<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
</head>
<body text="#000000" bgcolor="#FFFFFF">
<font face="Helvetica, Arial, sans-serif">Yes, I will submit a PR
for the spec and post the current version shortly :)</font><br>
<br>
<div class="moz-cite-prefix">On 7/24/19 11:39 AM, Vittorio Bertocci
wrote:<br>
</div>
<blockquote type="cite"
cite="mid:CAO_FVe7Fkq5BexPyn5coMtFY5S1b4Oi=goMb6erbc8rHNiL6eQ@mail.gmail.com">
<meta http-equiv="content-type" content="text/html; charset=UTF-8">
<div dir="ltr">HI George, all-
<div>I was wondering if we could revive this proposal and see if
there are ways to move forward. We are receiving customer
requests that would be satisfied by this or similar mechanisms
to signal the desire to perform a signup operation.??</div>
<div>George: yesterday I discussed the feature with Nat, John,
Brian and they shared interesting insights. I'd be happy to
summarize and contribute language to that effect, if you have
time to engage.</div>
<div>thanks!</div>
<div>V.</div>
</div>
<br>
<div class="gmail_quote">
<div dir="ltr" class="gmail_attr">On Mon, Feb 4, 2019 at 11:30
AM George Fletcher via Openid-specs-ab <<a
href="mailto:openid-specs-ab@lists.openid.net"
moz-do-not-send="true">openid-specs-ab@lists.openid.net</a>>
wrote:<br>
</div>
<blockquote class="gmail_quote" style="margin:0px 0px 0px
0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
<div bgcolor="#FFFFFF"> <font face="Helvetica, Arial,
sans-serif">True, this isn't the original use case... but
it's an interesting one. However, it seems like getting a
"consent receipt" response would make more sense connected
to the prompt=consent flow than a prompt=create one. And
maybe if a "consent receipt" is attached to the act of a
user giving consent<font size="-1">, </font></font><font
face="Helvetica, Arial, sans-serif">then this is a case
where prompt="create consent" makes sense:)</font><br>
<br>
<div class="gmail-m_-265474924815822966moz-cite-prefix">On
2/1/19 6:06 PM, Tom Jones via Openid-specs-ab wrote:<br>
</div>
<blockquote type="cite">
<div dir="ltr">What i think the client might need is a
consent receipt to show that the user did agree to share
the data with the client. In that case the client could
request that user consent be sought. I am not sure at
all that this was the reason for the request for this
item, but it is a reasonable request from the client
side to know that it has received the data in a lawful
manner.<br clear="all">
<div>
<div dir="ltr"
class="gmail-m_-265474924815822966gmail_signature">
<div dir="ltr">
<div>Peace ..tom</div>
</div>
</div>
</div>
<br>
</div>
<br>
<div class="gmail_quote">
<div dir="ltr" class="gmail_attr">On Thu, Jan 31, 2019
at 5:05 PM Brock Allen via Openid-specs-ab <<a
href="mailto:openid-specs-ab@lists.openid.net"
target="_blank" moz-do-not-send="true">openid-specs-ab@lists.openid.net</a>>
wrote:<br>
</div>
<blockquote class="gmail_quote" style="margin:0px 0px
0px 0.8ex;border-left:1px solid
rgb(204,204,204);padding-left:1ex">
<div
id="gmail-m_-265474924815822966gmail-m_4124734365722041158__MailbirdStyleContent">
Do you have a concrete example of how a client would
know to send prompt=create?
<div><br>
</div>
<div>I ask because my first reaction is that given
the client doesn't authenticate the user, it has
no idea if the user has an account or not, so
how/why would it know to send this value???</div>
<div><br>
</div>
<div>Or are you simply imaging the scenario where
the client shows a "login" or "register" link,
rather than getting the OP to do that?<br>
<div><br>
</div>
<div
class="gmail-m_-265474924815822966gmail-m_4124734365722041158mb_sig"><span
style="font-family:"Lucida Console"">-Brock</span>
<div><br>
</div>
</div>
<blockquote
class="gmail-m_-265474924815822966gmail-m_4124734365722041158history_container"
type="cite"
style="border-left-style:solid;border-width:1px;margin-top:20px;margin-left:0px;padding-left:10px">
<p
style="color:rgb(170,170,170);margin-top:10px">On
1/31/2019 3:46:26 PM, George Fletcher via
Openid-specs-ab <<a
href="mailto:openid-specs-ab@lists.openid.net"
target="_blank" moz-do-not-send="true">openid-specs-ab@lists.openid.net</a>>
wrote:</p>
<div
style="font-family:Arial,Helvetica,sans-serif">
<span
style="font-family:Helvetica,Arial,sans-serif">Thanks
so much for the quick feedback William!
