<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
</head>
<body style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space; color: rgb(0, 0, 0); font-size: 14px; font-family: Calibri, sans-serif; ">
<div>My 2 cents…,</div>
<div><br>
</div>
<div>
<div>I also agree that there are these two different use cases. In my humble opinion both are authentication use cases from the point of view of Mobile Connect, and is the service provider who use this authentication to authorize a transaction. </div>
<div><br>
</div>
<div>I am not sure if the IDP should process the context, store the values of the transaction, etc. I am not saying that is possible, but I guess that is something complicate to generalize to all kind of transactions. It seems to me a solution too much ambitious
that will require a lot of effort in bot sides (OP and RP), specially in the OP. Could there be a simpler alternative solution (at least in a first phase) to only allow provide this context in order to the user could compare with the transaction in the RP
(e.g: the bank) ? I am talking about a simpler solution like the solution that they have nowdays transaction_id + amount in an SMS?</div>
</div>
<div><br>
</div>
<div><br>
</div>
<div>Best,</div>
<div>Gonza.</div>
<div><br>
</div>
<span id="OLK_SRC_BODY_SECTION">
<div style="font-family:Calibri; font-size:11pt; text-align:left; color:black; BORDER-BOTTOM: medium none; BORDER-LEFT: medium none; PADDING-BOTTOM: 0in; PADDING-LEFT: 0in; PADDING-RIGHT: 0in; BORDER-TOP: #b5c4df 1pt solid; BORDER-RIGHT: medium none; PADDING-TOP: 3pt">
<span style="font-weight:bold">De: </span>"<a href="mailto:philippe.clement@orange.com">philippe.clement@orange.com</a>" <<a href="mailto:philippe.clement@orange.com">philippe.clement@orange.com</a>><br>
<span style="font-weight:bold">Fecha: </span>jueves 2 de julio de 2015 17:09<br>
<span style="font-weight:bold">Para: </span>"Connotte, Joerg" <<a href="mailto:j.connotte@telekom.de">j.connotte@telekom.de</a>>, "<a href="mailto:openid-specs-mobile-profile@lists.openid.net">openid-specs-mobile-profile@lists.openid.net</a>" <<a href="mailto:openid-specs-mobile-profile@lists.openid.net">openid-specs-mobile-profile@lists.openid.net</a>><br>
<span style="font-weight:bold">Asunto: </span>Re: [Openid-specs-mobile-profile] Issue #1: Context<br>
</div>
<div><br>
</div>
<div xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">
<meta name="Generator" content="Microsoft Word 14 (filtered medium)">
<style><!--
/* Font Definitions */
@font-face
{font-family:Wingdings;
panose-1:5 0 0 0 0 0 0 0 0 0;}
@font-face
{font-family:Wingdings;
panose-1:5 0 0 0 0 0 0 0 0 0;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Tahoma;
panose-1:2 11 6 4 3 5 4 4 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0cm;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri","sans-serif";}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
p.MsoListParagraph, li.MsoListParagraph, div.MsoListParagraph
{mso-style-priority:34;
margin-top:0cm;
margin-right:0cm;
margin-bottom:0cm;
margin-left:36.0pt;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri","sans-serif";}
span.EmailStyle18
{mso-style-type:personal;
font-family:"Calibri","sans-serif";
color:windowtext;}
span.EmailStyle19
{mso-style-type:personal-reply;
font-family:"Calibri","sans-serif";
color:#1F497D;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page WordSection1
{size:612.0pt 792.0pt;
margin:70.85pt 70.85pt 2.0cm 70.85pt;}
div.WordSection1
{page:WordSection1;}
/* List Definitions */
@list l0
{mso-list-id:1588807251;
mso-list-type:hybrid;
mso-list-template-ids:1213477944 107009762 67895299 67895301 67895297 67895299 67895301 67895297 67895299 67895301;}
@list l0:level1
{mso-level-number-format:bullet;
mso-level-text:-;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;
font-family:"Calibri","sans-serif";
mso-fareast-font-family:Calibri;
mso-bidi-font-family:"Times New Roman";}
@list l0:level2
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;
font-family:"Courier New";}
@list l0:level3
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;
font-family:Wingdings;}
@list l0:level4
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;
font-family:Symbol;}
@list l0:level5
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;
font-family:"Courier New";}
@list l0:level6
