<div dir="ltr"><div class="gmail_quote"><div lang="FR" link="blue" vlink="purple"><div><p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Arial","sans-serif";color:#1f497d">Dear all,<u></u><u></u></span></p>

<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Arial","sans-serif";color:#1f497d"><u></u> <u></u></span></p>

<p class="MsoNormal"><span lang="EN-US" style="font-size:11.0pt;font-family:"Arial","sans-serif";color:#1f497d">Back from vacations today …<u></u><u></u></span></p>

<p class="MsoNormal"><span lang="EN-US" style="font-size:11.0pt;font-family:"Arial","sans-serif";color:#1f497d">James: regarding the alternative on Account Migration, it seems to me that this has something to do with the proposal of an alternative flow that

 I presented on July 26<sup>th</sup> on the list (copy below). Could you confirm ?<u></u><u></u></span></p>

<p class="MsoNormal"><span lang="EN-US" style="font-size:11.0pt;font-family:"Arial","sans-serif";color:#1f497d"><u></u> <u></u></span></p>

<p class="MsoNormal"><span lang="EN-US" style="font-size:11.0pt;font-family:"Arial","sans-serif";color:#1f497d">Best regards,<u></u><u></u></span></p>

<p class="MsoNormal"><span lang="EN-US" style="font-size:11.0pt;font-family:"Arial","sans-serif";color:#1f497d">Philippe<u></u><u></u></span></p>

<p class="MsoNormal"><span lang="EN-US" style="font-size:11.0pt;font-family:"Arial","sans-serif";color:#1f497d"><u></u> <u></u></span></p>

<div style="border:none;border-bottom:solid windowtext 1.5pt;padding:0cm 0cm 1.0pt 0cm">

<p class="MsoNormal" style="border:none;padding:0cm"><span lang="EN-US" style="font-size:11.0pt;font-family:"Arial","sans-serif";color:#1f497d"><u></u> <u></u></span></p>

</div>

<p class="MsoNormal"><span lang="EN-US" style="font-size:11.0pt;font-family:"Arial","sans-serif";color:#1f497d"><u></u> <u></u></span></p>

<p class="MsoNormal"><span lang="EN-US" style="font-size:11.0pt;font-family:"Arial","sans-serif";color:#1f497d">Prerequisite:

<u></u><u></u></span></p>

<p><u></u><span lang="EN-US" style="font-size:11.0pt;font-family:"Arial","sans-serif";color:#1f497d"><span>1-<span style="font:7.0pt "Times New Roman"">   

</span></span></span><u></u><span lang="EN-US" style="font-size:11.0pt;font-family:"Arial","sans-serif";color:#1f497d">User had an account on a previous MNO (OP1)<u></u><u></u></span></p>

<p><u></u><span lang="EN-US" style="font-size:11.0pt;font-family:"Arial","sans-serif";color:#1f497d"><span>2-<span style="font:7.0pt "Times New Roman"">   

</span></span></span><u></u><span lang="EN-US" style="font-size:11.0pt;font-family:"Arial","sans-serif";color:#1f497d">User’s account on OP1 is closed<u></u><u></u></span></p>

<p><u></u><span lang="EN-US" style="font-size:11.0pt;font-family:"Arial","sans-serif";color:#1f497d"><span>3-<span style="font:7.0pt "Times New Roman"">   

</span></span></span><u></u><span lang="EN-US" style="font-size:11.0pt;font-family:"Arial","sans-serif";color:#1f497d">User has an account on a new MNO (OP2)<u></u><u></u></span></p>

<p><u></u><span lang="EN-US" style="font-size:11.0pt;font-family:"Arial","sans-serif";color:#1f497d"><span>4-<span style="font:7.0pt "Times New Roman"">   

</span></span></span><u></u><span lang="EN-US" style="font-size:11.0pt;font-family:"Arial","sans-serif";color:#1f497d">Eventually, OP1 knows that user has migrated to OP2<u></u><u></u></span></p>

<p><u></u><span lang="EN-US" style="font-size:11.0pt;font-family:"Arial","sans-serif";color:#1f497d"><span>5-<span style="font:7.0pt "Times New Roman"">   

</span></span></span><u></u><span lang="EN-US" style="font-size:11.0pt;font-family:"Arial","sans-serif";color:#1f497d">RP knows former MNO (OP1)<u></u><u></u></span></p>

<p class="MsoNormal"><span lang="EN-US" style="font-size:11.0pt;font-family:"Arial","sans-serif";color:#1f497d">Use Case:<u></u><u></u></span></p>

<p><u></u><span lang="EN-US" style="font-size:11.0pt;font-family:"Arial","sans-serif";color:#1f497d"><span>6-<span style="font:7.0pt "Times New Roman"">   

