span><br>Nat Sakimura (=nat)<u></u><u></u></div><div><div style="margin:0in 0in 0.0001pt;font-size:12pt;font-family:'Times New Roman',serif">Chairman, OpenID Foundation<br><a href="http://nat.sakimura.org/" style="color:purple;text-decoration:underline" target="_blank">http://nat.sakimura.org/</a><br>

@_nat_en<u></u><u></u></div></div></div></div>_______________________________________________<br>Openid-specs-ab mailing list<br><a href="mailto:Openid-specs-ab@lists.openid.net" target="_blank">Openid-specs-ab@lists.openid.net</a><br>

<a href="http://lists.openid.net/mailman/listinfo/openid-specs-ab" target="_blank">http://lists.openid.net/mailman/listinfo/openid-specs-ab</a></div></blockquote></div><br></div></div></div></div></blockquote></div><br><br clear="all">

<div><br></div>-- <br>Nat Sakimura (=nat)<div>Chairman, OpenID Foundation<br><a href="http://nat.sakimura.org/" target="_blank">http://nat.sakimura.org/</a><br>@_nat_en</div>

</div>