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;
font-family:Wingdings;}
@list l0:level7
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;
font-family:Symbol;}
@list l0:level8
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;
font-family:"Courier New";}
@list l0:level9
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;
font-family:Wingdings;}
@list l1
{mso-list-id:2014797681;
mso-list-type:hybrid;
mso-list-template-ids:1136934632 67567633 67567641 67567643 67567631 67567641 67567643 67567631 67567641 67567643;}
@list l1:level1
{mso-level-text:"%1\)";
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;}
@list l1:level2
{mso-level-tab-stop:72.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;}
@list l1:level3
{mso-level-tab-stop:108.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;}
@list l1:level4
{mso-level-tab-stop:144.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;}
@list l1:level5
{mso-level-tab-stop:180.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;}
@list l1:level6
{mso-level-tab-stop:216.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;}
@list l1:level7
{mso-level-tab-stop:252.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;}
@list l1:level8
{mso-level-tab-stop:288.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;}
@list l1:level9
{mso-level-tab-stop:324.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;}
ol
{margin-bottom:0cm;}
ul
{margin-bottom:0cm;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
<div lang="FR" link="blue" vlink="purple">
<div class="WordSection1">
<p class="MsoNormal"><span style="color:#1F497D">Hi Joerg,<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="color:#1F497D">I agree on the differences between the 2 use cases, and the description you made.<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="color:#1F497D">On Use Case 2, I’m wondering on the meaning of “</span><span lang="EN-US">Here the purpose of the context is to make sure that the user is aware that he has to authorize a certain transaction
<u>which does not necessary include a primary authentication</u></span><span lang="EN-US" style="color:#1F497D">”.<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="color:#1F497D">Does it mean that no authentication at all may have occurred before the transaction confirmation request, or at least some other types of authentication ?
<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="color:#1F497D">On another hand, do you consider that the use case 2 enters into the “consent” perimeter ?<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="color:#1F497D">Regards,<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="color:#1F497D">Philippe<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="color:#1F497D"><o:p> </o:p></span></p>
<div>
<div style="border:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt 0cm 0cm 0cm">
<p class="MsoNormal"><b><span style="font-size: 10pt; font-family: Tahoma, sans-serif; ">De :</span></b><span style="font-size: 10pt; font-family: Tahoma, sans-serif; "> Openid-specs-mobile-profile [<a href="mailto:openid-specs-mobile-profile-bounces@lists.openid.net">mailto:openid-specs-mobile-profile-bounces@lists.openid.net</a>]
<b>De la part de</b> Connotte, Joerg<br>
<b>Envoyé :</b> mercredi 1 juillet 2015 09:52<br>
<b>À :</b> <a href="mailto:openid-specs-mobile-profile@lists.openid.net">openid-specs-mobile-profile@lists.openid.net</a><br>
<b>Objet :</b> [Openid-specs-mobile-profile] Issue #1: Context<o:p></o:p></span></p>
</div>
</div>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal"><span lang="EN-US">Hi all,<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal"><span lang="EN-US">in our last call we had a lengthy discussion about Issue #1.<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal"><span lang="EN-US">In my opinion we are talking about two different use cases where context is useful. But the requirements about the context are very different for those use cases<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US"><o:p> </o:p></span></p>
<p class="MsoListParagraph" style="text-indent:-18.0pt;mso-list:l1 level1 lfo2"><!--[if !supportLists]--><span lang="EN-US"><span style="mso-list:Ignore">1)<span style="font:7.0pt "Times New Roman"">