</span></span></span><u></u><span lang="EN-US" style="font-size:11.0pt;font-family:"Arial","sans-serif";color:#1f497d">User visits his usual RP and starts authentication to access the service<u></u><u></u></span></p>

<p><u></u><span lang="EN-US" style="font-size:11.0pt;font-family:"Arial","sans-serif";color:#1f497d"><span>7-<span style="font:7.0pt "Times New Roman"">   

</span></span></span><u></u><span lang="EN-US" style="font-size:11.0pt;font-family:"Arial","sans-serif";color:#1f497d">RP starts the OIDC flow with OP1 with usual secured hints regarding the user<u></u><u></u></span></p>

<p><u></u><span lang="EN-US" style="font-size:11.0pt;font-family:"Arial","sans-serif";color:#1f497d"><span>8-<span style="font:7.0pt "Times New Roman"">   

</span></span></span><u></u><span lang="EN-US" style="font-size:11.0pt;font-family:"Arial","sans-serif";color:#1f497d">OP1 answer’s with an error code “account migrated” and sends back to the RP all the necessary subject values. If OP1 knows what OP user

 has migrated to, it is inserted in the answer<u></u><u></u></span></p>

<p><u></u><span lang="EN-US" style="font-size:11.0pt;font-family:"Arial","sans-serif";color:#1f497d"><span>9-<span style="font:7.0pt "Times New Roman"">   

</span></span></span><u></u><span lang="EN-US" style="font-size:11.0pt;font-family:"Arial","sans-serif";color:#1f497d">RP interacts with the user to get his new OP (discovery process), unless RP already knows what OP user has migrated to.<u></u><u></u></span></p>

<p><u></u><span lang="EN-US" style="font-size:11.0pt;font-family:"Arial","sans-serif";color:#1f497d"><span>10-<span style="font:7.0pt "Times New Roman"">

</span></span></span><u></u><span lang="EN-US" style="font-size:11.0pt;font-family:"Arial","sans-serif";color:#1f497d">RP starts the authentication process with OP2<u></u><u></u></span></p>

<p><u></u><span lang="EN-US" style="font-size:11.0pt;font-family:"Arial","sans-serif";color:#1f497d"><span>11-<span style="font:7.0pt "Times New Roman"">

</span></span></span><u></u><span lang="EN-US" style="font-size:11.0pt;font-family:"Arial","sans-serif";color:#1f497d">According to the success of authentication on OP2, RP migrates subject values for his RP’s account<u></u><u></u></span></p>

<p class="MsoNormal"><span lang="EN-US" style="font-size:11.0pt;font-family:"Arial","sans-serif";color:#1f497d"><u></u> <u></u></span></p>

<p class="MsoNormal"><span lang="EN-US" style="font-size:11.0pt;font-family:"Arial","sans-serif";color:#1f497d">This Use case would take place in one shot, at the moment where user needs to authenticate at RP to get the service, so it would be very efficient

 in terms of migration<u></u><u></u></span></p>

<p class="MsoNormal"><span lang="EN-US" style="font-size:11.0pt;font-family:"Arial","sans-serif";color:#1f497d">It minimizes the situation of cascading OPs

<u></u><u></u></span></p>

<p class="MsoNormal"><span lang="EN-US" style="font-size:11.0pt;font-family:"Arial","sans-serif";color:#1f497d">It avoids to install a dialog between OP1 and OP2 and privacy concerns regarding transfer of personal information from OP1 to OP2.<u></u><u></u></span></p>

<p class="MsoNormal"><span lang="EN-US" style="font-size:11.0pt;font-family:"Arial","sans-serif";color:#1f497d">Then it avoids some situations where user will not start the migration process by accessing a specific service to be developped on OP2.<u></u><u></u></span></p>

<div style="border:none;border-bottom:solid windowtext 1.5pt;padding:0cm 0cm 1.0pt 0cm">

<p class="MsoNormal" style="border:none;padding:0cm"><span lang="EN-US" style="font-size:11.0pt;font-family:"Arial","sans-serif";color:#1f497d">It avoids limitations in Authorization Grant lifetime.<u></u><u></u></span></p>

</div>

<p class="MsoNormal"><span lang="EN-US" style="font-size:11.0pt;font-family:"Arial","sans-serif";color:#1f497d"><u></u> <u></u></span></p>

<p class="MsoNormal"><span lang="EN-US" style="font-size:11.0pt;font-family:"Arial","sans-serif";color:#1f497d"><u></u><u></u></span></p>

<p class="MsoNormal"><span lang="EN-US" style="font-size:11.0pt;font-family:"Arial","sans-serif";color:#1f497d"><u></u> <u></u></span></p>

<div>

<div style="border:none;border-top:solid #b5c4df 1.0pt;padding:3.0pt 0cm 0cm 0cm">

