<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<meta name="Generator" content="Microsoft Word 15 (filtered medium)">
<style><!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Consolas;
panose-1:2 11 6 9 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri",sans-serif;}
h4
{mso-style-priority:9;
mso-style-link:"Heading 4 Char";
mso-margin-top-alt:auto;
margin-right:0in;
mso-margin-bottom-alt:auto;
margin-left:0in;
font-size:12.0pt;
font-family:"Calibri",sans-serif;
font-weight:bold;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
pre
{mso-style-priority:99;
mso-style-link:"HTML Preformatted Char";
margin:0in;
margin-bottom:.0001pt;
font-size:10.0pt;
font-family:"Courier New";}
p.msonormal0, li.msonormal0, div.msonormal0
{mso-style-name:msonormal;
mso-margin-top-alt:auto;
margin-right:0in;
mso-margin-bottom-alt:auto;
margin-left:0in;
font-size:11.0pt;
font-family:"Calibri",sans-serif;}
span.HTMLPreformattedChar
{mso-style-name:"HTML Preformatted Char";
mso-style-priority:99;
mso-style-link:"HTML Preformatted";
font-family:Consolas;}
span.inbox-inbox-h4
{mso-style-name:inbox-inbox-h4;}
span.Heading4Char
{mso-style-name:"Heading 4 Char";
mso-style-priority:9;
mso-style-link:"Heading 4";
font-family:"Calibri Light",sans-serif;
color:#2F5496;
font-style:italic;}
span.EmailStyle23
{mso-style-type:personal-reply;
font-family:"Calibri",sans-serif;
color:#002060;}
.MsoChpDefault
{mso-style-type:export-only;
font-family:"Calibri",sans-serif;}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang="EN-US" link="blue" vlink="purple">
<div class="WordSection1">
<p class="MsoNormal"><span style="color:#002060">My initial take on this is that given that OpenID Connect Core was finalized in 2014, before any of this new guidance was in place, it shouldn’t be affected, given there’s not an actual security issue at stake.
The BCP is just that – best practices, not normative requirements – and the fact that a scheme was already in use before the guidance was drafted that doesn’t somehow make the use of that scheme invalid.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#002060"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="color:#002060">That said, I’d be glad to talk with people about it this week and hear other’s views.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#002060"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="color:#002060"> -- Mike<o:p></o:p></span></p>
<p class="MsoNormal"><a name="_MailEndCompose"><span style="color:#002060"><o:p> </o:p></span></a></p>
<span style="mso-bookmark:_MailEndCompose"></span>
<p class="MsoNormal"><b>From:</b> Openid-specs-ab [mailto:openid-specs-ab-bounces@lists.openid.net]
<b>On Behalf Of </b>Nat Sakimura via Openid-specs-ab<br>
<b>Sent:</b> Wednesday, March 1, 2017 5:50 AM<br>
<b>To:</b> specs-ab <specs-ab@openid.net><br>
<b>Subject:</b> [Openid-specs-ab] Do we need to change the self issued provider scheme?<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<div>
<p class="MsoNormal">Hi<o:p></o:p></p>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<div>
<p class="MsoNormal"><a href="https://tools.ietf.org/html/draft-ietf-oauth-native-apps-07">https://tools.ietf.org/html/draft-ietf-oauth-native-apps-07</a> is in the WGLC now, which I am really happy about. <o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<div>
<p class="MsoNormal">There is one thning that impacts OpenID Connect. While the self-issued provider currently uses openid: as the scheme name, <o:p></o:p></p>
</div>
<div>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<div>
<h4 style="mso-line-height-alt:0pt"><span style="font-size:10.0pt;font-family:"Courier New""><a href="https://tools.ietf.org/html/draft-ietf-oauth-native-apps-07#section-7.1.1"><span style="color:black;text-decoration:none">7.1.1</span></a>. Custom URI Scheme
Namespace Considerations <o:p></o:p></span></h4>
<h4 style="mso-line-height-alt:0pt"><span style="font-size:10.0pt;font-family:"Courier New""><o:p> </o:p></span></h4>
<h4 style="mso-line-height-alt:0pt"><span style="font-size:10.0pt;font-family:"Courier New"">requires the reverse domain name: i.e., it sounds like we would have
<o:p></o:p></span></h4>
<h4 style="mso-line-height-alt:0pt"><span style="font-size:10.0pt;font-family:"Courier New"">to use net.openid instead. Should we do it as an errata/ammendment?
<o:p></o:p></span></h4>
<h4 style="mso-line-height-alt:0pt"><span style="font-size:10.0pt;font-family:"Courier New""><o:p> </o:p></span></h4>
<h4 style="mso-line-height-alt:0pt"><span style="font-size:10.0pt;font-family:"Courier New"">Best,
<o:p></o:p></span></h4>
<h4 style="mso-line-height-alt:0pt"><span style="font-size:10.0pt;font-family:"Courier New""><o:p> </o:p></span></h4>
<h4 style="mso-line-height-alt:0pt"><span style="font-size:10.0pt;font-family:"Courier New"">Nat<o:p></o:p></span></h4>
</div>
</div>
</div>
<div>
<p class="MsoNormal">-- <o:p></o:p></p>
</div>
<div>
<p>Nat Sakimura<o:p></o:p></p>
<p>Chairman of the Board, OpenID Foundation<o:p></o:p></p>
</div>
</div>
</body>
</html>