<html><head><meta http-equiv="Content-Type" content="text/html; charset=utf-8"></head><body style="word-wrap: break-word; -webkit-nbsp-mode: space; line-break: after-white-space;" class="">Hi Jeff,<div class=""><br class=""></div><div class="">sorry about the late response but I’m on vacation so I don’t read my emails as often as I normally do.<br class=""><div><br class=""><blockquote type="cite" class=""><div class="">On 20 Jun 2018, at 21:25, Jeff LOMBARDO via Openid-specs-ab <<a href="mailto:openid-specs-ab@lists.openid.net" class="">openid-specs-ab@lists.openid.net</a>> wrote:</div><br class="Apple-interchange-newline"><div class=""><div dir="ltr" class="">Hi,<div class=""><br class=""></div><div class="">First post [ever on a RFC] so I hope I play by the rules. My apologies if I don’t.</div></div></div></blockquote><div><br class=""></div>:-)</div><div><br class=""><blockquote type="cite" class=""><div class=""><div dir="ltr" class=""><div class="">I have a problem understanding the multi metadata statement. Maybe it is my core understanding of OIDC which is too raw.</div><div class=""><br class=""></div><div class="">From the rule: 

<span style="font-family: verdana, helvetica, arial, sans-serif; font-size: 13.3333px; float: none; display: inline;" class=""><i class="">Given two metadata statements ms_i and ms_j (j > i, i=0, ..., n-1, j=1, ..., n) For every claim in ms_j: If the claim does not appear in ms_i add it to ms_i. If the claim appears in ms_i then replace the value of the claim in ms_i with the value of the claim in ms_j if and only if the value in ms_j is a subset of the value in ms_i else an error MUST be generated.</i></span></div><div class=""><span style="font-family: verdana, helvetica, arial, sans-serif; font-size: 13.3333px; float: none; display: inline;" class=""><i class=""><br class=""></i></span></div><div class=""><span style="font-family: verdana, helvetica, arial, sans-serif; font-size: 13.3333px; float: none; display: inline;" class="">How can one hope to modify the Metadata statement? Along the rule, a modification of metadata statement can only occur if the new statement is a subset of the old one. </span><span style="font-size: 13.3333px; font-family: verdana, helvetica, arial, sans-serif;" class="">The example is consistent with the rule and may be acceptable for <i style="background-color:rgb(255,255,255);text-decoration-style:initial;text-decoration-color:initial" class="">"response_types"</i>

: </span><i style="font-size: 13.3333px; font-family: verdana, helvetica, arial, sans-serif;" class="">ms_1{"response_types": ["code", "code id_token"]}</i><span style="font-size: 13.3333px; font-family: verdana, helvetica, arial, sans-serif;" class=""> + </span><i style="font-size: 13.3333px; font-family: verdana, helvetica, arial, sans-serif;" class="">ms_2{"response_types: ["code"]}</i><span style="font-size: 13.3333px; font-family: verdana, helvetica, arial, sans-serif;" class=""> gives </span><i style="font-size: 13.3333px; font-family: verdana, helvetica, arial, sans-serif;" class="">sum(ms_0...2){"response_types: ["code"]}.</i></div></div></div></blockquote><div><br class=""></div>Correct!</div><div><br class=""><blockquote type="cite" class=""><div class=""><div dir="ltr" class=""><div class=""><font face="verdana, helvetica, arial, sans-serif" class=""><span style="font-size:13.3333px" class="">But I found the expected behavior strange with <i class="">"contacts" </i>(and  <i class="">"logo_uri"</i>, <i class="">"policy_uri"</i>, <i style="" class="">"tos_uri"</i>, etc...). With <i class="">ms_0