Comments inline...</span><br>
<br>
<div
class="gmail-m_-265474924815822966gmail-m_4124734365722041158moz-cite-prefix">On
1/31/19 12:45 PM, William Denniss wrote:<br>
</div>
<blockquote type="cite">
<div dir="ltr">
<div dir="ltr">
<div>Hi George,</div>
<div><br>
</div>
<div>Some quick review thoughts:</div>
<div><br>
</div>
<div>Section 4 Why is there a
prohibition on combining "create" with
other prompt values? What if a future
prompt value was added that was
compatible with "create"?</div>
</div>
</div>
</blockquote>
My thinking (though I'm open to options) is
that there are many values that can be
mutually exclusive. For example, what does
prompt="create consent" mean? I'm happy to
reduce this to SHOULD to allow for future
possibilities. Or change the wording to
explain that other prompt values that conflict
with "create" should not be used.<br>
<blockquote type="cite">
<div dir="ltr">
<div dir="ltr"><br
class="gmail-m_-265474924815822966gmail-m_4124734365722041158gmail-Apple-interchange-newline">
<div>Section 4.1, "the account creation
experience" isn't defined by any
OpenID spec, so requiring it with a
MUST could be problematic. Also, most
guidance on the UI shown by the OP is
generally in the form of
recommendations not normative
requirements (e.g. around scope
consent screens).</div>
</div>
</div>
</blockquote>
OK, I'm fine changing this to a SHOULD if that
makes things more acceptable :)<br>
<blockquote type="cite">
<div dir="ltr">
<div dir="ltr">
<div><br>
</div>
<div>As background, how would you expect
this to be shown on the client? Two
different buttons, one to connect an
existing account, one to create a new
account? Might be worth a
non-normative discussion in the doc
about how the clients might use this.</div>
</div>
</div>
</blockquote>
More or less, yes:) There are some use cases
where the client may want to allow the user to
choose between the options (sign-up vs
sign-in) before starting the authentication
flow. I don't think it precludes the OP from
having to know that a client started an
authenticate flow, the user chose the sign-up
link/button and then at the end of
registration the OP needs to redirect back to
the client with a code. However, it does allow
the client to optimize the experience.<br>
<br>
Thanks again,<br>
George<br>
<blockquote type="cite">
<div dir="ltr">
<div dir="ltr">
<div><br>
</div>
<div>William</div>
<div dir="ltr"><br>
</div>
</div>
</div>
<br>
<div class="gmail_quote">
<div dir="ltr" class="gmail_attr">On Thu,
Jan 31, 2019 at 9:19 AM George Fletcher
via Openid-specs-ab <<a
href="mailto:openid-specs-ab@lists.openid.net"
target="_blank" moz-do-not-send="true">openid-specs-ab@lists.openid.net</a>>
wrote:<br>
</div>
<blockquote class="gmail_quote"
style="margin:0px 0px 0px
0.8ex;border-left:1px solid
rgb(204,204,204);padding-left:1ex">I've
attached both the XML and Text versions
of a very small spec that <br>
defines a new parameter value for the
'prompt' parameter that allows the <br>
client to request the user go directly
to the account creation flow and <br>
when the user has successfully created
the account, return a 'code' to <br>
the client. This improves the user
experience by allowing the client to <br>
direct the user directly to the account
creation page.<br>
<br>
Feedback greatly appreciated!<br>
<br>
Thanks,<br>
George<br>
<br>
<br>
_______________________________________________<br>
Openid-specs-ab mailing list<br>
<a
href="mailto:Openid-specs-ab@lists.openid.net"
target="_blank" moz-do-not-send="true">Openid-specs-ab@lists.openid.net</a><br>
<a
href="http://lists.openid.net/mailman/listinfo/openid-specs-ab"
rel="noreferrer" target="_blank"
