<html>
<head>
<meta content="text/html; charset=utf-8" http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
Hi Mike,<br>
<br>
you are right, we need such a trust framework and are working on it.
I hope we will the first spec out soon.<br>
<br>
However, my current main interest is in ensuring interoperability
between (future) MODRNA implementations and "ordinary" OpenID
Connect implementations. Just mandating software statement support
in MODRNA won't solve the problem. So I'm in favor of starting work
towards a Client Registration 1.1. soon as well.<br>
<br>
kind regards,<br>
Torsten.<br>
<br>
Am 12.08.2015 um 04:36 schrieb Mike Jones:<br>
<blockquote
cite="mid:BY2PR03MB442F6A6080056693FAD3A89F57E0@BY2PR03MB442.namprd03.prod.outlook.com"
type="cite">
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<meta name="Generator" content="Microsoft Word 14 (filtered
medium)">
<style><!--
/* Font Definitions */
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Tahoma;
panose-1:2 11 6 4 3 5 4 4 2 4;}
@font-face
{font-family:Consolas;
panose-1:2 11 6 9 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Times New Roman","serif";}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
p
{mso-style-priority:99;
mso-margin-top-alt:auto;
margin-right:0in;
mso-margin-bottom-alt:auto;
margin-left:0in;
font-size:12.0pt;
font-family:"Times New Roman","serif";}
pre
{mso-style-priority:99;
mso-style-link:"HTML Preformatted Char";
margin:0in;
margin-bottom:.0001pt;
font-size:10.0pt;
font-family:"Courier New";}
p.MsoAcetate, li.MsoAcetate, div.MsoAcetate
{mso-style-priority:99;
mso-style-link:"Balloon Text Char";
margin:0in;
margin-bottom:.0001pt;
font-size:8.0pt;
font-family:"Tahoma","sans-serif";}
p.MsoListParagraph, li.MsoListParagraph, div.MsoListParagraph
{mso-style-priority:34;
mso-margin-top-alt:auto;
margin-right:0in;
mso-margin-bottom-alt:auto;
margin-left:0in;
font-size:12.0pt;
font-family:"Times New Roman","serif";}
span.HTMLPreformattedChar
{mso-style-name:"HTML Preformatted Char";
mso-style-priority:99;
mso-style-link:"HTML Preformatted";
font-family:Consolas;}
span.EmailStyle21
{mso-style-type:personal;
font-family:"Calibri","sans-serif";
color:#1F497D;}
span.EmailStyle22
{mso-style-type:personal-reply;
font-family:"Calibri","sans-serif";
color:#1F497D;}
span.BalloonTextChar
{mso-style-name:"Balloon Text Char";
mso-style-priority:99;
mso-style-link:"Balloon Text";
font-family:"Tahoma","sans-serif";}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
<div class="WordSection1">
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">Answering
your actual question, clients today are free to use
software_statement but servers are also free to ignore it –
just like any other parameters that they do not understand.<o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">However,
the MODRNA profile can mandate support for the RFC 7591
software_statement in clients and servers supporting that
profile – and it can do so without us updating the OpenID
Connect Dynamic Client Registration spec. I suspect the
profile would need to do more than mandating support – it
would also probably have to say some things about how to
determine whether to trust the software_statement for what
purposes based on who signed it. That additional trust work
goes beyond both of the dyn-reg specs, and is new work.<o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">What
are MODRNA’s thoughts on how to do that?<o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">
-- Mike<o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"><o:p> </o:p></span></p>
<div>
<div style="border:none;border-top:solid #B5C4DF
1.0pt;padding:3.0pt 0in 0in 0in">
<p class="MsoNormal"><b><span
style="font-size:10.0pt;font-family:"Tahoma","sans-serif"">From:</span></b><span
style="font-size:10.0pt;font-family:"Tahoma","sans-serif"">
Torsten Lodderstedt [<a class="moz-txt-link-freetext" href="mailto:torsten@lodderstedt.net">mailto:torsten@lodderstedt.net</a>]
<br>
<b>Sent:</b> Tuesday, August 11, 2015 4:17 AM<br>