<font face="verdana, helvetica, arial, sans-serif" style="font-size:13px" class=""><span style="font-size:13.3333px" class="">{"contacts": ["<a href="mailto:helpdesk@example.com" class="">helpdesk@example.com</a>"]</span></font>} </i>+ <i class="">ms_2{"contacts": ["<a href="mailto:rp_helpdesk@example.com" class="">rp_helpdesk@example.com</a>"]</i></span></font><span style="font-size: 13.3333px; font-family: verdana, helvetica, arial, sans-serif;" class=""><i class="">}</i>  one may want to represent:</span></div><div class=""></div></div></div></blockquote><br class=""><blockquote type="cite" class=""><div class=""><div dir="ltr" class=""><div class=""><span style="font-size: 13.3333px; font-family: verdana, helvetica, arial, sans-serif;" class="">- a modification of <i style="background-color:rgb(255,255,255);text-decoration-style:initial;text-decoration-color:initial" class="">"contacts"</i><span style="background-color:rgb(255,255,255);text-decoration-style:initial;text-decoration-color:initial" class=""> in the latest metadata statement bringing the result to<span style="text-decoration-style:initial;text-decoration-color:initial" class=""> </span><i style="text-decoration-style:initial;text-decoration-color:initial" class="">sum(ms_0...2){<i style="background-color:rgb(255,255,255);text-decoration-style:initial;text-decoration-color:initial" class="">"contacts": ["<a href="mailto:rp_helpdesk@example.com" class="">rp_helpdesk@example.com</a>"]</i>} </i><span style="text-decoration-style:initial;text-decoration-color:initial" class="">and not<span style="text-decoration-style:initial;text-decoration-color:initial" class=""> </span><i style="text-decoration-style:initial;text-decoration-color:initial" class="">sum(ms_0...2){<i style="background-color:rgb(255,255,255);text-decoration-style:initial;text-decoration-color:initial" class="">"contacts": ["<a href="mailto:helpdesk@example.com" class="">helpdesk@example.com</a>”]</i>}</i>

</span></span></span></div><div class=""><span style="font-size: 13.3333px; font-family: verdana, helvetica, arial, sans-serif;" class=""><span style="background-color:rgb(255,255,255);text-decoration-style:initial;text-decoration-color:initial" class=""></span></span></div></div></div></blockquote><div><br class=""></div><div>As you state below neither is correct.</div><br class=""><blockquote type="cite" class=""><div class=""><div dir="ltr" class=""><div class=""><span style="font-size: 13.3333px; font-family: verdana, helvetica, arial, sans-serif;" class=""><span style="background-color:rgb(255,255,255);text-decoration-style:initial;text-decoration-color:initial" class=""><span style="text-decoration-style:initial;text-decoration-color:initial" class="">- an enrichment of <i style="text-decoration-style:initial;text-decoration-color:initial;background-color:rgb(255,255,255)" class="">"contacts"</i><span style="text-decoration-style:initial;text-decoration-color:initial;background-color:rgb(255,255,255)" class="">  bringing the result to<span style="text-decoration-style:initial;text-decoration-color:initial" class=""> </span><i style="text-decoration-style:initial;text-decoration-color:initial" class="">sum(ms_0...2){<i style="background-color:rgb(255,255,255);text-decoration-style:initial;text-decoration-color:initial" class="">"contacts": [

<i style="text-decoration-style:initial;text-decoration-color:initial" class=""><font face="verdana, helvetica, arial, sans-serif" style="font-size:13px;background-color:rgb(255,255,255);text-decoration-style:initial;text-decoration-color:initial" class=""><span style="font-size:13.3333px" class="">"<a href="mailto:helpdesk@example.com" class="">helpdesk@example.com</a>"</span></font></i>, "<a href="mailto:rp_helpdesk@example.com" class="">rp_helpdesk@example.com</a>"]</i>}</i><span style="text-decoration-style:initial;text-decoration-color:initial" class="">. </span></span></span></span></span></div></div></div></blockquote><br class=""><blockquote type="cite" class=""><div class=""><div dir="ltr" class=""><div class=""><span style="font-size: 13.3333px; font-family: verdana, helvetica, arial, sans-serif;" class=""><span style="background-color:rgb(255,255,255);text-decoration-style:initial;text-decoration-color:initial" class=""><span style="text-decoration-style:initial;text-decoration-color:initial" class=""><span style="text-decoration-style:initial;text-decoration-color:initial;background-color:rgb(255,255,255)" class=""><span style="text-decoration-style:initial;text-decoration-color:initial" class="">In fact, the attribute is labelled contact<u style="font-weight:bold" class="">S</u> so we expect many contacts here... but this is not possible cause even if I publish 