moz-do-not-send="true">http://lists.openid.net/mailman/listinfo/openid-specs-ab</a><br>
</blockquote>
</div>
</blockquote>
<br>
<pre class="gmail-m_-265474924815822966gmail-m_4124734365722041158moz-signature" cols="72">--
Identity Standards Architect
Verizon Media Work: <a class="gmail-m_-265474924815822966gmail-m_4124734365722041158moz-txt-link-abbreviated" href="mailto:george.fletcher@oath.com" target="_blank" moz-do-not-send="true">george.fletcher@oath.com</a>
Mobile: +1-703-462-3494 Twitter: <a class="gmail-m_-265474924815822966gmail-m_4124734365722041158moz-txt-link-freetext" href="http://twitter.com/gffletch" target="_blank" moz-do-not-send="true">http://twitter.com/gffletch</a>
Office: +1-703-265-2544 Photos: <a class="gmail-m_-265474924815822966gmail-m_4124734365722041158moz-txt-link-freetext" href="http://georgefletcher.photography" target="_blank" moz-do-not-send="true">http://georgefletcher.photography</a>
</pre>
</div>
</blockquote>
</div>
</div>
_______________________________________________<br>
Openid-specs-ab mailing list<br>
<a href="mailto:Openid-specs-ab@lists.openid.net"
target="_blank" moz-do-not-send="true">Openid-specs-ab@lists.openid.net</a><br>
<a
href="http://lists.openid.net/mailman/listinfo/openid-specs-ab"
rel="noreferrer" target="_blank"
moz-do-not-send="true">http://lists.openid.net/mailman/listinfo/openid-specs-ab</a><br>
</blockquote>
</div>
<br>
<fieldset
class="gmail-m_-265474924815822966mimeAttachmentHeader"></fieldset>
<pre class="gmail-m_-265474924815822966moz-quote-pre">_______________________________________________
Openid-specs-ab mailing list
<a class="gmail-m_-265474924815822966moz-txt-link-abbreviated" href="mailto:Openid-specs-ab@lists.openid.net" target="_blank" moz-do-not-send="true">Openid-specs-ab@lists.openid.net</a>
<a class="gmail-m_-265474924815822966moz-txt-link-freetext" href="http://lists.openid.net/mailman/listinfo/openid-specs-ab" target="_blank" moz-do-not-send="true">http://lists.openid.net/mailman/listinfo/openid-specs-ab</a>
</pre>
</blockquote>
<br>
<pre class="gmail-m_-265474924815822966moz-signature" cols="72">--
Identity Standards Architect
Verizon Media Work: <a class="gmail-m_-265474924815822966moz-txt-link-abbreviated" href="mailto:george.fletcher@oath.com" target="_blank" moz-do-not-send="true">george.fletcher@oath.com</a>
Mobile: +1-703-462-3494 Twitter: <a class="gmail-m_-265474924815822966moz-txt-link-freetext" href="http://twitter.com/gffletch" target="_blank" moz-do-not-send="true">http://twitter.com/gffletch</a>
Office: +1-703-265-2544 Photos: <a class="gmail-m_-265474924815822966moz-txt-link-freetext" href="http://georgefletcher.photography" target="_blank" moz-do-not-send="true">http://georgefletcher.photography</a>
</pre>
</div>
_______________________________________________<br>
Openid-specs-ab mailing list<br>
<a href="mailto:Openid-specs-ab@lists.openid.net"
target="_blank" moz-do-not-send="true">Openid-specs-ab@lists.openid.net</a><br>
<a
href="http://lists.openid.net/mailman/listinfo/openid-specs-ab"
rel="noreferrer" target="_blank" moz-do-not-send="true">http://lists.openid.net/mailman/listinfo/openid-specs-ab</a><br>
</blockquote>
</div>
</blockquote>
<br>
<pre class="moz-signature" cols="72">--
Identity Standards Architect
Verizon Media Work: <a class="moz-txt-link-abbreviated" href="mailto:george.fletcher@oath.com">george.fletcher@oath.com</a>
Mobile: +1-703-462-3494 Twitter: <a class="moz-txt-link-freetext" href="http://twitter.com/gffletch">http://twitter.com/gffletch</a>
Office: +1-703-265-2544 Photos: <a class="moz-txt-link-freetext" href="http://georgefletcher.photography">http://georgefletcher.photography</a>
</pre>
</body>
</html>