<p class="MsoNormal"><b><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif"">De :</span></b><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif""> Openid-specs-mobile-profile [mailto:<a href="mailto:openid-specs-mobile-profile-bounces@lists.openid.net" target="_blank">openid-specs-mobile-<wbr>profile-bounces@lists.openid.<wbr>net</a>]

<b>De la part de</b> <a href="mailto:Torsten.Lodderstedt@telekom.de" target="_blank">Torsten.Lodderstedt@telekom.de</a><br>

<b>Envoyé :</b> jeudi 11 août 2016 12:16<br>

<b>À :</b> <a href="mailto:openid-specs-mobile-profile@lists.openid.net" target="_blank">openid-specs-mobile-profile@<wbr>lists.openid.net</a><br>

<b>Objet :</b> [Openid-specs-mobile-profile] Preliminary minutes of MODRNA WG Call on August 10th 2016<u></u><u></u></span></p>

</div>

</div>

<p class="MsoNormal"><u></u> <u></u></p>

<div>

<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif"">Hi all,<u></u><u></u></span></p>

</div>

<div>

<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif""> <u></u><u></u></span></p>

</div>

<div>

<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif"">please find below the draft of the WG Call minutes.<u></u><u></u></span></p>

</div>

<div>

<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif""> <u></u><u></u></span></p>

</div>

<div>

<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif"">Best regards,<u></u><u></u></span></p>

</div>

<div>

<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif"">Torsten.<u></u><u></u></span></p>

</div>

<div>

<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif""> <u></u><u></u></span></p>

</div>

<div>

<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif"">Participants: John Bradley, Venkatasivakumar Boyalakuntla (Siva), James Manger, Bjorn Hjelm, Florian Walter, Jörg Connotte, Nat Sakimura, Gonzalo Fernandez Rodriguez, Ijaz

 Khan, Torsten Lodderstedt<u></u><u></u></span></p>

</div>

<div>

<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif""> <u></u><u></u></span></p>

</div>

<div>

<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif"">Status of our high-prio drafts:<u></u><u></u></span></p>

</div>

<p class="MsoNormal" style="margin-left:0cm">

<u></u><span style="font-size:11.0pt;font-family:"Calibri","sans-serif""><span>1.<span style="font:7.0pt "Times New Roman"">      

</span></span></span><u></u><span style="font-size:11.0pt;font-family:"Calibri","sans-serif"">Server-initiated authentication

<u></u><u></u></span></p>

<p class="MsoNormal" style="margin-left:0cm">

<u></u><span style="font-size:10.0pt;font-family:Symbol"><span>·<span style="font:7.0pt "Times New Roman"">        

</span></span></span><u></u><span style="font-size:11.0pt;font-family:"Calibri","sans-serif"">Gonzalo and Florian presented the first draft (<a href="https://bitbucket.org/openid/mobile/raw/75ca37860ae1fe90b085d32ad88507e82e2f374f/draft-mobile-server-initiation-01.txt" target="_blank">https://bitbucket.org/openid/<wbr>mobile/raw/<wbr>75ca37860ae1fe90b085d32ad88507<wbr>e82e2f374f/draft-mobile-<wbr>server-initiation-01.txt</a>)

<u></u><u></u></span></p>

<p class="MsoNormal" style="margin-left:0cm">

<u></u><span style="font-size:10.0pt;font-family:Symbol"><span>·<span style="font:7.0pt "Times New Roman"">        

</span></span></span><u></u><span style="font-size:11.0pt;font-family:"Calibri","sans-serif"">All WG members are asked to review it and give feedback on the list

<u></u><u></u></span></p>

<p class="MsoNormal" style="margin-left:0cm">

<u></u><span style="font-size:11.0pt;font-family:"Calibri","sans-serif""><span>2.<span style="font:7.0pt "Times New Roman"">      

</span></span></span><u></u><span style="font-size:11.0pt;font-family:"Calibri","sans-serif"">Account migration

<u></u><u></u></span></p>

<p class="MsoNormal" style="margin-left:0cm">

<u></u><span style="font-size:10.0pt;font-family:Symbol"><span>·<span style="font:7.0pt "Times New Roman"">        

</span></span></span><u></u><span style="font-size:11.0pt;font-family:"Calibri","sans-serif"">James Manger explained an alternative proposal for handling of migration data. The basic idea is to instead of transferring it via a signed JWT, the old OP exposes

 an endpoint where the RP can directly call and determine whether and where a particular account has been migrated to<u></u><u></u></span></p>

<p class="MsoNormal" style="margin-left:0cm">

<u></u><span style="font-size:10.0pt;font-family:Symbol"><span>·<span style="font:7.0pt "Times New Roman"">        

</span></span></span><u></u><span style="font-size:11.0pt;font-family:"Calibri","sans-serif"">The RP should be able to authenticate with the old OP since it is a RP of this OP as well (since it uses the old OP for logins)<u></u><u></u></span></p>

