<html>
<head>
<meta content="text/html; charset=windows-1252"
http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
Hi James,<br>
<br>
I just assigned you write permission on the repo, so you can upload
your draft.<br>
<br>
best regards,<br>
Torsten.<br>
<br>
<div class="moz-cite-prefix">Am 23.08.2016 um 14:58 schrieb Manger,
James:<br>
</div>
<blockquote
cite="mid:255B9BB34FB7D647A506DC292726F6E13BFF1189A2@WSMSG3153V.srv.dir.telstra.com"
type="cite">
<meta http-equiv="Content-Type" content="text/html;
charset=windows-1252">
<meta name="Generator" content="Microsoft Word 15 (filtered
medium)">
<style><!--
/* Font Definitions */
@font-face
{font-family:Wingdings;
panose-1:5 0 0 0 0 0 0 0 0 0;}
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Tahoma;
panose-1:2 11 6 4 3 5 4 4 2 4;}
@font-face
{font-family:Consolas;
panose-1:2 11 6 9 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0cm;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Times New Roman",serif;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
pre
{mso-style-priority:99;
mso-style-link:"HTML Preformatted Char";
margin:0cm;
margin-bottom:.0001pt;
font-size:10.0pt;
font-family:"Courier New";}
p.MsoListParagraph, li.MsoListParagraph, div.MsoListParagraph
{mso-style-priority:34;
margin-top:0cm;
margin-right:0cm;
margin-bottom:0cm;
margin-left:36.0pt;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Times New Roman",serif;}
p.emailquote, li.emailquote, div.emailquote
{mso-style-name:emailquote;
mso-margin-top-alt:auto;
margin-right:0cm;
mso-margin-bottom-alt:auto;
margin-left:1.0pt;
font-size:12.0pt;
font-family:"Times New Roman",serif;}
span.EmailStyle19
{mso-style-type:personal;
font-family:"Arial",sans-serif;
color:#1F497D;
font-weight:normal;
font-style:normal;}
span.HTMLPreformattedChar
{mso-style-name:"HTML Preformatted Char";
mso-style-priority:99;
mso-style-link:"HTML Preformatted";
font-family:Consolas;}
span.EmailStyle22
{mso-style-type:personal-reply;
font-family:"Calibri",sans-serif;
color:#1F497D;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page WordSection1
{size:612.0pt 792.0pt;
margin:70.85pt 70.85pt 70.85pt 70.85pt;}
div.WordSection1
{page:WordSection1;}
/* List Definitions */
@list l0
{mso-list-id:29766693;
mso-list-template-ids:1086886392;}
@list l0:level1
{mso-level-start-at:2;
mso-level-tab-stop:36.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;}
@list l0:level2
{mso-level-tab-stop:72.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;}
@list l0:level3
{mso-level-tab-stop:108.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;}
@list l0:level4
{mso-level-tab-stop:144.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;}
@list l0:level5
{mso-level-tab-stop:180.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;}
@list l0:level6
{mso-level-tab-stop:216.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;}
@list l0:level7
{mso-level-tab-stop:252.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;}
@list l0:level8
{mso-level-tab-stop:288.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;}
@list l0:level9
{mso-level-tab-stop:324.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;}
@list l1
{mso-list-id:500586393;
mso-list-template-ids:-981146096;}
@list l1:level1
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:36.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l1:level2
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:72.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;
mso-ansi-font-size:10.0pt;
font-family:"Courier New";
mso-bidi-font-family:"Times New Roman";}
@list l1:level3
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:108.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l1:level4
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:144.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l1:level5
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:180.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l1:level6
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:216.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l1:level7
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:252.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l1:level8
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:288.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l1:level9
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:324.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l2
{mso-list-id:618419795;
mso-list-template-ids:204928278;}
@list l2:level1
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:36.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l2:level2
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:72.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;
mso-ansi-font-size:10.0pt;
font-family:"Courier New";
mso-bidi-font-family:"Times New Roman";}
@list l2:level3
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:108.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l2:level4
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:144.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l2:level5
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:180.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l2:level6
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:216.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l2:level7
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:252.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l2:level8
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:288.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l2:level9
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:324.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l3
{mso-list-id:1357193570;
mso-list-type:hybrid;
mso-list-template-ids:635848352 494942984 67895321 67895323 67895311 67895321 67895323 67895311 67895321 67895323;}
@list l3:level1
{mso-level-text:%1-;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;}
@list l3:level2
{mso-level-number-format:alpha-lower;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;}
@list l3:level3
{mso-level-number-format:roman-lower;
mso-level-tab-stop:none;
mso-level-number-position:right;
text-indent:-9.0pt;}
@list l3:level4
{mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;}
@list l3:level5