</span></span></span><!--[endif]--><span lang="EN-US">Context for authentication/login. Here the purpose of the context is to create an interlock between the consumption device and the authentication device to allow the user to make sure that the request to
log in really comes from a process he himself initiated on the consumption device. To facilitate this some nonsense text would be sufficient. In any case there is no need to have a structured context or some mechanisms to process the context besides show the
context-text on the authentication device AND the consumption device.<o:p></o:p></span></p>
<p class="MsoListParagraph" style="text-indent:-18.0pt;mso-list:l1 level1 lfo2"><!--[if !supportLists]--><span lang="EN-US"><span style="mso-list:Ignore">2)<span style="font:7.0pt "Times New Roman"">
</span></span></span><!--[endif]--><span lang="EN-US">Context to authorize business transactions (e.g. payment transactions). Here the purpose of the context is to make sure that the user is aware that he has to authorize a certain transaction which does not
necessary include a primary authentication. This implies that the context is highly structured and is processed in the IdP. For example for a payment transaction the IdP has to understand that this is a payment transaction and has to store context (and possibly
the whole transaction) to allow for non-repudiation issues.<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal"><span lang="EN-US">What do you think?<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal" style="text-autospace:none"><span lang="EN-US" style="font-size: 10pt; font-family: Arial, sans-serif; ">Kind Regards<o:p></o:p></span></p>
<p class="MsoNormal" style="text-autospace:none"><span lang="EN-US" style="font-size: 10pt; font-family: Arial, sans-serif; ">Jörg Connotte
<o:p></o:p></span></p>
<p class="MsoNormal" style="text-autospace:none"><span lang="EN-US" style="font-size: 7.5pt; font-family: Arial, sans-serif; "><o:p> </o:p></span></p>
<p class="MsoNormal" style="text-autospace:none"><span lang="EN-US" style="font-size: 7.5pt; color: black; font-family: Arial, sans-serif; "><o:p> </o:p></span></p>
<p class="MsoNormal" style="text-autospace:none"><b><span lang="EN-US" style="font-size: 8pt; color: black; text-transform: uppercase; font-family: Arial, sans-serif; ">Deutsche Telekom AG<o:p></o:p></span></b></p>
<p class="MsoNormal" style="text-autospace:none"><span lang="EN-US" style="font-size: 8pt; color: black; font-family: Arial, sans-serif; ">Products & Innovation<o:p></o:p></span></p>
<p class="MsoNormal" style="text-autospace:none"><span lang="EN-US" style="font-size: 8pt; color: black; font-family: Arial, sans-serif; ">Jörg Connotte<o:p></o:p></span></p>
<p class="MsoNormal" style="text-autospace:none"><span lang="EN-US" style="font-size: 8pt; color: black; font-family: Arial, sans-serif; ">Customer Platforms<o:p></o:p></span></p>
<p class="MsoNormal" style="text-autospace:none"><span lang="EN-US" style="font-size: 8pt; color: black; font-family: Arial, sans-serif; ">T-Online-Allee 1, 64</span><span lang="DE" style="font-size: 8pt; color: black; font-family: Arial, sans-serif; ">295
Darmstadt<o:p></o:p></span></p>
<p class="MsoNormal" style="text-autospace:none"><span lang="DE" style="font-size: 8pt; color: black; font-family: Arial, sans-serif; ">+49 6151 680-7288 (Tel.)<o:p></o:p></span></p>
<p class="MsoNormal" style="text-autospace:none"><span lang="EN-US" style="font-size: 8pt; color: black; font-family: Arial, sans-serif; ">+49 151 184-15517 (Mobil)<o:p></o:p></span></p>
<p class="MsoNormal" style="text-autospace:none"><span lang="EN-US" style="font-size: 8pt; color: black; font-family: Arial, sans-serif; ">E-Mail:
</span><span lang="DE" style="font-size:8.0pt;font-family:"Arial","sans-serif";color:black"><a href="mailto:j.connotte@telekom.de"><span lang="EN-US">j.connotte@telekom.de</span></a></span><span lang="EN-US" style="font-size: 8pt; color: black; font-family: Arial, sans-serif; "><o:p></o:p></span></p>
<p class="MsoNormal" style="text-autospace:none"><span lang="DE" style="font-size:8.0pt;font-family:"Arial","sans-serif";color:black"><a href="http://www.telekom.com/"><span lang="EN-US" style="color:black;text-decoration:none">www.telekom.com</span></a></span><span lang="EN-US" style="font-size: 8pt; color: black; font-family: Arial, sans-serif; "><o:p></o:p></span></p>