<b>To:</b> Mike Jones<br>
<b>Cc:</b> <a class="moz-txt-link-abbreviated" href="mailto:openid-specs-ab@lists.openid.net">openid-specs-ab@lists.openid.net</a><br>
<b>Subject:</b> Re: [Openid-specs-ab] I'm planning to
start applying errata edits to OpenID Connect<o:p></o:p></span></p>
</div>
</div>
<p class="MsoNormal"><o:p> </o:p></p>
<div>
<p class="MsoNormal">Hi Mike,<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<div>
<p class="MsoNormal">I'm a bit surprised about the approach,
but we will give it a try. <o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<div>
<p class="MsoNormal">One question worries me so I would like
to sort it our beforehand: let's suppose a OP allows to pass
all relevant parameter to the client registration request in
a software statement (instead of separate URI request
parameters) as specified by RFC 7591. Would you consider
this behavior compliant to the OpenID Dynamic Client
Registration spec? Will we extend the OpenID conformance
tests accordingly?<br>
<br>
kind regards,<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal">Torsten.<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal" style="margin-bottom:12.0pt"><br>
Am 29.07.2015 um 17:37 schrieb Mike Jones <<a
moz-do-not-send="true"
href="mailto:Michael.Jones@microsoft.com">Michael.Jones@microsoft.com</a>>:<o:p></o:p></p>
</div>
<blockquote style="margin-top:5.0pt;margin-bottom:5.0pt">
<div>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">We’re
not going to do major changes as part of an errata
action, so we’re not going to remove the now-duplicated
content. That said, we will add a statement that the
OpenID Registration spec is compatible with the OAuth
Registration spec and that implementations are free to
use features defined there such as software statements
as appropriate. Would that work for you?</span><o:p></o:p></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"> </span><o:p></o:p></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">
-- Mike</span><o:p></o:p></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"> </span><o:p></o:p></p>
<div>
<div style="border:none;border-top:solid #B5C4DF
1.0pt;padding:3.0pt 0in 0in 0in">
<p class="MsoNormal"><b><span
style="font-size:10.0pt;font-family:"Tahoma","sans-serif"">From:</span></b><span
style="font-size:10.0pt;font-family:"Tahoma","sans-serif"">
<a moz-do-not-send="true"
href="mailto:torsten@lodderstedt.net">torsten@lodderstedt.net</a>
[<a moz-do-not-send="true"
href="mailto:torsten@lodderstedt.net">mailto:torsten@lodderstedt.net</a>]
<br>
<b>Sent:</b> Wednesday, July 29, 2015 5:05 AM<br>
<b>To:</b> Mike Jones<br>
<b>Cc:</b> <a moz-do-not-send="true"
href="mailto:openid-specs-ab@lists.openid.net">openid-specs-ab@lists.openid.net</a><br>
<b>Subject:</b> Re: [Openid-specs-ab] I'm planning
to start applying errata edits to OpenID Connect</span><o:p></o:p></p>
</div>
</div>
<p class="MsoNormal"> <o:p></o:p></p>
<p><span style="font-size:10.0pt">Hi Mike,</span><o:p></o:p></p>
<p><span style="font-size:10.0pt">good to hear.</span><o:p></o:p></p>
<p><span style="font-size:10.0pt">Regarding Dynamic Client
Registration: Will you modify the OpenID Connect Spec to
be based on RFC 7591? I'm asking because the OIDC Client
Registration could be strip down (e.g. by removing the
definition of registration request/response).
Moreover, this would allow the OIDC version to leverage
software statements, which are required for the MODRNA
work.</span><o:p></o:p></p>
<p><span style="font-size:10.0pt">best regards,<br>
Torsten.</span><o:p></o:p></p>
<p><span style="font-size:10.0pt">Am 24.07.2015 20:14,
schrieb Mike Jones:</span><o:p></o:p></p>
<blockquote style="border:none;border-left:solid #1010FF
1.5pt;padding:0in 0in 0in
4.0pt;margin-left:3.75pt;margin-top:5.0pt;margin-bottom:5.0pt">
<div>
<p class="MsoNormal"
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto">I
wanted to let you know that I plan to start applying
errata edits to the OpenID Connect specifications.