<p class="MsoNormal" style="margin-left:0cm">

<u></u><span style="font-size:10.0pt;font-family:Symbol"><span>·<span style="font:7.0pt "Times New Roman"">        

</span></span></span><u></u><span style="font-size:11.0pt;font-family:"Calibri","sans-serif"">pro: no issue regarding signing key expiration<u></u><u></u></span></p>

<p class="MsoNormal" style="margin-left:0cm">

<u></u><span style="font-size:10.0pt;font-family:Symbol"><span>·<span style="font:7.0pt "Times New Roman"">        

</span></span></span><u></u><span style="font-size:11.0pt;font-family:"Calibri","sans-serif"">James will post a more detailed description on the list so we can have a discussion of which way to go<u></u><u></u></span></p>

<p class="MsoNormal" style="margin-left:0cm">

<u></u><span style="font-size:11.0pt;font-family:"Calibri","sans-serif""><span>3.<span style="font:7.0pt "Times New Roman"">      

</span></span></span><u></u><span style="font-size:11.0pt;font-family:"Calibri","sans-serif"">Attributes UserInfo/PremiumInfo<u></u><u></u></span></p>

<div>

<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif"">- Siva presented current list<u></u><u></u></span></p>

</div>

<div>

<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif"">- WG members gave feedback and advice on how to incorporate Mobile Connect specific claims into OIDC (UserInfo and ID Token) by constructing collision resistant claim names<u></u><u></u></span></p>

</div>

<div>

<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif"">- Siva takes this back to CPAS<u></u><u></u></span></p>

</div>

<div>

<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif""> <u></u><u></u></span></p>

</div>

<div>

<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif"">Status Workshop<u></u><u></u></span></p>

</div>

<p class="MsoNormal" style="margin-left:0cm">

<u></u><span style="font-size:10.0pt;font-family:Symbol"><span>·<span style="font:7.0pt "Times New Roman"">        

</span></span></span><u></u><span style="font-size:11.0pt;font-family:"Calibri","sans-serif"">Eventbrite event has been set up and will be distributed soon<u></u><u></u></span></p>

<p class="MsoNormal" style="margin-left:0cm">

<u></u><span style="font-size:10.0pt;font-family:Symbol"><span>·<span style="font:7.0pt "Times New Roman"">        

</span></span></span><u></u><span style="font-size:11.0pt;font-family:"Calibri","sans-serif"">No further information on location and logistics since Philippe did not attend the call<u></u><u></u></span></p>

<div>

<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif""> <u></u><u></u></span></p>

</div>

<div>

<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif""> <u></u><u></u></span></p>

</div>

<div>

<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif""> <u></u><u></u></span></p>

</div>

<div>

<p class="MsoNormal"><b><span style="font-size:8.0pt;font-family:"Arial","sans-serif";text-transform:uppercase">Deutsche Telekom AG</span></b><span style="font-size:11.0pt;font-family:"Calibri","sans-serif""><u></u><u></u></span></p>

</div>

<div>

<p class="MsoNormal"><span style="font-size:9.0pt;font-family:"TeleGrotesk Headline","serif";color:#e20074;text-transform:uppercase">Group

</span><b><span style="font-size:9.0pt;font-family:"TeleGrotesk Headline Ultra","serif";color:#e20074;text-transform:uppercase">Innovation</span></b><b><sup><span style="font-size:6.0pt;font-family:"TeleGrotesk Headline Ultra","serif";color:#e20074;text-transform:uppercase">+</span></sup></b><span style="font-size:8.0pt;font-family:"Arial","sans-serif";color:black">

 / Products & Innovation</span><span style="font-size:11.0pt;font-family:"Calibri","sans-serif""><u></u><u></u></span></p>

</div>

<div>

<p class="MsoNormal"><span style="font-size:8.0pt;font-family:"Arial","sans-serif"">Dr.-Ing. Torsten Lodderstedt</span><span style="font-size:11.0pt;font-family:"Calibri","sans-serif""><u></u><u></u></span></p>

</div>

<div>

<p class="MsoNormal"><span style="font-size:8.0pt;font-family:"Arial","sans-serif"">Leiter Enabling Platforms / Technology</span><span style="font-size:11.0pt;font-family:"Calibri","sans-serif""><u></u><u></u></span></p>

</div>

<div>

<p class="MsoNormal"><span style="font-size:8.0pt;font-family:"Arial","sans-serif"">T-Online Allee 1, 64295 Darmstadt, Germany</span><span style="font-size:11.0pt;font-family:"Calibri","sans-serif""><u></u><u></u></span></p>

</div>

<div>

<p class="MsoNormal"><span style="font-size:8.0pt;font-family:"Arial","sans-serif""><a href="tel:%2B49%206151%205837619" value="+4961515837619" target="_blank">+49 6151 5837619</a>  (Phone)</span><span style="font-size:11.0pt;font-family:"Calibri","sans-serif""><u></u><u></u></span></p>

