<html>
  <head>
    <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
  </head>
  <body text="#000000" bgcolor="#FFFFFF">
    <font face="Helvetica, Arial, sans-serif">Yes, I will submit a PR
      for the spec and post the current version shortly :)</font><br>
    <br>
    <div class="moz-cite-prefix">On 7/24/19 11:39 AM, Vittorio Bertocci
      wrote:<br>
    </div>
    <blockquote type="cite"
cite="mid:CAO_FVe7Fkq5BexPyn5coMtFY5S1b4Oi=goMb6erbc8rHNiL6eQ@mail.gmail.com">
      <meta http-equiv="content-type" content="text/html; charset=UTF-8">
      <div dir="ltr">HI George, all-
        <div>I was wondering if we could revive this proposal and see if
          there are ways to move forward. We are receiving customer
          requests that would be satisfied by this or similar mechanisms
          to signal the desire to perform a signup operation.??</div>
        <div>George: yesterday I discussed the feature with Nat, John,
          Brian and they shared interesting insights. I'd be happy to
          summarize and contribute language to that effect, if you have
          time to engage.</div>
        <div>thanks!</div>
        <div>V.</div>
      </div>
      <br>
      <div class="gmail_quote">
        <div dir="ltr" class="gmail_attr">On Mon, Feb 4, 2019 at 11:30
          AM George Fletcher via Openid-specs-ab <<a
            href="mailto:openid-specs-ab@lists.openid.net"
            moz-do-not-send="true">openid-specs-ab@lists.openid.net</a>>
          wrote:<br>
        </div>
        <blockquote class="gmail_quote" style="margin:0px 0px 0px
          0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
          <div bgcolor="#FFFFFF"> <font face="Helvetica, Arial,
              sans-serif">True, this isn't the original use case... but
              it's an interesting one. However, it seems like getting a
              "consent receipt" response would make more sense connected
              to the prompt=consent flow than a prompt=create one. And
              maybe if a "consent receipt" is attached to the act of a
              user giving consent<font size="-1">, </font></font><font
              face="Helvetica, Arial, sans-serif">then this is a case
              where prompt="create consent" makes sense:)</font><br>
            <br>
            <div class="gmail-m_-265474924815822966moz-cite-prefix">On
              2/1/19 6:06 PM, Tom Jones via Openid-specs-ab wrote:<br>
            </div>
            <blockquote type="cite">
              <div dir="ltr">What i think the client might need is a
                consent receipt to show that the user did agree to share
                the data with the client. In that case the client could
                request that user consent be sought. I am not sure at
                all that this was the reason for the request for this
                item, but it is a reasonable request from the client
                side to know that it has received the data in a lawful
                manner.<br clear="all">
                <div>
                  <div dir="ltr"
                    class="gmail-m_-265474924815822966gmail_signature">
                    <div dir="ltr">
                      <div>Peace ..tom</div>
                    </div>
                  </div>
                </div>
                <br>
              </div>
              <br>
              <div class="gmail_quote">
                <div dir="ltr" class="gmail_attr">On Thu, Jan 31, 2019
                  at 5:05 PM Brock Allen via Openid-specs-ab <<a
                    href="mailto:openid-specs-ab@lists.openid.net"
                    target="_blank" moz-do-not-send="true">openid-specs-ab@lists.openid.net</a>>
                  wrote:<br>
                </div>
                <blockquote class="gmail_quote" style="margin:0px 0px
                  0px 0.8ex;border-left:1px solid
                  rgb(204,204,204);padding-left:1ex">
                  <div
id="gmail-m_-265474924815822966gmail-m_4124734365722041158__MailbirdStyleContent">
                    Do you have a concrete example of how a client would
                    know to send prompt=create?
                    <div><br>
                    </div>
                    <div>I ask because my first reaction is that given
                      the client doesn't authenticate the user, it has
                      no idea if the user has an account or not, so
                      how/why would it know to send this value???</div>
                    <div><br>
                    </div>
                    <div>Or are you simply imaging the scenario where
                      the client shows a "login" or "register" link,
                      rather than getting the OP to do that?<br>
                      <div><br>
                      </div>
                      <div
                        class="gmail-m_-265474924815822966gmail-m_4124734365722041158mb_sig"><span
                          style="font-family:"Lucida Console"">-Brock</span>
                        <div><br>
                        </div>
                      </div>
                      <blockquote
class="gmail-m_-265474924815822966gmail-m_4124734365722041158history_container"
                        type="cite"
style="border-left-style:solid;border-width:1px;margin-top:20px;margin-left:0px;padding-left:10px">
                        <p
                          style="color:rgb(170,170,170);margin-top:10px">On
                          1/31/2019 3:46:26 PM, George Fletcher via
                          Openid-specs-ab <<a
                            href="mailto:openid-specs-ab@lists.openid.net"
                            target="_blank" moz-do-not-send="true">openid-specs-ab@lists.openid.net</a>>
                          wrote:</p>
                        <div
                          style="font-family:Arial,Helvetica,sans-serif">
                          <span
                            style="font-family:Helvetica,Arial,sans-serif">Thanks
                            so much for the quick feedback William!