<i style="text-decoration-style:initial;text-decoration-color:initial" class="">ms_2{<i style="background-color:rgb(255,255,255);text-decoration-style:initial;text-decoration-color:initial" class="">"contacts": [<span class=""> </span><i style="text-decoration-style:initial;text-decoration-color:initial" class=""><font face="verdana, helvetica, arial, sans-serif" style="font-size:13px;background-color:rgb(255,255,255);text-decoration-style:initial;text-decoration-color:initial" class=""><span style="font-size:13.3333px" class="">"<a href="mailto:helpdesk@example.com" class="">helpdesk@example.com</a>"</span></font></i>, "<a href="mailto:rp_helpdesk@example.com" class="">rp_helpdesk@example.com</a>"]</i>}</i><span style="text-decoration-style:initial;text-decoration-color:initial" class="">, <span style="background-color:rgb(255,255,255);text-decoration-style:initial;text-decoration-color:initial" class=""><i style="font-style:italic;background-color:rgb(255,255,255);text-decoration-style:initial;text-decoration-color:initial" class="">"contacts": [<span class=""> </span><i style="text-decoration-style:initial;text-decoration-color:initial" class=""><font face="verdana, helvetica, arial, sans-serif" style="font-size:13px;background-color:rgb(255,255,255);text-decoration-style:initial;text-decoration-color:initial" class=""><span style="font-size:13.3333px" class="">"<a href="mailto:helpdesk@example.com" class="">helpdesk@example.com</a>"</span></font></i>, "<a href="mailto:rp_helpdesk@example.com" class="">rp_helpdesk@example.com</a>"] </i><span style="background-color:rgb(255,255,255);text-decoration-style:initial;text-decoration-color:initial" class="">is not a subset of 

<span style="text-decoration-style:initial;text-decoration-color:initial" class=""><i style="font-style:italic;background-color:rgb(255,255,255);text-decoration-style:initial;text-decoration-color:initial" class="">"contacts": ["<a href="mailto:rp_helpdesk@example.com" class="">rp_helpdesk@example.com</a>"]</i><span style="background-color:rgb(255,255,255);text-decoration-style:initial;text-decoration-color:initial" class=""> so not change can occur</span></span></span></span></span></span></span></span></span></span></div></div></div></blockquote><div><br class=""></div>Correct!</div><div><br class=""></div><div>So, it’s ms_0 that has to list all the possible values used in ms_i (i > 0) or not list any values.</div><div><br class=""></div><div><blockquote type="cite" class=""><div class=""><div dir="ltr" class=""><div class=""><span style="font-size: 13.3333px; font-family: verdana, helvetica, arial, sans-serif;" class=""><span style="background-color:rgb(255,255,255);text-decoration-style:initial;text-decoration-color:initial" class=""><span style="text-decoration-style:initial;text-decoration-color:initial" class=""><span style="text-decoration-style:initial;text-decoration-color:initial;background-color:rgb(255,255,255)" class=""><span style="text-decoration-style:initial;text-decoration-color:initial" class="">In all cases, the result is not consistent with the rule as 

<i style="background-color:rgb(255,255,255);text-decoration-style:initial;text-decoration-color:initial" class="">an error should have been generated </i><span style="background-color:rgb(255,255,255);text-decoration-style:initial;text-decoration-color:initial" class="">cause <i class="">[</i><span style="text-decoration-style:initial;text-decoration-color:initial" class=""><i style="font-style:italic;background-color:rgb(255,255,255);text-decoration-style:initial;text-decoration-color:initial" class="">"<a href="mailto:rp_helpdesk@example.com" class="">rp_helpdesk@example.com</a>"]</i><span style="background-color:rgb(255,255,255);text-decoration-style:initial;text-decoration-color:initial" class=""> is not a subset of 

