<div dir="ltr"><div>Andreas, </div><div><br></div><div>Thanks for posting them. </div><div><br></div>(I remember replying to your original email but it does not seem to appear in the archive so... ) <div><br></div><div>Would you be willing to submit your work (<a href="https://oauth.no/trust/">https://oauth.no/trust/</a>) in the form of text or PDF to this mailing list so that it can form a part of your contribution?</div><div><br></div><div>That will form a basis for the WG to discuss the design. </div><div><br></div><div>Best regards, </div><div><br></div><div>Nat Sakimura</div><div><br><div><br></div></div></div><br><div class="gmail_quote"><div dir="ltr">On Thu, Aug 2, 2018 at 8:42 PM Andreas Åkre Solberg via Openid-specs-ab <<a href="mailto:openid-specs-ab@lists.openid.net">openid-specs-ab@lists.openid.net</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">

<div style="word-wrap:break-word;line-break:after-white-space">

And here is a proof of concept implementation of resolving trust between entities using this design:

<div><br>

</div>

<div><a href="https://oauth.no/poc/" target="_blank">https://oauth.no/poc/</a></div>

<div>

<div>

<div style="color:rgb(0,0,0);font-family:Helvetica;font-size:12px;font-style:normal;font-variant-caps:normal;font-weight:normal;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;text-decoration:none">

<br class="m_-8066304815048389949Apple-interchange-newline">

Andreas Åkre Solberg</div>

<div style="color:rgb(0,0,0);font-family:Helvetica;font-size:12px;font-style:normal;font-variant-caps:normal;font-weight:normal;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;text-decoration:none">

Senior Technical Architect</div>

<div style="color:rgb(0,0,0);font-family:Helvetica;font-size:12px;font-style:normal;font-variant-caps:normal;font-weight:normal;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;text-decoration:none">

UNINETT – <a href="https://uninett.no" target="_blank">https://uninett.no</a> </div>

<div style="color:rgb(0,0,0);font-family:Helvetica;font-size:12px;font-style:normal;font-variant-caps:normal;font-weight:normal;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;text-decoration:none">

<a href="https://www.linkedin.com/in/andreassolberg/" target="_blank">https://www.linkedin.com/in/andreassolberg/</a></div>

<br class="m_-8066304815048389949Apple-interchange-newline">

</div>

<div><br>

<blockquote type="cite">

<div>2. aug. 2018 kl. 08:58 skrev Andreas Åkre Solberg <<a href="mailto:Andreas.Solberg@uninett.no" target="_blank">Andreas.Solberg@uninett.no</a>>:</div>

<br class="m_-8066304815048389949Apple-interchange-newline">

<div>

<div style="word-wrap:break-word;line-break:after-white-space">

I wrote a new article trying to explain and compare two alternative designs for trust chains for OpenID Connect Federations:

<div><br>

</div>

<div><a href="https://oauth.no/trust/" target="_blank">https://oauth.no/trust/</a></div>

<div><br>

</div>

<div>I would really appreciate others comments on this. I hope there is room for

<b>discussions</b> on these fundamental design choices, regardless of the

<i>implementer’s draft</i> status of the currently proposed specification.</div>

<div><br>

</div>

<div>Kind regards</div>

<div>

<div>

<div style="font-family:Helvetica;font-size:12px;font-style:normal;font-variant-caps:normal;font-weight:normal;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;text-decoration:none">

<br class="m_-8066304815048389949Apple-interchange-newline">

Andreas Åkre Solberg</div>

<div style="font-family:Helvetica;font-size:12px;font-style:normal;font-variant-caps:normal;font-weight:normal;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;text-decoration:none">

Senior Technical Architect</div>

<div style="font-family:Helvetica;font-size:12px;font-style:normal;font-variant-caps:normal;font-weight:normal;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;text-decoration:none">

UNINETT – <a href="https://uninett.no/" target="_blank">https://uninett.no</a> </div>

<div style="font-family:Helvetica;font-size:12px;font-style:normal;font-variant-caps:normal;font-weight:normal;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;text-decoration:none">

<a href="https://www.linkedin.com/in/andreassolberg/" target="_blank">https://www.linkedin.com/in/andreassolberg/</a></div>

<div style="font-family:Helvetica;font-size:12px;font-style:normal;font-variant-caps:normal;font-weight:normal;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;text-decoration:none">

<br>

</div>

<div style="font-family:Helvetica;font-size:12px;font-style:normal;font-variant-caps:normal;font-weight:normal;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;text-decoration:none">

<br>

</div>

<br class="m_-8066304815048389949Apple-interchange-newline" style="font-family:Helvetica;font-size:12px;font-style:normal;font-variant-caps:normal;font-weight:normal;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;text-decoration:none">

<br class="m_-8066304815048389949Apple-interchange-newline">

</div>

<br>

</div>

</div>

</div>

</blockquote>

</div>

<br>

</div>

</div>

_______________________________________________<br>

Openid-specs-ab mailing list<br>

<a href="mailto:Openid-specs-ab@lists.openid.net" target="_blank">Openid-specs-ab@lists.openid.net</a><br>

<a href="http://lists.openid.net/mailman/listinfo/openid-specs-ab" rel="noreferrer" target="_blank">http://lists.openid.net/mailman/listinfo/openid-specs-ab</a><br>

</blockquote></div><br clear="all"><div><br></div>-- <br><div dir="ltr" class="gmail_signature" data-smartmail="gmail_signature">Nat Sakimura (=nat)<div>Chairman, OpenID Foundation<br><a href="http://nat.sakimura.org/" target="_blank">http://nat.sakimura.org/</a><br>@_nat_en</div></div>