{mso-level-number-format:alpha-lower;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;}
@list l3:level6
{mso-level-number-format:roman-lower;
mso-level-tab-stop:none;
mso-level-number-position:right;
text-indent:-9.0pt;}
@list l3:level7
{mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;}
@list l3:level8
{mso-level-number-format:alpha-lower;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;}
@list l3:level9
{mso-level-number-format:roman-lower;
mso-level-tab-stop:none;
mso-level-number-position:right;
text-indent:-9.0pt;}
@list l4
{mso-list-id:1523588219;
mso-list-template-ids:-1172546936;}
@list l4:level1
{mso-level-start-at:3;
mso-level-tab-stop:36.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;}
@list l4:level2
{mso-level-tab-stop:72.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;}
@list l4:level3
{mso-level-tab-stop:108.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;}
@list l4:level4
{mso-level-tab-stop:144.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;}
@list l4:level5
{mso-level-tab-stop:180.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;}
@list l4:level6
{mso-level-tab-stop:216.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;}
@list l4:level7
{mso-level-tab-stop:252.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;}
@list l4:level8
{mso-level-tab-stop:288.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;}
@list l4:level9
{mso-level-tab-stop:324.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;}
@list l5
{mso-list-id:1871990116;
mso-list-template-ids:1826246824;}
@list l5:level1
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:36.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l5:level2
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:72.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;
mso-ansi-font-size:10.0pt;
font-family:"Courier New";
mso-bidi-font-family:"Times New Roman";}
@list l5:level3
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:108.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l5:level4
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:144.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l5:level5
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:180.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l5:level6
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:216.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l5:level7
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:252.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l5:level8
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:288.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l5:level9
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:324.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l6
{mso-list-id:2076051930;
mso-list-template-ids:1703068736;}
@list l6:level1
{mso-level-tab-stop:36.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;}
@list l6:level2
{mso-level-tab-stop:72.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;}
@list l6:level3
{mso-level-tab-stop:108.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;}
@list l6:level4
{mso-level-tab-stop:144.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;}
@list l6:level5
{mso-level-tab-stop:180.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;}
@list l6:level6
{mso-level-tab-stop:216.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;}
@list l6:level7
{mso-level-tab-stop:252.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;}
@list l6:level8
{mso-level-tab-stop:288.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;}
@list l6:level9
{mso-level-tab-stop:324.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;}
ol
{margin-bottom:0cm;}
ul
{margin-bottom:0cm;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
<div class="WordSection1">
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D;mso-fareast-language:EN-US">Hi
Philippe,<o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D;mso-fareast-language:EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D;mso-fareast-language:EN-US">My
alternative porting proposal is quite different from the
flow you list. See my <a moz-do-not-send="true"
href="http://lists.openid.net/pipermail/openid-specs-mobile-profile/Week-of-Mon-20160815/000512.html">16
Aug email</a> and <a moz-do-not-send="true"
href="http://lists.openid.net/pipermail/openid-specs-mobile-profile/attachments/20160816/17846b84/attachment-0003.html">attached
draft spec</a>. It involves OP2 getting per-RP porting
info from OP1, including it when the user next logs into the
RP (this time via OP2), and the RP confirming the port with
an API call to OP1.<o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D;mso-fareast-language:EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D;mso-fareast-language:EN-US">A
useful feature of your flow below is that it considers the
cached info an RP has about a user’s old OP (OP1) and how
this interacts with the porting process. Neither
draft-account-porting-00 (mine) nor
draft-account-migration-02 (Torsten’s) consider that; they
silently assume that authentication with OP2 occurs after
any error from being “mistakenly” redirected to OP1 after
the port.<o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D;mso-fareast-language:EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D;mso-fareast-language:EN-US">I
don’t think the flow below works.<o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D;mso-fareast-language:EN-US">At
step 8 OP1 hasn’t authenticated the user so it cannot send
the RP “all the necessary subject values”.<o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D;mso-fareast-language:EN-US">Even
if OP1 does authenticate the user at step 8, this flow isn’t
great as it requires the user to login to OP1 (at step 8)
and login to OP2 (at step 11) for every RP. The main value
of a porting process was to leverage a single dual-login
event to be able to inform every RP; not to have to repeat a
dual-login for every RP.<o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D;mso-fareast-language:EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D;mso-fareast-language:EN-US">The
flow doesn’t seem to work when the RP no longer has a cached
secure hint for a user (eg cleared cookies or new device).
