<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-2022-jp">
<meta name="Generator" content="Microsoft Word 15 (filtered medium)">
<style><!--
/* Font Definitions */
@font-face
{font-family:"MS ゴシック";
panose-1:2 11 6 9 7 2 5 8 2 4;}
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:"Noto Sans CJK JP Medium";
panose-1:2 11 6 0 0 0 0 0 0 0;}
@font-face
{font-family:"\@MS ゴシック";
panose-1:2 11 6 9 7 2 5 8 2 4;}
@font-face
{font-family:"\@Noto Sans CJK JP Medium";}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0mm;
margin-bottom:.0001pt;
text-align:justify;
text-justify:inter-ideograph;
font-size:10.5pt;
font-family:"Arial",sans-serif;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:#0563C1;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:#954F72;
text-decoration:underline;}
p.MsoListParagraph, li.MsoListParagraph, div.MsoListParagraph
{mso-style-priority:34;
margin-top:0mm;
margin-right:0mm;
margin-bottom:0mm;
margin-left:42.0pt;
margin-bottom:.0001pt;
mso-para-margin-top:0mm;
mso-para-margin-right:0mm;
mso-para-margin-bottom:0mm;
mso-para-margin-left:4.0gd;
mso-para-margin-bottom:.0001pt;
text-align:justify;
text-justify:inter-ideograph;
font-size:10.5pt;
font-family:"Arial",sans-serif;}
span.17
{mso-style-type:personal-compose;
font-family:"Noto Sans CJK JP Medium",sans-serif;
color:windowtext;
font-weight:normal;
font-style:normal;
text-decoration:none none;}
.MsoChpDefault
{mso-style-type:export-only;
font-family:"Arial",sans-serif;}
/* Page Definitions */
@page WordSection1
{size:612.0pt 792.0pt;
margin:99.25pt 30.0mm 30.0mm 30.0mm;}
div.WordSection1
{page:WordSection1;}
/* List Definitions */
@list l0
{mso-list-id:523714737;
mso-list-type:hybrid;
mso-list-template-ids:1702683324 -123984442 67698711 67698705 67698703 67698711 67698705 67698703 67698711 67698705;}
@list l0:level1
{mso-level-tab-stop:none;
mso-level-number-position:left;
margin-left:18.0pt;
text-indent:-18.0pt;}
@list l0:level2
{mso-level-number-format:aiueo-full-width;
mso-level-text:"\(%2\)";
mso-level-tab-stop:none;
mso-level-number-position:left;
margin-left:42.0pt;
text-indent:-21.0pt;}
@list l0:level3
{mso-level-number-format:decimal-enclosed-circle;
mso-level-text:%3;
mso-level-tab-stop:none;
mso-level-number-position:left;
margin-left:63.0pt;
text-indent:-21.0pt;}
@list l0:level4
{mso-level-tab-stop:none;
mso-level-number-position:left;
margin-left:84.0pt;
text-indent:-21.0pt;}
@list l0:level5
{mso-level-number-format:aiueo-full-width;
mso-level-text:"\(%5\)";
mso-level-tab-stop:none;
mso-level-number-position:left;
margin-left:105.0pt;
text-indent:-21.0pt;}
@list l0:level6
{mso-level-number-format:decimal-enclosed-circle;
mso-level-text:%6;
mso-level-tab-stop:none;
mso-level-number-position:left;
margin-left:126.0pt;
text-indent:-21.0pt;}
@list l0:level7
{mso-level-tab-stop:none;
mso-level-number-position:left;
margin-left:147.0pt;
text-indent:-21.0pt;}
@list l0:level8
{mso-level-number-format:aiueo-full-width;
mso-level-text:"\(%8\)";
mso-level-tab-stop:none;
mso-level-number-position:left;
margin-left:168.0pt;
text-indent:-21.0pt;}
@list l0:level9
{mso-level-number-format:decimal-enclosed-circle;
mso-level-text:%9;
mso-level-tab-stop:none;
mso-level-number-position:left;
margin-left:189.0pt;
text-indent:-21.0pt;}
ol
{margin-bottom:0mm;}
ul
{margin-bottom:0mm;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026">
<v:textbox inset="5.85pt,.7pt,5.85pt,.7pt" />
</o:shapedefaults></xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang="JA" link="#0563C1" vlink="#954F72" style="text-justify-trim:punctuation">
<div class="WordSection1">
<p class="MsoNormal"><span lang="EN-US" style="font-size:11.0pt;font-family:"Noto Sans CJK JP Medium",sans-serif">Dear Connecters:
<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="font-size:11.0pt;font-family:"Noto Sans CJK JP Medium",sans-serif"><o:p> </o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="font-size:11.0pt;font-family:"Noto Sans CJK JP Medium",sans-serif">Mike and I talked this over at #EIC18, but it seems it is a good idea to document about Self-Issued IdP. Current documentation seems to be a bit
too dry and you have to jump implicitly to many locations in the spec. As the result, people do not get it. In addition, it probably should include some of the operational considerations such as Key backup etc. as well.