These edits will include:<o:p></o:p></p>
<p class="MsoListParagraph" style="text-indent:-.25in"><span
style="font-size:10.0pt;font-family:Symbol">·</span><span
style="font-size:7.0pt">
</span><span style="font-size:10.0pt">Referencing the
JOSE, JWT, OAuth Assertions, and acct URI RFCs
instead of working group drafts</span><o:p></o:p></p>
<p class="MsoListParagraph" style="text-indent:-.25in"><span
style="font-size:10.0pt;font-family:Symbol">·</span><span
style="font-size:7.0pt">
</span><span style="font-size:10.0pt">Registering the
Connect-specific Dynamic Registration metadata
values in the registry established by RFC 7591</span><o:p></o:p></p>
<p class="MsoListParagraph" style="text-indent:-.25in"><span
style="font-size:10.0pt;font-family:Symbol">·</span><span
style="font-size:7.0pt">
</span><span style="font-size:10.0pt">Removing the
warning about the Google “iss” value currently in
Section 15.6.2</span><o:p></o:p></p>
<p class="MsoListParagraph" style="text-indent:-.25in"><span
style="font-size:10.0pt;font-family:Symbol">·</span><span
style="font-size:7.0pt">
</span><span style="font-size:10.0pt">Addressing typos
described in the issue tracker</span><o:p></o:p></p>
<p class="MsoNormal"
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"> <o:p></o:p></p>
<p class="MsoNormal"
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto">If
you know of other issues that we need to address as
errata, please add them to the issue tracker at
<a moz-do-not-send="true"
href="https://na01.safelinks.protection.outlook.com/?url=https%3a%2f%2fbitbucket.org%2fopenid%2fconnect%2fissues%3fstatus%3dnew%26status%3dopen&data=01%7c01%7cMichael.Jones%40microsoft.com%7c31bcba812779461de4dc08d2980df30d%7c72f988bf86f141af91ab2d7cd011db47%7c1&sdata=HXg%2bwHa8bJiF7SLAJUyFK0Lwp6SBXdWE27KLYYiXmHM%3d">https://bitbucket.org/openid/connect/issues?status=new&status=open</a>
using the milestone “Errata”.<o:p></o:p></p>
<p class="MsoNormal"
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"> <o:p></o:p></p>
<p class="MsoNormal"
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto">Note
that I’ll first publish the updated drafts to
<a moz-do-not-send="true"
href="https://na01.safelinks.protection.outlook.com/?url=http%3a%2f%2fopenid.bitbucket.org%2f&data=01%7c01%7cMichael.Jones%40microsoft.com%7c31bcba812779461de4dc08d2980df30d%7c72f988bf86f141af91ab2d7cd011db47%7c1&sdata=vcv4rTg9svF8fZYynqgEF7oV3N%2bEt2oVn0Tu%2bcrkJa8%3d">http://openid.bitbucket.org/</a>
for review. Also, I think we should wait until <a
moz-do-not-send="true"
href="https://na01.safelinks.protection.outlook.com/?url=https%3a%2f%2ftools.ietf.org%2fhtml%2fdraft-ietf-jose-jwk-thumbprint-08&data=01%7c01%7cMichael.Jones%40microsoft.com%7c31bcba812779461de4dc08d2980df30d%7c72f988bf86f141af91ab2d7cd011db47%7c1&sdata=Abm%2brWGKRUjm0nf0zVUsAIdo%2b47JvLs54T2WDVPat%2fY%3d">draft-ietf-jose-jwk-thumbprint</a>
exits the RFC Editor queue and becomes an RFC before
we call this second errata round done.<o:p></o:p></p>
<p class="MsoNormal"
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"> <o:p></o:p></p>
<p class="MsoNormal"
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto">
-- Mike<o:p></o:p></p>
<p class="MsoNormal"
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"> <o:p></o:p></p>
</div>
<p class="MsoNormal"><span style="font-size:10.0pt"> </span><o:p></o:p></p>
<pre>_______________________________________________<o:p></o:p></pre>
<pre>Openid-specs-ab mailing list<o:p></o:p></pre>
<pre><a moz-do-not-send="true" href="mailto:Openid-specs-ab@lists.openid.net">Openid-specs-ab@lists.openid.net</a><o:p></o:p></pre>
<pre><a moz-do-not-send="true" href="https://na01.safelinks.protection.outlook.com/?url=http%3a%2f%2flists.openid.net%2fmailman%2flistinfo%2fopenid-specs-ab&data=01%7c01%7cMichael.Jones%40microsoft.com%7c31bcba812779461de4dc08d2980df30d%7c72f988bf86f141af91ab2d7cd011db47%7c1&sdata=TCG5eGRf7Z73v3O1CdCcVLBp6kXmee66VK2fV9iAD8w%3d">http://lists.openid.net/mailman/listinfo/openid-specs-ab</a><o:p></o:p></pre>
</blockquote>
<p><span style="font-size:10.0pt"> </span><o:p></o:p></p>
<div>
<p class="MsoNormal"><span style="font-size:10.0pt"> </span><o:p></o:p></p>
</div>
</div>
</blockquote>
</div>
</blockquote>
<br>
</body>
</html>