The RP starts with discovery (step 9) so it never learns
about OP1.<o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D;mso-fareast-language:EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D;mso-fareast-language:EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D;mso-fareast-language:EN-US">P.S.
Can I (or someone else) upload draft-account-porting-00 to
the group’s bitbucket so it can be viewed properly, instead
of seeing the raw HTML that the email archive delivers?<o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D;mso-fareast-language:EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D;mso-fareast-language:EN-US">--<o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D;mso-fareast-language:EN-US">James
Manger<o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D;mso-fareast-language:EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D;mso-fareast-language:EN-US"><o:p> </o:p></span></p>
<div>
<div style="border:none;border-top:solid #E1E1E1
1.0pt;padding:3.0pt 0cm 0cm 0cm">
<p class="MsoNormal"><b><span
style="font-size:11.0pt;font-family:"Calibri",sans-serif"
lang="EN-US">From:</span></b><span
style="font-size:11.0pt;font-family:"Calibri",sans-serif"
lang="EN-US"> <a class="moz-txt-link-abbreviated" href="mailto:philippe.clement@orange.com">philippe.clement@orange.com</a>
[<a class="moz-txt-link-freetext" href="mailto:philippe.clement@orange.com">mailto:philippe.clement@orange.com</a>] <br>
<b>Sent:</b> Tuesday, 23 August 2016 7:21 PM<br>
<b>To:</b> <a class="moz-txt-link-abbreviated" href="mailto:openid-specs-mobile-profile@lists.openid.net">openid-specs-mobile-profile@lists.openid.net</a>;
Manger, James <a class="moz-txt-link-rfc2396E" href="mailto:James.H.Manger@team.telstra.com"><James.H.Manger@team.telstra.com></a><br>
<b>Cc:</b> <a class="moz-txt-link-abbreviated" href="mailto:Torsten.Lodderstedt@telekom.de">Torsten.Lodderstedt@telekom.de</a>;
<a class="moz-txt-link-abbreviated" href="mailto:philippe.clement.ft@gmail.com">philippe.clement.ft@gmail.com</a><br>
<b>Subject:</b> RE: [Openid-specs-mobile-profile]
Preliminary minutes of MODRNA WG Call on August 10th
2016<o:p></o:p></span></p>
</div>
</div>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Arial",sans-serif;color:#1F497D"
lang="FR">Dear all,<o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Arial",sans-serif;color:#1F497D"
lang="FR"><o:p> </o:p></span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Arial",sans-serif;color:#1F497D"
lang="EN-US">Back from vacations today …<o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Arial",sans-serif;color:#1F497D"
lang="EN-US">James: regarding the alternative on Account
Migration, it seems to me that this has something to do with
the proposal of an alternative flow that I presented on July
26<sup>th</sup> on the list (copy below). Could you confirm
?<o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Arial",sans-serif;color:#1F497D"
lang="EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Arial",sans-serif;color:#1F497D"
lang="EN-US">Best regards,<o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Arial",sans-serif;color:#1F497D"
lang="EN-US">Philippe<o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Arial",sans-serif;color:#1F497D"
lang="EN-US"><o:p> </o:p></span></p>
<div style="border:none;border-bottom:solid windowtext
1.5pt;padding:0cm 0cm 1.0pt 0cm">
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Arial",sans-serif;color:#1F497D"
lang="EN-US"><o:p> </o:p></span></p>
</div>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Arial",sans-serif;color:#1F497D"
lang="EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Arial",sans-serif;color:#1F497D"
lang="EN-US">Prerequisite: <o:p></o:p></span></p>
<p class="MsoListParagraph"
style="text-indent:-18.0pt;mso-list:l3 level1 lfo2"><!--[if !supportLists]--><span
style="font-size:11.0pt;font-family:"Arial",sans-serif;color:#1F497D"
