<div dir="ltr"><br><div class="gmail_quote">---------- Forwarded message ----------<br>From: <b class="gmail_sendername"></b> <span dir="ltr"><<a href="mailto:philippe.clement@orange.com">philippe.clement@orange.com</a>></span><br>Date: 2016-07-26 15:48 GMT+02:00<br>Subject: RE: New Version of Account Migration Draft<br>To: "<a href="mailto:Torsten.Lodderstedt@telekom.de">Torsten.Lodderstedt@telekom.de</a>" <<a href="mailto:Torsten.Lodderstedt@telekom.de">Torsten.Lodderstedt@telekom.de</a>>, "<a href="mailto:openid-specs-mobile-profile@lists.openid.net">openid-specs-mobile-profile@lists.openid.net</a>" <<a href="mailto:openid-specs-mobile-profile@lists.openid.net">openid-specs-mobile-profile@lists.openid.net</a>><br>Cc: "<a href="mailto:philippe.clement.ft@gmail.com">philippe.clement.ft@gmail.com</a>" <<a href="mailto:philippe.clement.ft@gmail.com">philippe.clement.ft@gmail.com</a>><br><br><br>





<div lang="FR" link="blue" vlink="purple">
<div>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Arial","sans-serif";color:#1f497d">Hi Torsten,<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Arial","sans-serif";color:#1f497d"><u></u> <u></u></span></p>
<p class="MsoNormal"><span lang="EN-US" style="font-size:11.0pt;font-family:"Arial","sans-serif";color:#1f497d">Thank you for this very valuable document.<u></u><u></u></span></p>
<p class="MsoNormal"><span lang="EN-US" style="font-size:11.0pt;font-family:"Arial","sans-serif";color:#1f497d"><u></u> <u></u></span></p>
<p class="MsoNormal"><span lang="EN-US" style="font-size:11.0pt;font-family:"Arial","sans-serif";color:#1f497d">By reading the set of 2 phases, I was wondering if we could add a scenario combining these 2 ones.<u></u><u></u></span></p>
<p class="MsoNormal"><span lang="EN-US" style="font-size:11.0pt;font-family:"Arial","sans-serif";color:#1f497d">In this scenario, we could have:<u></u><u></u></span></p>
<p class="MsoNormal"><span lang="EN-US" style="font-size:11.0pt;font-family:"Arial","sans-serif";color:#1f497d"><u></u> <u></u></span></p>
<p class="MsoNormal"><span lang="EN-US" style="font-size:11.0pt;font-family:"Arial","sans-serif";color:#1f497d">Prerequisite:
<u></u><u></u></span></p>
<p><u></u><span lang="EN-US" style="font-size:11.0pt;font-family:"Arial","sans-serif";color:#1f497d"><span>1-<span style="font:7.0pt "Times New Roman"">   
</span></span></span><u></u><span lang="EN-US" style="font-size:11.0pt;font-family:"Arial","sans-serif";color:#1f497d">User had an account on a previous MNO (OP1)<u></u><u></u></span></p>
<p><u></u><span lang="EN-US" style="font-size:11.0pt;font-family:"Arial","sans-serif";color:#1f497d"><span>2-<span style="font:7.0pt "Times New Roman"">   
</span></span></span><u></u><span lang="EN-US" style="font-size:11.0pt;font-family:"Arial","sans-serif";color:#1f497d">User’s account on OP1 is closed<u></u><u></u></span></p>
<p><u></u><span lang="EN-US" style="font-size:11.0pt;font-family:"Arial","sans-serif";color:#1f497d"><span>3-<span style="font:7.0pt "Times New Roman"">   
</span></span></span><u></u><span lang="EN-US" style="font-size:11.0pt;font-family:"Arial","sans-serif";color:#1f497d">User has an account on a new MNO (OP2)<u></u><u></u></span></p>
<p><u></u><span lang="EN-US" style="font-size:11.0pt;font-family:"Arial","sans-serif";color:#1f497d"><span>4-<span style="font:7.0pt "Times New Roman"">   
</span></span></span><u></u><span lang="EN-US" style="font-size:11.0pt;font-family:"Arial","sans-serif";color:#1f497d">Eventually, OP1 knows that user has migrated to OP2<u></u><u></u></span></p>
