<!DOCTYPE html>
<html>
  <head>
    <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
  </head>
  <body>
    <p>Thanks George for publishing draft 07.</p>
    <p>My preference would be to revisit the spec, in view of removing
      the ID token dependency in the token exchange. This will have the
      useful side effect of "freeing up" one of the token exchange
      slots, which is currently taken up the ID token. But let's give
      that some time and have some rest now, and simply enjoy the
      progress that was made :)<br>
    </p>
    <p>Thanks,<br>
    </p>
    <pre class="moz-signature" cols="72">Vladimir</pre>
    <div class="moz-cite-prefix">On 21/01/2025 21:00, George Fletcher
      via Openid-specs-ab wrote:<br>
    </div>
    <blockquote type="cite"
cite="mid:CAJnLd9Lv9asDquhzwt=cmEjJa2gv+UyDya8KJ=yyiaeiPDVJLg@mail.gmail.com">
      <meta http-equiv="content-type" content="text/html; charset=UTF-8">
      <div dir="ltr">
        <div>Hi,</div>
        <div><br>
        </div>
        <div>We've published draft 7 of the Native SSO for Mobile Apps
          specification. This closes all open issues.  You can find the
          latest version here:</div>
        <div><br>
        </div>
        <div><a
href="https://openid.net/specs/openid-connect-native-sso-1_0.html"
            moz-do-not-send="true" class="moz-txt-link-freetext">https://openid.net/specs/openid-connect-native-sso-1_0.html</a></div>
        <div><br>
        </div>
        <div>Feedback greatly appreciated!</div>
        <div><br>
        </div>
        <div>Finally, in some of our working group calls, there have
          been concerns raised regarding this specification's use of
          id_tokens as well as other feedback that the id_token isn't
          really necessary.</div>
        <div><br>
        </div>
        <div>I see two options to move forward:</div>
        <div>1. We vote the current specification as final and say it's
          good enough</div>
        <div>2. We look to revisit the specification and make
          significant breaking changes to remove the dependency on the
          id_token as well as update the draft to take advantage of
          other security measures formulated since this specification
          was first introduced.</div>
        <div><br>
        </div>
        <div>I'd appreciate feedback on which direction you think we
          should take.</div>
        <div><br>
        </div>
        <div>Thanks,</div>
        <div>George</div>
        <div><br>
        </div>
        <div dir="ltr" class="gmail_signature"
          data-smartmail="gmail_signature">
          <div dir="ltr">
            <div
style="font-family:Optimist,"Helvetica Neue",Helvetica,Arial,sans-serif;color:rgb(28,43,57);font-size:16px;float:left;width:500px;min-width:500px;display:contents">
              <p
style="margin:0px 0px 16px;font-size:12px;line-height:16px;color:rgb(1,61,91);white-space:nowrap"><span
style="font-family:optimist,Arial,Helvetica,sans-serif;line-height:1.4"></span></p>
            </div>
          </div>
        </div>
        <input name="virtru-metadata" type="hidden"
value="{"email-policy":{"disableCopyPaste":false,"disablePrint":false,"disableForwarding":false,"enableNoauth":false,"expandedWatermarking":false,"expires":true,"sms":false,"expirationNum":87840,"expirationUnit":"minutes","isManaged":false,"persistentProtection":false,"expirationDate":"2025-03-21T18:00:01.644Z"},"attachments":{},"compose-id":"1","compose-window":{"secure":false}}"></div>
      <hr><br>
      <br>
      <font color="#404040">The information contained in this e-mail may
        be confidential and/or proprietary to Capital One and/or its
        affiliates and may only be used solely in performance of work or
        services for Capital One. The information transmitted herewith
        is intended only for use by the individual or entity to which it
        is addressed. If the reader of this message is not the intended
        recipient, you are hereby notified that any review,
        retransmission, dissemination, distribution, copying or other
        use of, or taking of any action in reliance upon this
        information is strictly prohibited. If you have received this
        communication in error, please contact the sender and delete the
        material from your computer.</font><br>
      <br>
      <table border="0" cellspacing="0" cellpadding="0" width="100%"
        height="30">
        <tbody>
          <tr>
          </tr>
        </tbody>
      </table>
      <br>
      <br>
      <fieldset class="moz-mime-attachment-header"></fieldset>
      <pre wrap="" class="moz-quote-pre">_______________________________________________
Openid-specs-ab mailing list
<a class="moz-txt-link-abbreviated" href="mailto:Openid-specs-ab@lists.openid.net">Openid-specs-ab@lists.openid.net</a>
<a class="moz-txt-link-freetext" href="https://lists.openid.net/mailman/listinfo/openid-specs-ab">https://lists.openid.net/mailman/listinfo/openid-specs-ab</a>
</pre>
    </blockquote>
  </body>
</html>