lang="EN-US"><span style="mso-list:Ignore">1-<span
style="font:7.0pt "Times New Roman""> </span></span></span><!--[endif]--><span
style="font-size:11.0pt;font-family:"Arial",sans-serif;color:#1F497D"
lang="EN-US">User had an account on a previous MNO (OP1)<o:p></o:p></span></p>
<p class="MsoListParagraph"
style="text-indent:-18.0pt;mso-list:l3 level1 lfo2"><!--[if !supportLists]--><span
style="font-size:11.0pt;font-family:"Arial",sans-serif;color:#1F497D"
lang="EN-US"><span style="mso-list:Ignore">2-<span
style="font:7.0pt "Times New Roman""> </span></span></span><!--[endif]--><span
style="font-size:11.0pt;font-family:"Arial",sans-serif;color:#1F497D"
lang="EN-US">User’s account on OP1 is closed<o:p></o:p></span></p>
<p class="MsoListParagraph"
style="text-indent:-18.0pt;mso-list:l3 level1 lfo2"><!--[if !supportLists]--><span
style="font-size:11.0pt;font-family:"Arial",sans-serif;color:#1F497D"
lang="EN-US"><span style="mso-list:Ignore">3-<span
style="font:7.0pt "Times New Roman""> </span></span></span><!--[endif]--><span
style="font-size:11.0pt;font-family:"Arial",sans-serif;color:#1F497D"
lang="EN-US">User has an account on a new MNO (OP2)<o:p></o:p></span></p>
<p class="MsoListParagraph"
style="text-indent:-18.0pt;mso-list:l3 level1 lfo2"><!--[if !supportLists]--><span
style="font-size:11.0pt;font-family:"Arial",sans-serif;color:#1F497D"
lang="EN-US"><span style="mso-list:Ignore">4-<span
style="font:7.0pt "Times New Roman""> </span></span></span><!--[endif]--><span
style="font-size:11.0pt;font-family:"Arial",sans-serif;color:#1F497D"
lang="EN-US">Eventually, OP1 knows that user has migrated to
OP2<o:p></o:p></span></p>
<p class="MsoListParagraph"
style="text-indent:-18.0pt;mso-list:l3 level1 lfo2"><!--[if !supportLists]--><span
style="font-size:11.0pt;font-family:"Arial",sans-serif;color:#1F497D"
lang="EN-US"><span style="mso-list:Ignore">5-<span
style="font:7.0pt "Times New Roman""> </span></span></span><!--[endif]--><span
style="font-size:11.0pt;font-family:"Arial",sans-serif;color:#1F497D"
lang="EN-US">RP knows former MNO (OP1)<o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Arial",sans-serif;color:#1F497D"
lang="EN-US">Use Case:<o:p></o:p></span></p>
<p class="MsoListParagraph"
style="text-indent:-18.0pt;mso-list:l3 level1 lfo2"><!--[if !supportLists]--><span
style="font-size:11.0pt;font-family:"Arial",sans-serif;color:#1F497D"
lang="EN-US"><span style="mso-list:Ignore">6-<span
style="font:7.0pt "Times New Roman""> </span></span></span><!--[endif]--><span
style="font-size:11.0pt;font-family:"Arial",sans-serif;color:#1F497D"
lang="EN-US">User visits his usual RP and starts
authentication to access the service<o:p></o:p></span></p>
<p class="MsoListParagraph"
style="text-indent:-18.0pt;mso-list:l3 level1 lfo2"><!--[if !supportLists]--><span
style="font-size:11.0pt;font-family:"Arial",sans-serif;color:#1F497D"
lang="EN-US"><span style="mso-list:Ignore">7-<span
style="font:7.0pt "Times New Roman""> </span></span></span><!--[endif]--><span
style="font-size:11.0pt;font-family:"Arial",sans-serif;color:#1F497D"
lang="EN-US">RP starts the OIDC flow with OP1 with usual
secured hints regarding the user<o:p></o:p></span></p>
<p class="MsoListParagraph"
style="text-indent:-18.0pt;mso-list:l3 level1 lfo2"><!--[if !supportLists]--><span
style="font-size:11.0pt;font-family:"Arial",sans-serif;color:#1F497D"
lang="EN-US"><span style="mso-list:Ignore">8-<span
style="font:7.0pt "Times New Roman""> </span></span></span><!--[endif]--><span
style="font-size:11.0pt;font-family:"Arial",sans-serif;color:#1F497D"
lang="EN-US">OP1 answer’s with an error code “account
migrated” and sends back to the RP all the necessary subject
values. If OP1 knows what OP user has migrated to, it is
inserted in the answer<o:p></o:p></span></p>
<p class="MsoListParagraph"
style="text-indent:-18.0pt;mso-list:l3 level1 lfo2"><!--[if !supportLists]--><span