<p><u></u><span lang="EN-US" style="font-size:11.0pt;font-family:"Arial","sans-serif";color:#1f497d"><span>5-<span style="font:7.0pt "Times New Roman"">   
</span></span></span><u></u><span lang="EN-US" style="font-size:11.0pt;font-family:"Arial","sans-serif";color:#1f497d">RP knows former MNO (OP1)<u></u><u></u></span></p>
<p class="MsoNormal"><span lang="EN-US" style="font-size:11.0pt;font-family:"Arial","sans-serif";color:#1f497d">Use Case:<u></u><u></u></span></p>
<p><u></u><span lang="EN-US" style="font-size:11.0pt;font-family:"Arial","sans-serif";color:#1f497d"><span>6-<span style="font:7.0pt "Times New Roman"">   
</span></span></span><u></u><span lang="EN-US" style="font-size:11.0pt;font-family:"Arial","sans-serif";color:#1f497d">User visits his usual RP and starts authentication to access the service<u></u><u></u></span></p>
<p><u></u><span lang="EN-US" style="font-size:11.0pt;font-family:"Arial","sans-serif";color:#1f497d"><span>7-<span style="font:7.0pt "Times New Roman"">   
</span></span></span><u></u><span lang="EN-US" style="font-size:11.0pt;font-family:"Arial","sans-serif";color:#1f497d">RP starts the OIDC flow with OP1 with usual secured hints regarding the user<u></u><u></u></span></p>
<p><u></u><span lang="EN-US" style="font-size:11.0pt;font-family:"Arial","sans-serif";color:#1f497d"><span>8-<span style="font:7.0pt "Times New Roman"">   
</span></span></span><u></u><span lang="EN-US" style="font-size:11.0pt;font-family:"Arial","sans-serif";color:#1f497d">OP1 answer’s with an error code “account migrated” and sends back to the RP all the necessary subject values. If OP1 knows what OP user
 has migrated to, it is inserted in the answer<u></u><u></u></span></p>
<p><u></u><span lang="EN-US" style="font-size:11.0pt;font-family:"Arial","sans-serif";color:#1f497d"><span>9-<span style="font:7.0pt "Times New Roman"">   
</span></span></span><u></u><span lang="EN-US" style="font-size:11.0pt;font-family:"Arial","sans-serif";color:#1f497d">RP interacts with the user to get his new OP (discovery process), unless RP already knows what OP user has migrated to.<u></u><u></u></span></p>
<p><u></u><span lang="EN-US" style="font-size:11.0pt;font-family:"Arial","sans-serif";color:#1f497d"><span>10-<span style="font:7.0pt "Times New Roman"">
</span></span></span><u></u><span lang="EN-US" style="font-size:11.0pt;font-family:"Arial","sans-serif";color:#1f497d">RP starts the authentication process with OP2<u></u><u></u></span></p>
<p><u></u><span lang="EN-US" style="font-size:11.0pt;font-family:"Arial","sans-serif";color:#1f497d"><span>11-<span style="font:7.0pt "Times New Roman"">
</span></span></span><u></u><span lang="EN-US" style="font-size:11.0pt;font-family:"Arial","sans-serif";color:#1f497d">According to the success of authentication on OP2, RP migrates subject values for his RP’s account<u></u><u></u></span></p>
<p class="MsoNormal"><span lang="EN-US" style="font-size:11.0pt;font-family:"Arial","sans-serif";color:#1f497d"><u></u> <u></u></span></p>
<p class="MsoNormal"><span lang="EN-US" style="font-size:11.0pt;font-family:"Arial","sans-serif";color:#1f497d">This Use case would take place in one shot, at the moment where user needs to authenticate at RP to get the service, so it would be very efficient
 in terms of migration<u></u><u></u></span></p>
<p class="MsoNormal"><span lang="EN-US" style="font-size:11.0pt;font-family:"Arial","sans-serif";color:#1f497d">It minimizes the situation of cascading OPs
<u></u><u></u></span></p>