                            Comments inline...</span><br>
                          <br>
                          <div
class="gmail-m_-265474924815822966gmail-m_4124734365722041158moz-cite-prefix">On
                            1/31/19 12:45 PM, William Denniss wrote:<br>
                          </div>
                          <blockquote type="cite">
                            <div dir="ltr">
                              <div dir="ltr">
                                <div>Hi George,</div>
                                <div><br>
                                </div>
                                <div>Some quick review thoughts:</div>
                                <div><br>
                                </div>
                                <div>Section 4 Why is there a
                                  prohibition on combining "create" with
                                  other prompt values? What if a future
                                  prompt value was added that was
                                  compatible with "create"?</div>
                              </div>
                            </div>
                          </blockquote>
                          My thinking (though I'm open to options) is
                          that there are many values that can be
                          mutually exclusive. For example, what does
                          prompt="create consent" mean? I'm happy to
                          reduce this to SHOULD to allow for future
                          possibilities. Or change the wording to
                          explain that other prompt values that conflict
                          with "create" should not be used.<br>
                          <blockquote type="cite">
                            <div dir="ltr">
                              <div dir="ltr"><br
class="gmail-m_-265474924815822966gmail-m_4124734365722041158gmail-Apple-interchange-newline">
                                <div>Section 4.1, "the account creation
                                  experience" isn't defined by any
                                  OpenID spec, so requiring it with a
                                  MUST could be problematic. Also, most
                                  guidance on the UI shown by the OP is
                                  generally in the form of
                                  recommendations not normative
                                  requirements (e.g. around scope
                                  consent screens).</div>
                              </div>
                            </div>
                          </blockquote>
                          OK, I'm fine changing this to a SHOULD if that
                          makes things more acceptable :)<br>
                          <blockquote type="cite">
                            <div dir="ltr">
                              <div dir="ltr">
                                <div><br>
                                </div>
                                <div>As background, how would you expect
                                  this to be shown on the client? Two
                                  different buttons, one to connect an
                                  existing account, one to create a new
                                  account? Might be worth a
                                  non-normative discussion in the doc
                                  about how the clients might use this.</div>
                              </div>
                            </div>
                          </blockquote>
                          More or less, yes:) There are some use cases
                          where the client may want to allow the user to
                          choose between the options (sign-up vs
                          sign-in) before starting the authentication
                          flow. I don't think it precludes the OP from
                          having to know that a client started an
                          authenticate flow, the user chose the sign-up
                          link/button and then at the end of
                          registration the OP needs to redirect back to
                          the client with a code. However, it does allow
                          the client to optimize the experience.<br>
                          <br>
                          Thanks again,<br>
                          George<br>
                          <blockquote type="cite">
                            <div dir="ltr">
                              <div dir="ltr">
                                <div><br>
                                </div>
                                <div>William</div>
                                <div dir="ltr"><br>
                                </div>
                              </div>
                            </div>
                            <br>
                            <div class="gmail_quote">
                              <div dir="ltr" class="gmail_attr">On Thu,
                                Jan 31, 2019 at 9:19 AM George Fletcher
                                via Openid-specs-ab <<a
                                  href="mailto:openid-specs-ab@lists.openid.net"
                                  target="_blank" moz-do-not-send="true">openid-specs-ab@lists.openid.net</a>>
                                wrote:<br>
                              </div>
                              <blockquote class="gmail_quote"
                                style="margin:0px 0px 0px
                                0.8ex;border-left:1px solid
                                rgb(204,204,204);padding-left:1ex">I've
                                attached both the XML and Text versions
                                of a very small spec that <br>
                                defines a new parameter value for the