<p class="MsoNormal" style="text-autospace:none"><span lang="EN-GB" style="font-size: 8pt; color: black; font-family: Arial, sans-serif; "><o:p> </o:p></span></p>
<p class="MsoNormal" style="text-autospace:none"><b><span lang="EN-GB" style="font-size: 10pt; color: rgb(226, 0, 116); text-transform: uppercase; font-family: Arial, sans-serif; ">Life is for sharing.</span></b><b><span lang="EN-GB" style="font-size: 10pt; color: black; text-transform: uppercase; font-family: Arial, sans-serif; ">
<o:p></o:p></span></b></p>
<p class="MsoNormal" style="text-autospace:none"><span lang="EN-GB" style="font-size: 8pt; color: black; font-family: Arial, sans-serif; "><o:p> </o:p></span></p>
<p class="MsoNormal" style="text-autospace:none"><span lang="EN-US" style="font-size: 8pt; color: black; font-family: Arial, sans-serif; ">You can find the obligatory information on
</span><u><span lang="EN-GB" style="font-size:8.0pt;font-family:"Arial","sans-serif";color:black"><a href="http://www.telekom.com/compulsory-statement"><span style="color:black">www.telekom.com/compulsory-statement</span></a></span></u><span lang="EN-US" style="font-size: 8pt; color: black; font-family: Arial, sans-serif; "><o:p></o:p></span></p>
<p class="MsoNormal" style="text-autospace:none"><span lang="EN-US" style="font-size: 8pt; color: black; font-family: Arial, sans-serif; "><o:p> </o:p></span></p>
<p class="MsoNormal"><b><span lang="EN-GB" style="font-size: 8pt; color: black; text-transform: uppercase; font-family: Arial, sans-serif; ">Big changes start small – conserve resources by not printing every e-mail.</span></b><span lang="EN-US"><o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US"><o:p> </o:p></span></p>
</div>
<pre>_________________________________________________________________________________________________________________________
Ce message et ses pieces jointes peuvent contenir des informations confidentielles ou privilegiees et ne doivent donc
pas etre diffuses, exploites ou copies sans autorisation. Si vous avez recu ce message par erreur, veuillez le signaler
a l'expediteur et le detruire ainsi que les pieces jointes. Les messages electroniques etant susceptibles d'alteration,
Orange decline toute responsabilite si ce message a ete altere, deforme ou falsifie. Merci.
This message and its attachments may contain confidential or privileged information that may be protected by law;
they should not be distributed, used or copied without authorisation.
If you have received this email in error, please notify the sender and delete this message and its attachments.
As emails may be altered, Orange is not liable for messages that have been modified, changed or falsified.
Thank you.
</pre>
</div>
</div>
</span><br>
<hr>
<font face="Arial" color="Gray" size="1"><br>
Este mensaje y sus adjuntos se dirigen exclusivamente a su destinatario, puede contener información privilegiada o confidencial y es para uso exclusivo de la persona o entidad de destino. Si no es usted. el destinatario indicado, queda notificado de que la
lectura, utilización, divulgación y/o copia sin autorización puede estar prohibida en virtud de la legislación vigente. Si ha recibido este mensaje por error, le rogamos que nos lo comunique inmediatamente por esta misma vía y proceda a su destrucción.<br>
<br>
The information contained in this transmission is privileged and confidential information intended only for the use of the individual or entity named above. If the reader of this message is not the intended recipient, you are hereby notified that any dissemination,
distribution or copying of this communication is strictly prohibited. If you have received this transmission in error, do not read it. Please immediately reply to the sender that you have received this communication in error and then delete it.<br>
<br>
Esta mensagem e seus anexos se dirigem exclusivamente ao seu destinatário, pode conter informação privilegiada ou confidencial e é para uso exclusivo da pessoa ou entidade de destino. Se não é vossa senhoria o destinatário indicado, fica notificado de que a
leitura, utilização, divulgação e/ou cópia sem autorização pode estar proibida em virtude da legislação vigente. Se recebeu esta mensagem por erro, rogamos-lhe que nos o comunique imediatamente por esta mesma via e proceda a sua destruição<br>
</font>
</body>
</html>