<i style="text-decoration-style:initial;text-decoration-color:initial" class=""><font face="verdana, helvetica, arial, sans-serif" style="font-size:13px;background-color:rgb(255,255,255);text-decoration-style:initial;text-decoration-color:initial" class=""><span style="font-size:13.3333px" class="">["<a href="mailto:helpdesk@example.com" class="">helpdesk@example.com</a>"].</span></font></i></span></span></span></span></span></span></span></span></div><div class=""><span style="font-size: 13.3333px; font-family: verdana, helvetica, arial, sans-serif;" class=""><span style="background-color:rgb(255,255,255);text-decoration-style:initial;text-decoration-color:initial" class=""><span style="text-decoration-style:initial;text-decoration-color:initial" class=""><span style="text-decoration-style:initial;text-decoration-color:initial;background-color:rgb(255,255,255)" class=""><span style="text-decoration-style:initial;text-decoration-color:initial" class=""><span style="background-color:rgb(255,255,255);text-decoration-style:initial;text-decoration-color:initial" class=""><span style="text-decoration-style:initial;text-decoration-color:initial" class=""><span style="background-color:rgb(255,255,255);text-decoration-style:initial;text-decoration-color:initial" class=""><i style="text-decoration-style:initial;text-decoration-color:initial" class=""><font face="verdana, helvetica, arial, sans-serif" style="font-size:13px;background-color:rgb(255,255,255);text-decoration-style:initial;text-decoration-color:initial" class=""><span style="font-size:13.3333px" class=""><br class=""></span></font></i></span></span></span></span></span></span></span></span></div><div class=""><font face="verdana, helvetica, arial, sans-serif" class=""><span style="font-size:13.3333px" class="">Thanks for you feedback on that,</span></font></div></div></div></blockquote><br class=""></div><div>The reasoning behind the rule is that someone high up in the chain can restrict what someone lower down can use.</div><div>Or it can refrain from making any restrictions. Which means it won’t set any value for a specific claim.</div><div><br class=""></div><div>So, using your example if we have ms_0 {‘contacts’ : [‘<a href="mailto:helpdesk@example.com" class="">helpdesk@example.com</a>’]} then the only values allowed for ms_i (i>0) to use is  [‘<a href="mailto:helpdesk@example.com" class="">helpdesk@example.com</a>’]</div><div><br class=""></div>If on the other hand we have ms_0 {‘contacts’ : [‘<a href="mailto:helpdesk@example.com" class="">helpdesk@example.com</a>’, ‘<a href="mailto:rp_helpdesk@example.com" class="">rp_helpdesk@example.com</a>’]} then ms_i (i>0) can use one of</div><div class=""> [‘<a href="mailto:helpdesk@example.com" class="">helpdesk@example.com</a>’, ‘<a href="mailto:rp_helpdesk@example.com" class="">rp_helpdesk@example.com</a>’],  [‘<a href="mailto:helpdesk@example.com" class="">helpdesk@example.com</a>’]  or [‘<a href="mailto:rp_helpdesk@example.com" class="">rp_helpdesk@example.com</a>’]</div><div class=""><br class=""></div><div class="">Someone lower down in the chain can never extend a claim set by someone higher up.</div><div class=""><br class=""></div><div class="">OK ?</div><div class=""><br class=""><div class="">
<div dir="auto" style="word-wrap: break-word; -webkit-nbsp-mode: space; line-break: after-white-space;" class=""><div style="caret-color: rgb(0, 0, 0); color: rgb(0, 0, 0); font-family: Helvetica; font-size: 12px; font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; text-decoration: none;">— Roland</div><div style="caret-color: rgb(0, 0, 0); color: rgb(0, 0, 0); font-family: Helvetica; font-size: 12px; font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; text-decoration: none;"><br class=""></div><div style="caret-color: rgb(0, 0, 0); color: rgb(0, 0, 0); font-family: Helvetica; font-size: 12px; font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; text-decoration: none;">The higher up you go, the more mistakes you are allowed. Right at the top, if you make enough of them, it's considered to be your style. </div><div style="caret-color: rgb(0, 0, 0); color: rgb(0, 0, 0); font-family: Helvetica; font-size: 12px; font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; text-decoration: none;">-Fred Astaire, dancer, actor, singer, musician, and choreographer (10 May 1899-1987)</div></div>
</div>
<br class=""></div></body></html>