<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="font-size:11.0pt;font-family:"Noto Sans CJK JP Medium",sans-serif"><o:p> </o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="font-size:11.0pt;font-family:"Noto Sans CJK JP Medium",sans-serif">Some of the
</span><span lang="EN-US" style="font-size:11.0pt">“</span><span lang="EN-US" style="font-size:11.0pt;font-family:"Noto Sans CJK JP Medium",sans-serif">non-spec</span><span lang="EN-US" style="font-size:11.0pt">”</span><span lang="EN-US" style="font-size:11.0pt;font-family:"Noto Sans CJK JP Medium",sans-serif">
(potentially it can be spec</span><span lang="EN-US" style="font-size:11.0pt">’</span><span lang="EN-US" style="font-size:11.0pt;font-family:"Noto Sans CJK JP Medium",sans-serif">ed out later) items that comes into my mind are documentation on:
<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="font-size:11.0pt;font-family:"Noto Sans CJK JP Medium",sans-serif"><o:p> </o:p></span></p>
<ol style="margin-top:0mm" start="1" type="1">
<li class="MsoListParagraph" style="margin-left:-18.0pt;mso-para-margin-left:0gd;mso-list:l0 level1 lfo1">
<span lang="EN-US" style="font-size:11.0pt;font-family:"Noto Sans CJK JP Medium",sans-serif">Clearly tell that we are not using URL to identify a user. (It is the hash of the generated key.)<o:p></o:p></span></li><li class="MsoListParagraph" style="margin-left:-18.0pt;mso-para-margin-left:0gd;mso-list:l0 level1 lfo1">
<span lang="EN-US" style="font-size:11.0pt;font-family:"Noto Sans CJK JP Medium",sans-serif">Android intent and claimed URI (in addition to the custom URI scheme that we have in the spec.)
<o:p></o:p></span></li><li class="MsoListParagraph" style="margin-left:-18.0pt;mso-para-margin-left:0gd;mso-list:l0 level1 lfo1">
<span lang="EN-US" style="font-size:11.0pt;font-family:"Noto Sans CJK JP Medium",sans-serif">How the SS-IdP gets introduced to the Claims providers for the use in Aggregated claims.
<o:p></o:p></span></li><li class="MsoListParagraph" style="margin-left:-18.0pt;mso-para-margin-left:0gd;mso-list:l0 level1 lfo1">
<span lang="EN-US" style="font-size:11.0pt;font-family:"Noto Sans CJK JP Medium",sans-serif">How the SS-IdP gets the authorization delegation from the Claims providers for the Distributed claims case. (UMA resource registration comes in mind as one of the method.)<o:p></o:p></span></li><li class="MsoListParagraph" style="margin-left:-18.0pt;mso-para-margin-left:0gd;mso-list:l0 level1 lfo1">
<span lang="EN-US" style="font-size:11.0pt;font-family:"Noto Sans CJK JP Medium",sans-serif">How the keys and tokens to be backed up and transferred to other devices. (e.g., encrypting with a CEK based on the user-supplied pass-phrase and storing it on a cloud
based storage.) <o:p></o:p></span></li><li class="MsoListParagraph" style="margin-left:-18.0pt;mso-para-margin-left:0gd;mso-list:l0 level1 lfo1">
<span lang="EN-US" style="font-size:11.0pt;font-family:"Noto Sans CJK JP Medium",sans-serif">Recommendation on Claims revocation/expiration.