</div>

<div>

<p class="MsoNormal"><span style="font-size:8.0pt;font-family:"Arial","sans-serif"">E-Mail:

<a href="mailto:t.lodderstedt@telekom.de" target="_blank">torsten.lodderstedt@telekom.de</a> </span>

<span style="font-size:11.0pt;font-family:"Calibri","sans-serif""><u></u><u></u></span></p>

</div>

<div>

<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif""><a href="http://www.telekom.com/" target="_blank"><span style="font-size:8.0pt;font-family:"Arial","sans-serif"">www.telekom.com</span></a></span><span style="font-size:8.0pt;font-family:"Arial","sans-serif"">

</span><span style="font-size:11.0pt;font-family:"Calibri","sans-serif""><u></u><u></u></span></p>

</div>

<div>

<p class="MsoNormal"><span style="font-size:8.0pt;font-family:"Calibri","sans-serif""> </span><span style="font-size:11.0pt;font-family:"Calibri","sans-serif""><u></u><u></u></span></p>

</div>

<div>

<p class="MsoNormal"><b><span style="font-size:10.0pt;font-family:"Arial","sans-serif";color:#e20074;text-transform:uppercase">Life is for sharing.</span></b><b><span style="font-size:10.0pt;font-family:"Calibri","sans-serif";color:black;text-transform:uppercase"> </span></b><b><span style="font-size:10.0pt;font-family:"Arial","sans-serif";color:black;text-transform:uppercase">

</span></b><span style="font-size:11.0pt;font-family:"Calibri","sans-serif""><u></u><u></u></span></p>

</div>

<div>

<p class="MsoNormal"><span style="font-size:8.0pt;font-family:"Calibri","sans-serif""> </span><span style="font-size:11.0pt;font-family:"Calibri","sans-serif""><u></u><u></u></span></p>

</div>

<div>

<p class="MsoNormal"><span style="font-size:8.0pt;font-family:"Arial","sans-serif"">You can find the obligatory information on

<a href="http://www.telekom.com/compulsory-statement" target="_blank">www.telekom.com/compulsory-<wbr>statement</a></span><span style="font-size:11.0pt;font-family:"Calibri","sans-serif""><u></u><u></u></span></p>

</div>

<div>

<p class="MsoNormal"><span style="font-size:8.0pt;font-family:"Calibri","sans-serif""> </span><span style="font-size:11.0pt;font-family:"Calibri","sans-serif""><u></u><u></u></span></p>

</div>

<div>

<p class="MsoNormal"><b><span style="font-size:8.0pt;font-family:"Arial","sans-serif";text-transform:uppercase">Big changes start small – conserve resources by not printing every e-mail.</span></b><span style="font-size:11.0pt;font-family:"Calibri","sans-serif""><u></u><u></u></span></p>

</div>

<div>

<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif""> <u></u><u></u></span></p>

</div>

<div>

<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif""> <u></u><u></u></span></p>

</div>

<div>

<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif""> <u></u><u></u></span></p>

</div>

</div>

<pre>______________________________<wbr>______________________________<wbr>______________________________<wbr>______________________________<wbr>_

Ce message et ses pieces jointes peuvent contenir des informations confidentielles ou privilegiees et ne doivent donc

pas etre diffuses, exploites ou copies sans autorisation. Si vous avez recu ce message par erreur, veuillez le signaler

a l'expediteur et le detruire ainsi que les pieces jointes. Les messages electroniques etant susceptibles d'alteration,

Orange decline toute responsabilite si ce message a ete altere, deforme ou falsifie. Merci.

This message and its attachments may contain confidential or privileged information that may be protected by law;

they should not be distributed, used or copied without authorisation.

If you have received this email in error, please notify the sender and delete this message and its attachments.

As emails may be altered, Orange is not liable for messages that have been modified, changed or falsified.

Thank you.

</pre></div>

<br><br>---------- Message transféré ----------<br>From: <<a href="mailto:philippe.clement@orange.com">philippe.clement@orange.com</a>><br>To: "<a href="mailto:Torsten.Lodderstedt@telekom.de">Torsten.Lodderstedt@telekom.de</a>" <<a href="mailto:Torsten.Lodderstedt@telekom.de">Torsten.Lodderstedt@telekom.de</a>>, "<a href="mailto:openid-specs-mobile-profile@lists.openid.net">openid-specs-mobile-profile@lists.openid.net</a>" <<a href="mailto:openid-specs-mobile-profile@lists.openid.net">openid-specs-mobile-profile@lists.openid.net</a>><br>Cc: "<a href="mailto:philippe.clement.ft@gmail.com">philippe.clement.ft@gmail.com</a>" <<a href="mailto:philippe.clement.ft@gmail.com">philippe.clement.ft@gmail.com</a>><br>Date: Tue, 26 Jul 2016 13:48:00 +0000<br>Subject: RE: New Version of Account Migration Draft<br>