<p class="MsoNormal"><span lang="EN-US" style="font-size:11.0pt;font-family:"Arial","sans-serif";color:#1f497d">It avoids to install a dialog between OP1 and OP2 and privacy concerns regarding transfer of personal information from OP1 to OP2.<u></u><u></u></span></p>
<p class="MsoNormal"><span lang="EN-US" style="font-size:11.0pt;font-family:"Arial","sans-serif";color:#1f497d">Then it avoids some situations where user will not start the migration process by accessing a specific service to be developped on OP2.<u></u><u></u></span></p>
<p class="MsoNormal"><span lang="EN-US" style="font-size:11.0pt;font-family:"Arial","sans-serif";color:#1f497d">It avoids limitations in Authorization Grant lifetime.<u></u><u></u></span></p>
<p class="MsoNormal"><span lang="EN-US" style="font-size:11.0pt;font-family:"Arial","sans-serif";color:#1f497d"><u></u> <u></u></span></p>
<p class="MsoNormal"><span lang="EN-US" style="font-size:11.0pt;font-family:"Arial","sans-serif";color:#1f497d">I could have missed something important, and so I’m looking forward to any feedback from the list<u></u><u></u></span></p>
<p class="MsoNormal"><span lang="EN-US" style="font-size:11.0pt;font-family:"Arial","sans-serif";color:#1f497d"><u></u> <u></u></span></p>
<p class="MsoNormal"><span lang="EN-US" style="font-size:11.0pt;font-family:"Arial","sans-serif";color:#1f497d">Kind regards,<u></u><u></u></span></p>
<p class="MsoNormal"><span lang="EN-US" style="font-size:11.0pt;font-family:"Arial","sans-serif";color:#1f497d">Philippe<u></u><u></u></span></p>
<p class="MsoNormal"><span lang="EN-US" style="font-size:11.0pt;font-family:"Arial","sans-serif";color:#1f497d"><u></u> <u></u></span></p>
<div>
<div style="border:none;border-top:solid #b5c4df 1.0pt;padding:3.0pt 0cm 0cm 0cm">
<p class="MsoNormal"><b><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif"">De :</span></b><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif""> Openid-specs-mobile-profile [mailto:<a href="mailto:openid-specs-mobile-profile-bounces@lists.openid.net" target="_blank">openid-specs-mobile-profile-bounces@lists.openid.net</a>]
<b>De la part de</b> <a href="mailto:Torsten.Lodderstedt@telekom.de" target="_blank">Torsten.Lodderstedt@telekom.de</a><br>
<b>Envoyé :</b> mardi 19 juillet 2016 13:30<br>
<b>À :</b> <a href="mailto:openid-specs-mobile-profile@lists.openid.net" target="_blank">openid-specs-mobile-profile@lists.openid.net</a><br>
<b>Objet :</b> [Openid-specs-mobile-profile] New Version of Account Migration Draft<u></u><u></u></span></p>
</div>
</div>
<p class="MsoNormal"><u></u> <u></u></p>
<div>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif"">Hi all,<u></u><u></u></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif""> <u></u><u></u></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif"">I just published -01 of the account migration draft at <a href="http://openid.net" target="_blank">openid.net</a> (<a href="http://openid.net/wordpress-content/uploads/2014/04/draft-account-migration-01.html" target="_blank">http://openid.net/wordpress-content/uploads/2014/04/draft-account-migration-01.html</a>).
 The source code can be found in our Bitbucket repo.<u></u><u></u></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif""> <u></u><u></u></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif"">This is a significant rewrite of the specification based on your valuable feedback. Thank you! Although I tried to incorporate all review comments, please bear with me if
 I missed a comment. Please let me know, so I can incorporate it in the next revision.