                                'prompt' parameter that allows the <br>
                                client to request the user go directly
                                to the account creation flow and <br>
                                when the user has successfully created
                                the account, return a 'code' to <br>
                                the client. This improves the user
                                experience by allowing the client to <br>
                                direct the user directly to the account
                                creation page.<br>
                                <br>
                                Feedback greatly appreciated!<br>
                                <br>
                                Thanks,<br>
                                George<br>
                                <br>
                                <br>
_______________________________________________<br>
                                Openid-specs-ab mailing list<br>
                                <a
                                  href="mailto:Openid-specs-ab@lists.openid.net"
                                  target="_blank" moz-do-not-send="true">Openid-specs-ab@lists.openid.net</a><br>
                                <a
                                  href="http://lists.openid.net/mailman/listinfo/openid-specs-ab"
                                  rel="noreferrer" target="_blank"
                                  moz-do-not-send="true">http://lists.openid.net/mailman/listinfo/openid-specs-ab</a><br>
                              </blockquote>
                            </div>
                          </blockquote>
                          <br>
                          <pre class="gmail-m_-265474924815822966gmail-m_4124734365722041158moz-signature" cols="72">-- 
Identity Standards Architect
Verizon Media                     Work: <a class="gmail-m_-265474924815822966gmail-m_4124734365722041158moz-txt-link-abbreviated" href="mailto:george.fletcher@oath.com" target="_blank" moz-do-not-send="true">george.fletcher@oath.com</a>
Mobile: +1-703-462-3494           Twitter: <a class="gmail-m_-265474924815822966gmail-m_4124734365722041158moz-txt-link-freetext" href="http://twitter.com/gffletch" target="_blank" moz-do-not-send="true">http://twitter.com/gffletch</a>
Office: +1-703-265-2544           Photos: <a class="gmail-m_-265474924815822966gmail-m_4124734365722041158moz-txt-link-freetext" href="http://georgefletcher.photography" target="_blank" moz-do-not-send="true">http://georgefletcher.photography</a>
</pre>
                        </div>
                      </blockquote>
                    </div>
                  </div>
                  _______________________________________________<br>
                  Openid-specs-ab mailing list<br>
                  <a href="mailto:Openid-specs-ab@lists.openid.net"
                    target="_blank" moz-do-not-send="true">Openid-specs-ab@lists.openid.net</a><br>
                  <a
                    href="http://lists.openid.net/mailman/listinfo/openid-specs-ab"
                    rel="noreferrer" target="_blank"
                    moz-do-not-send="true">http://lists.openid.net/mailman/listinfo/openid-specs-ab</a><br>
                </blockquote>
              </div>
              <br>
              <fieldset
                class="gmail-m_-265474924815822966mimeAttachmentHeader"></fieldset>
              <pre class="gmail-m_-265474924815822966moz-quote-pre">_______________________________________________
Openid-specs-ab mailing list
<a class="gmail-m_-265474924815822966moz-txt-link-abbreviated" href="mailto:Openid-specs-ab@lists.openid.net" target="_blank" moz-do-not-send="true">Openid-specs-ab@lists.openid.net</a>
<a class="gmail-m_-265474924815822966moz-txt-link-freetext" href="http://lists.openid.net/mailman/listinfo/openid-specs-ab" target="_blank" moz-do-not-send="true">http://lists.openid.net/mailman/listinfo/openid-specs-ab</a>
</pre>
            </blockquote>
            <br>
            <pre class="gmail-m_-265474924815822966moz-signature" cols="72">-- 
Identity Standards Architect
Verizon Media                     Work: <a class="gmail-m_-265474924815822966moz-txt-link-abbreviated" href="mailto:george.fletcher@oath.com" target="_blank" moz-do-not-send="true">george.fletcher@oath.com</a>
Mobile: +1-703-462-3494           Twitter: <a class="gmail-m_-265474924815822966moz-txt-link-freetext" href="http://twitter.com/gffletch" target="_blank" moz-do-not-send="true">http://twitter.com/gffletch</a>
Office: +1-703-265-2544           Photos: <a class="gmail-m_-265474924815822966moz-txt-link-freetext" href="http://georgefletcher.photography" target="_blank" moz-do-not-send="true">http://georgefletcher.photography</a>
</pre>
          </div>
          _______________________________________________<br>
          Openid-specs-ab mailing list<br>
          <a href="mailto:Openid-specs-ab@lists.openid.net"
            target="_blank" moz-do-not-send="true">Openid-specs-ab@lists.openid.net</a><br>
          <a
            href="http://lists.openid.net/mailman/listinfo/openid-specs-ab"
            rel="noreferrer" target="_blank" moz-do-not-send="true">http://lists.openid.net/mailman/listinfo/openid-specs-ab</a><br>
        </blockquote>
      </div>
    </blockquote>
    <br>
    <pre class="moz-signature" cols="72">-- 
Identity Standards Architect
Verizon Media                     Work: <a class="moz-txt-link-abbreviated" href="mailto:george.fletcher@oath.com">george.fletcher@oath.com</a>
Mobile: +1-703-462-3494           Twitter: <a class="moz-txt-link-freetext" href="http://twitter.com/gffletch">http://twitter.com/gffletch</a>
Office: +1-703-265-2544           Photos: <a class="moz-txt-link-freetext" href="http://georgefletcher.photography">http://georgefletcher.photography</a>
</pre>
  </body>
</html>