<div lang="FR" link="blue" vlink="purple">

<div>

<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Arial","sans-serif";color:#1f497d">Hi Torsten,<u></u><u></u></span></p>

<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Arial","sans-serif";color:#1f497d"><u></u> <u></u></span></p>

<p class="MsoNormal"><span lang="EN-US" style="font-size:11.0pt;font-family:"Arial","sans-serif";color:#1f497d">Thank you for this very valuable document.<u></u><u></u></span></p>

<p class="MsoNormal"><span lang="EN-US" style="font-size:11.0pt;font-family:"Arial","sans-serif";color:#1f497d"><u></u> <u></u></span></p>

<p class="MsoNormal"><span lang="EN-US" style="font-size:11.0pt;font-family:"Arial","sans-serif";color:#1f497d">By reading the set of 2 phases, I was wondering if we could add a scenario combining these 2 ones.<u></u><u></u></span></p>

<p class="MsoNormal"><span lang="EN-US" style="font-size:11.0pt;font-family:"Arial","sans-serif";color:#1f497d">In this scenario, we could have:<u></u><u></u></span></p>

<p class="MsoNormal"><span lang="EN-US" style="font-size:11.0pt;font-family:"Arial","sans-serif";color:#1f497d"><u></u> <u></u></span></p>

<p class="MsoNormal"><span lang="EN-US" style="font-size:11.0pt;font-family:"Arial","sans-serif";color:#1f497d">Prerequisite:

<u></u><u></u></span></p>

<p><u></u><span lang="EN-US" style="font-size:11.0pt;font-family:"Arial","sans-serif";color:#1f497d"><span>1-<span style="font:7.0pt "Times New Roman"">   

</span></span></span><u></u><span lang="EN-US" style="font-size:11.0pt;font-family:"Arial","sans-serif";color:#1f497d">User had an account on a previous MNO (OP1)<u></u><u></u></span></p>

<p><u></u><span lang="EN-US" style="font-size:11.0pt;font-family:"Arial","sans-serif";color:#1f497d"><span>2-<span style="font:7.0pt "Times New Roman"">   

</span></span></span><u></u><span lang="EN-US" style="font-size:11.0pt;font-family:"Arial","sans-serif";color:#1f497d">User’s account on OP1 is closed<u></u><u></u></span></p>

<p><u></u><span lang="EN-US" style="font-size:11.0pt;font-family:"Arial","sans-serif";color:#1f497d"><span>3-<span style="font:7.0pt "Times New Roman"">   

</span></span></span><u></u><span lang="EN-US" style="font-size:11.0pt;font-family:"Arial","sans-serif";color:#1f497d">User has an account on a new MNO (OP2)<u></u><u></u></span></p>

<p><u></u><span lang="EN-US" style="font-size:11.0pt;font-family:"Arial","sans-serif";color:#1f497d"><span>4-<span style="font:7.0pt "Times New Roman"">   

</span></span></span><u></u><span lang="EN-US" style="font-size:11.0pt;font-family:"Arial","sans-serif";color:#1f497d">Eventually, OP1 knows that user has migrated to OP2<u></u><u></u></span></p>

<p><u></u><span lang="EN-US" style="font-size:11.0pt;font-family:"Arial","sans-serif";color:#1f497d"><span>5-<span style="font:7.0pt "Times New Roman"">   

</span></span></span><u></u><span lang="EN-US" style="font-size:11.0pt;font-family:"Arial","sans-serif";color:#1f497d">RP knows former MNO (OP1)<u></u><u></u></span></p>

<p class="MsoNormal"><span lang="EN-US" style="font-size:11.0pt;font-family:"Arial","sans-serif";color:#1f497d">Use Case:<u></u><u></u></span></p>

<p><u></u><span lang="EN-US" style="font-size:11.0pt;font-family:"Arial","sans-serif";color:#1f497d"><span>6-<span style="font:7.0pt "Times New Roman"">   

</span></span></span><u></u><span lang="EN-US" style="font-size:11.0pt;font-family:"Arial","sans-serif";color:#1f497d">User visits his usual RP and starts authentication to access the service<u></u><u></u></span></p>

<p><u></u><span lang="EN-US" style="font-size:11.0pt;font-family:"Arial","sans-serif";color:#1f497d"><span>7-<span style="font:7.0pt "Times New Roman"">   

</span></span></span><u></u><span lang="EN-US" style="font-size:11.0pt;font-family:"Arial","sans-serif";color:#1f497d">RP starts the OIDC flow with OP1 with usual secured hints regarding the user<u></u><u></u></span></p>

<p><u></u><span lang="EN-US" style="font-size:11.0pt;font-family:"Arial","sans-serif";color:#1f497d"><span>8-<span style="font:7.0pt "Times New Roman"">   