<u></u><u></u></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif""> <u></u><u></u></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif"">I applied the following changes to the document:<u></u><u></u></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif""> <u></u><u></u></span></p>
</div>
<p class="MsoNormal" style="margin-left:0cm">
<u></u><span style="font-size:10.0pt;font-family:Symbol"><span>·<span style="font:7.0pt "Times New Roman"">        
</span></span></span><u></u><span style="font-size:11.0pt;font-family:"Calibri","sans-serif"">reorganized the draft<u></u><u></u></span></p>
<p class="MsoNormal" style="margin-left:0cm">
<u></u><span style="font-size:10.0pt;font-family:Symbol"><span>·<span style="font:7.0pt "Times New Roman"">        
</span></span></span><u></u><span style="font-size:11.0pt;font-family:"Calibri","sans-serif"">extended introduction and overview<u></u><u></u></span></p>
<p class="MsoNormal" style="margin-left:0cm">
<u></u><span style="font-size:10.0pt;font-family:Symbol"><span>·<span style="font:7.0pt "Times New Roman"">        
</span></span></span><u></u><span style="font-size:11.0pt;font-family:"Calibri","sans-serif"">stated scope of the draft and what is currently out of scope<u></u><u></u></span></p>
<p class="MsoNormal" style="margin-left:0cm">
<u></u><span style="font-size:10.0pt;font-family:Symbol"><span>·<span style="font:7.0pt "Times New Roman"">        
</span></span></span><u></u><span style="font-size:11.0pt;font-family:"Calibri","sans-serif"">changed terminology from porting to migration<u></u><u></u></span></p>
<p class="MsoNormal" style="margin-left:0cm">
<u></u><span style="font-size:10.0pt;font-family:Symbol"><span>·<span style="font:7.0pt "Times New Roman"">        
</span></span></span><u></u><span style="font-size:11.0pt;font-family:"Calibri","sans-serif"">changed migration data structure to be different from an id token<u></u><u></u></span></p>
<p class="MsoNormal" style="margin-left:0cm">
<u></u><span style="font-size:10.0pt;font-family:Symbol"><span>·<span style="font:7.0pt "Times New Roman"">        
</span></span></span><u></u><span style="font-size:11.0pt;font-family:"Calibri","sans-serif"">cleaned up references<u></u><u></u></span></p>
<p class="MsoNormal" style="margin-left:0cm">
<u></u><span style="font-size:10.0pt;font-family:Symbol"><span>·<span style="font:7.0pt "Times New Roman"">        
</span></span></span><u></u><span style="font-size:11.0pt;font-family:"Calibri","sans-serif"">added initial security considerations<u></u><u></u></span></p>
<div>
<p class="MsoNormal"><span lang="EN-US" style="font-size:11.0pt;font-family:"Calibri","sans-serif""> <u></u><u></u></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif"">Please post your feedback to the list.<u></u><u></u></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif""> <u></u><u></u></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif"">best regards,<u></u><u></u></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif"">Torsten.<u></u><u></u></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif""> <u></u><u></u></span></p>
</div>
</div>
<pre>_________________________________________________________________________________________________________________________

Ce message et ses pieces jointes peuvent contenir des informations confidentielles ou privilegiees et ne doivent donc
pas etre diffuses, exploites ou copies sans autorisation. Si vous avez recu ce message par erreur, veuillez le signaler
a l'expediteur et le detruire ainsi que les pieces jointes. Les messages electroniques etant susceptibles d'alteration,
Orange decline toute responsabilite si ce message a ete altere, deforme ou falsifie. Merci.

This message and its attachments may contain confidential or privileged information that may be protected by law;
they should not be distributed, used or copied without authorisation.
If you have received this email in error, please notify the sender and delete this message and its attachments.
As emails may be altered, Orange is not liable for messages that have been modified, changed or falsified.
Thank you.
</pre></div>

</div><br></div>