style="font-size:11.0pt;font-family:"Arial",sans-serif;color:#1F497D"
lang="EN-US"><span style="mso-list:Ignore">9-<span
style="font:7.0pt "Times New Roman""> </span></span></span><!--[endif]--><span
style="font-size:11.0pt;font-family:"Arial",sans-serif;color:#1F497D"
lang="EN-US">RP interacts with the user to get his new OP
(discovery process), unless RP already knows what OP user
has migrated to.<o:p></o:p></span></p>
<p class="MsoListParagraph"
style="text-indent:-18.0pt;mso-list:l3 level1 lfo2"><!--[if !supportLists]--><span
style="font-size:11.0pt;font-family:"Arial",sans-serif;color:#1F497D"
lang="EN-US"><span style="mso-list:Ignore">10-<span
style="font:7.0pt "Times New Roman""> </span></span></span><!--[endif]--><span
style="font-size:11.0pt;font-family:"Arial",sans-serif;color:#1F497D"
lang="EN-US">RP starts the authentication process with OP2<o:p></o:p></span></p>
<p class="MsoListParagraph"
style="text-indent:-18.0pt;mso-list:l3 level1 lfo2"><!--[if !supportLists]--><span
style="font-size:11.0pt;font-family:"Arial",sans-serif;color:#1F497D"
lang="EN-US"><span style="mso-list:Ignore">11-<span
style="font:7.0pt "Times New Roman""> </span></span></span><!--[endif]--><span
style="font-size:11.0pt;font-family:"Arial",sans-serif;color:#1F497D"
lang="EN-US">According to the success of authentication on
OP2, RP migrates subject values for his RP’s account<o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Arial",sans-serif;color:#1F497D"
lang="EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Arial",sans-serif;color:#1F497D"
lang="EN-US">This Use case would take place in one shot, at
the moment where user needs to authenticate at RP to get the
service, so it would be very efficient in terms of migration<o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Arial",sans-serif;color:#1F497D"
lang="EN-US">It minimizes the situation of cascading OPs <o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Arial",sans-serif;color:#1F497D"
lang="EN-US">It avoids to install a dialog between OP1 and
OP2 and privacy concerns regarding transfer of personal
information from OP1 to OP2.<o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Arial",sans-serif;color:#1F497D"
lang="EN-US">Then it avoids some situations where user will
not start the migration process by accessing a specific
service to be developped on OP2.<o:p></o:p></span></p>
<div style="border:none;border-bottom:solid windowtext
1.5pt;padding:0cm 0cm 1.0pt 0cm">
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Arial",sans-serif;color:#1F497D"
lang="EN-US">It avoids limitations in Authorization Grant
lifetime.<o:p></o:p></span></p>
</div>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Arial",sans-serif;color:#1F497D"
lang="EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Arial",sans-serif;color:#1F497D"
lang="EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Arial",sans-serif;color:#1F497D"
lang="EN-US"><o:p> </o:p></span></p>
<div>
<div style="border:none;border-top:solid #B5C4DF
1.0pt;padding:3.0pt 0cm 0cm 0cm">
<p class="MsoNormal"><b><span
style="font-size:10.0pt;font-family:"Tahoma",sans-serif"
lang="FR">De :</span></b><span
style="font-size:10.0pt;font-family:"Tahoma",sans-serif"
lang="FR"> Openid-specs-mobile-profile [<a
moz-do-not-send="true"
href="mailto:openid-specs-mobile-profile-bounces@lists.openid.net"><a class="moz-txt-link-freetext" href="mailto:openid-specs-mobile-profile-bounces@lists.openid.net">mailto:openid-specs-mobile-profile-bounces@lists.openid.net</a></a>]
<b>De la part de</b> <a moz-do-not-send="true"
href="mailto:Torsten.Lodderstedt@telekom.de">Torsten.Lodderstedt@telekom.de</a><br>
<b>Envoyé :</b> jeudi 11 août 2016 12:16<br>
<b>À :</b> <a moz-do-not-send="true"
href="mailto:openid-specs-mobile-profile@lists.openid.net">openid-specs-mobile-profile@lists.openid.net</a><br>
<b>Objet :</b> [Openid-specs-mobile-profile] Preliminary