</span></span></span><u></u><span lang="EN-US" style="font-size:11.0pt;font-family:"Arial","sans-serif";color:#1f497d">OP1 answer’s with an error code “account migrated” and sends back to the RP all the necessary subject values. If OP1 knows what OP user

 has migrated to, it is inserted in the answer<u></u><u></u></span></p>

<p><u></u><span lang="EN-US" style="font-size:11.0pt;font-family:"Arial","sans-serif";color:#1f497d"><span>9-<span style="font:7.0pt "Times New Roman"">   

</span></span></span><u></u><span lang="EN-US" style="font-size:11.0pt;font-family:"Arial","sans-serif";color:#1f497d">RP interacts with the user to get his new OP (discovery process), unless RP already knows what OP user has migrated to.<u></u><u></u></span></p>

<p><u></u><span lang="EN-US" style="font-size:11.0pt;font-family:"Arial","sans-serif";color:#1f497d"><span>10-<span style="font:7.0pt "Times New Roman"">

</span></span></span><u></u><span lang="EN-US" style="font-size:11.0pt;font-family:"Arial","sans-serif";color:#1f497d">RP starts the authentication process with OP2<u></u><u></u></span></p>

<p><u></u><span lang="EN-US" style="font-size:11.0pt;font-family:"Arial","sans-serif";color:#1f497d"><span>11-<span style="font:7.0pt "Times New Roman"">

</span></span></span><u></u><span lang="EN-US" style="font-size:11.0pt;font-family:"Arial","sans-serif";color:#1f497d">According to the success of authentication on OP2, RP migrates subject values for his RP’s account<u></u><u></u></span></p>

<p class="MsoNormal"><span lang="EN-US" style="font-size:11.0pt;font-family:"Arial","sans-serif";color:#1f497d"><u></u> <u></u></span></p>

<p class="MsoNormal"><span lang="EN-US" style="font-size:11.0pt;font-family:"Arial","sans-serif";color:#1f497d">This Use case would take place in one shot, at the moment where user needs to authenticate at RP to get the service, so it would be very efficient

 in terms of migration<u></u><u></u></span></p>

<p class="MsoNormal"><span lang="EN-US" style="font-size:11.0pt;font-family:"Arial","sans-serif";color:#1f497d">It minimizes the situation of cascading OPs

<u></u><u></u></span></p>

<p class="MsoNormal"><span lang="EN-US" style="font-size:11.0pt;font-family:"Arial","sans-serif";color:#1f497d">It avoids to install a dialog between OP1 and OP2 and privacy concerns regarding transfer of personal information from OP1 to OP2.<u></u><u></u></span></p>

<p class="MsoNormal"><span lang="EN-US" style="font-size:11.0pt;font-family:"Arial","sans-serif";color:#1f497d">Then it avoids some situations where user will not start the migration process by accessing a specific service to be developped on OP2.<u></u><u></u></span></p>

<p class="MsoNormal"><span lang="EN-US" style="font-size:11.0pt;font-family:"Arial","sans-serif";color:#1f497d">It avoids limitations in Authorization Grant lifetime.<u></u><u></u></span></p>

<p class="MsoNormal"><span lang="EN-US" style="font-size:11.0pt;font-family:"Arial","sans-serif";color:#1f497d"><u></u> <u></u></span></p>

<p class="MsoNormal"><span lang="EN-US" style="font-size:11.0pt;font-family:"Arial","sans-serif";color:#1f497d">I could have missed something important, and so I’m looking forward to any feedback from the list<u></u><u></u></span></p>

<p class="MsoNormal"><span lang="EN-US" style="font-size:11.0pt;font-family:"Arial","sans-serif";color:#1f497d"><u></u> <u></u></span></p>

<p class="MsoNormal"><span lang="EN-US" style="font-size:11.0pt;font-family:"Arial","sans-serif";color:#1f497d">Kind regards,<u></u><u></u></span></p>

<p class="MsoNormal"><span lang="EN-US" style="font-size:11.0pt;font-family:"Arial","sans-serif";color:#1f497d">Philippe<u></u><u></u></span></p>

<p class="MsoNormal"><span lang="EN-US" style="font-size:11.0pt;font-family:"Arial","sans-serif";color:#1f497d"><u></u> <u></u></span></p>

<div>

<div style="border:none;border-top:solid #b5c4df 1.0pt;padding:3.0pt 0cm 0cm 0cm">

<p class="MsoNormal"><b><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif"">De :</span></b><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif""> Openid-specs-mobile-profile [mailto:<a href="mailto:openid-specs-mobile-profile-bounces@lists.openid.net" target="_blank">openid-specs-mobile-<wbr>profile-bounces@lists.openid.<wbr>net</a>]