<o:p></o:p></span></li><li class="MsoListParagraph" style="margin-left:-18.0pt;mso-para-margin-left:0gd;mso-list:l0 level1 lfo1">
<span lang="EN-US" style="font-size:11.0pt;font-family:"Noto Sans CJK JP Medium",sans-serif">Privacy consideration.
<o:p></o:p></span></li></ol>
<p class="MsoNormal"><span lang="EN-US" style="font-size:11.0pt;font-family:"Noto Sans CJK JP Medium",sans-serif"><o:p> </o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="font-size:11.0pt;font-family:"Noto Sans CJK JP Medium",sans-serif">I also had an opportunity to talk with Kim Cameron: He wanted to have SS-IdP that is even closer to a regular IdP. E.g., returning
</span><span lang="EN-US" style="font-size:11.0pt">‘</span><span lang="EN-US" style="font-size:11.0pt;font-family:"Noto Sans CJK JP Medium",sans-serif">code</span><span lang="EN-US" style="font-size:11.0pt">’</span><span lang="EN-US" style="font-size:11.0pt;font-family:"Noto Sans CJK JP Medium",sans-serif">
or </span><span lang="EN-US" style="font-size:11.0pt">‘</span><span lang="EN-US" style="font-size:11.0pt;font-family:"Noto Sans CJK JP Medium",sans-serif">access_token</span><span lang="EN-US" style="font-size:11.0pt">’</span><span lang="EN-US" style="font-size:11.0pt;font-family:"Noto Sans CJK JP Medium",sans-serif">
from the SS-IdP so that they can be used against the cloud hosted token endpoint and userinfo endpoint, that probably maps to the
</span><span lang="EN-US" style="font-size:11.0pt">“</span><span lang="EN-US" style="font-size:11.0pt;font-family:"Noto Sans CJK JP Medium",sans-serif">Hub API</span><span lang="EN-US" style="font-size:11.0pt">”</span><span lang="EN-US" style="font-size:11.0pt;font-family:"Noto Sans CJK JP Medium",sans-serif">
in his slide found at 17min12sec at <a href="https://www.identityblog.com/wp-content/resources/2018/eic2018_06_cameron.mp4">
https://www.identityblog.com/wp-content/resources/2018/eic2018_06_cameron.mp4</a>.
<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="font-size:11.0pt;font-family:"Noto Sans CJK JP Medium",sans-serif"><o:p> </o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="font-size:11.0pt;font-family:"Noto Sans CJK JP Medium",sans-serif">Perhaps we should talk about it in the next AB/C call.
<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="font-size:11.0pt;font-family:"Noto Sans CJK JP Medium",sans-serif"><o:p> </o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="font-size:11.0pt;font-family:"Noto Sans CJK JP Medium",sans-serif">Best,
<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="font-size:11.0pt;font-family:"Noto Sans CJK JP Medium",sans-serif"><o:p> </o:p></span></p>
<p class="MsoNormal" align="left" style="text-align:left"><span lang="EN-US" style="font-size:11.0pt;font-family:"Noto Sans CJK JP Medium",sans-serif">Nat Sakimura <<a href="mailto:n-sakimura@nri.co.jp">n-sakimura@nri.co.jp</a>><o:p></o:p></span></p>
<p class="MsoNormal" align="left" style="text-align:left"><span lang="EN-US" style="font-size:11.0pt;font-family:"Noto Sans CJK JP Medium",sans-serif"><o:p> </o:p></span></p>
<p class="MsoNormal" align="left" style="text-align:left"><span lang="EN-US" style="font-size:8.0pt;font-family:"Noto Sans CJK JP Medium",sans-serif">PLEASE READ :This e-mail is confidential and intended for the named recipient only. If you are not an intended
recipient, please notify the sender and delete this e-mail.<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US"><o:p> </o:p></span></p>
</div>
</body>
</html>