minutes of MODRNA WG Call on August 10th 2016<o:p></o:p></span></p>
</div>
</div>
<p class="MsoNormal"><span lang="FR"><o:p> </o:p></span></p>
<p class="MsoNormal"
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;margin-left:0cm;text-indent:-18.0pt;mso-list:l2
level1 lfo6"><!--[if !supportLists]--><span
style="font-size:10.0pt;font-family:Symbol" lang="FR"><span
style="mso-list:Ignore">·<span style="font:7.0pt
"Times New Roman""> </span></span></span><!--[endif]--><span
style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D"
lang="FR">…</span><span
style="font-size:11.0pt;font-family:"Calibri",sans-serif"
lang="FR"><o:p></o:p></span></p>
<p class="MsoNormal"
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;margin-left:0cm;text-indent:-18.0pt;mso-list:l0
level1 lfo8"><!--[if !supportLists]--><span
style="font-size:11.0pt;font-family:"Calibri",sans-serif"
lang="FR"><span style="mso-list:Ignore">2.<span
style="font:7.0pt "Times New Roman""> </span></span></span><!--[endif]--><span
style="font-size:11.0pt;font-family:"Calibri",sans-serif"
lang="FR">Account migration <o:p></o:p></span></p>
<p class="MsoNormal"
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;margin-left:0cm;text-indent:-18.0pt;mso-list:l1
level1 lfo10"><!--[if !supportLists]--><span
style="font-size:10.0pt;font-family:Symbol" lang="FR"><span
style="mso-list:Ignore">·<span style="font:7.0pt
"Times New Roman""> </span></span></span><!--[endif]--><span
style="font-size:11.0pt;font-family:"Calibri",sans-serif"
lang="FR">James Manger explained an alternative proposal for
handling of migration data. The basic idea is to instead of
transferring it via a signed JWT, the old OP exposes an
endpoint where the RP can directly call and determine
whether and where a particular account has been migrated to<o:p></o:p></span></p>
<p class="MsoNormal"
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;margin-left:0cm;text-indent:-18.0pt;mso-list:l1
level1 lfo10"><!--[if !supportLists]--><span
style="font-size:10.0pt;font-family:Symbol" lang="FR"><span
style="mso-list:Ignore">·<span style="font:7.0pt
"Times New Roman""> </span></span></span><!--[endif]--><span
style="font-size:11.0pt;font-family:"Calibri",sans-serif"
lang="FR">The RP should be able to authenticate with the old
OP since it is a RP of this OP as well (since it uses the
old OP for logins)<o:p></o:p></span></p>
<p class="MsoNormal"
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;margin-left:0cm;text-indent:-18.0pt;mso-list:l1
level1 lfo10"><!--[if !supportLists]--><span
style="font-size:10.0pt;font-family:Symbol" lang="FR"><span
style="mso-list:Ignore">·<span style="font:7.0pt
"Times New Roman""> </span></span></span><!--[endif]--><span
style="font-size:11.0pt;font-family:"Calibri",sans-serif"
lang="FR">pro: no issue regarding signing key expiration<o:p></o:p></span></p>
<p class="MsoNormal"
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;margin-left:0cm;text-indent:-18.0pt;mso-list:l1
level1 lfo10"><!--[if !supportLists]--><span
style="font-size:10.0pt;font-family:Symbol" lang="FR"><span
style="mso-list:Ignore">·<span style="font:7.0pt
"Times New Roman""> </span></span></span><!--[endif]--><span
style="font-size:11.0pt;font-family:"Calibri",sans-serif"
lang="FR">James will post a more detailed description on the
list so we can have a discussion of which way to go<o:p></o:p></span></p>
<pre><span lang="FR"><o:p> </o:p></span></pre>
</div>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
Openid-specs-mobile-profile mailing list
<a class="moz-txt-link-abbreviated" href="mailto:Openid-specs-mobile-profile@lists.openid.net">Openid-specs-mobile-profile@lists.openid.net</a>
<a class="moz-txt-link-freetext" href="http://lists.openid.net/mailman/listinfo/openid-specs-mobile-profile">http://lists.openid.net/mailman/listinfo/openid-specs-mobile-profile</a>
</pre>
</blockquote>
<br>
</body>
</html>