<b>De la part de</b> <a href="mailto:Torsten.Lodderstedt@telekom.de" target="_blank">Torsten.Lodderstedt@telekom.de</a><br>

<b>Envoyé :</b> mardi 19 juillet 2016 13:30<br>

<b>À :</b> <a href="mailto:openid-specs-mobile-profile@lists.openid.net" target="_blank">openid-specs-mobile-profile@<wbr>lists.openid.net</a><br>

<b>Objet :</b> [Openid-specs-mobile-profile] New Version of Account Migration Draft<u></u><u></u></span></p>

</div>

</div>

<p class="MsoNormal"><u></u> <u></u></p>

<div>

<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif"">Hi all,<u></u><u></u></span></p>

</div>

<div>

<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif""> <u></u><u></u></span></p>

</div>

<div>

<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif"">I just published -01 of the account migration draft at <a href="http://openid.net" target="_blank">openid.net</a> (<a href="http://openid.net/wordpress-content/uploads/2014/04/draft-account-migration-01.html" target="_blank">http://openid.net/wordpress-<wbr>content/uploads/2014/04/draft-<wbr>account-migration-01.html</a>).

 The source code can be found in our Bitbucket repo.<u></u><u></u></span></p>

</div>

<div>

<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif""> <u></u><u></u></span></p>

</div>

<div>

<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif"">This is a significant rewrite of the specification based on your valuable feedback. Thank you! Although I tried to incorporate all review comments, please bear with me if

 I missed a comment. Please let me know, so I can incorporate it in the next revision.

<u></u><u></u></span></p>

</div>

<div>

<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif""> <u></u><u></u></span></p>

</div>

<div>

<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif"">I applied the following changes to the document:<u></u><u></u></span></p>

</div>

<div>

<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif""> <u></u><u></u></span></p>

</div>

<p class="MsoNormal" style="margin-left:0cm">

<u></u><span style="font-size:10.0pt;font-family:Symbol"><span>·<span style="font:7.0pt "Times New Roman"">        

</span></span></span><u></u><span style="font-size:11.0pt;font-family:"Calibri","sans-serif"">reorganized the draft<u></u><u></u></span></p>

<p class="MsoNormal" style="margin-left:0cm">

<u></u><span style="font-size:10.0pt;font-family:Symbol"><span>·<span style="font:7.0pt "Times New Roman"">        

</span></span></span><u></u><span style="font-size:11.0pt;font-family:"Calibri","sans-serif"">extended introduction and overview<u></u><u></u></span></p>

<p class="MsoNormal" style="margin-left:0cm">

<u></u><span style="font-size:10.0pt;font-family:Symbol"><span>·<span style="font:7.0pt "Times New Roman"">        

</span></span></span><u></u><span style="font-size:11.0pt;font-family:"Calibri","sans-serif"">stated scope of the draft and what is currently out of scope<u></u><u></u></span></p>

<p class="MsoNormal" style="margin-left:0cm">

<u></u><span style="font-size:10.0pt;font-family:Symbol"><span>·<span style="font:7.0pt "Times New Roman"">        

</span></span></span><u></u><span style="font-size:11.0pt;font-family:"Calibri","sans-serif"">changed terminology from porting to migration<u></u><u></u></span></p>

<p class="MsoNormal" style="margin-left:0cm">

<u></u><span style="font-size:10.0pt;font-family:Symbol"><span>·<span style="font:7.0pt "Times New Roman"">        

</span></span></span><u></u><span style="font-size:11.0pt;font-family:"Calibri","sans-serif"">changed migration data structure to be different from an id token<u></u><u></u></span></p>

<p class="MsoNormal" style="margin-left:0cm">

<u></u><span style="font-size:10.0pt;font-family:Symbol"><span>·<span style="font:7.0pt "Times New Roman"">        

</span></span></span><u></u><span style="font-size:11.0pt;font-family:"Calibri","sans-serif"">cleaned up references<u></u><u></u></span></p>

<p class="MsoNormal" style="margin-left:0cm">

<u></u><span style="font-size:10.0pt;font-family:Symbol"><span>·<span style="font:7.0pt "Times New Roman"">        

</span></span></span><u></u><span style="font-size:11.0pt;font-family:"Calibri","sans-serif"">added initial security considerations<u></u><u></u></span></p>

<div>

<p class="MsoNormal"><span lang="EN-US" style="font-size:11.0pt;font-family:"Calibri","sans-serif""> <u></u><u></u></span></p>

</div>

<div>

<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif"">Please post your feedback to the list.<u></u><u></u></span></p>

</div>

<div>

<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif""> <u></u><u></u></span></p>

</div>

<div>

<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif"">best regards,<u></u><u></u></span></p>

</div>

<div>

<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif"">Torsten.<u></u><u></u></span></p>

</div>

<div>

<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif""> <u></u><u></u></span></p>

</div>

</div>

</div>

<br></div><br></div>