<html>
<head>
<meta content="text/html; charset=windows-1252"
http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<p>Hi all,</p>
<p>We are currently working on a new version taking into account
your different comments but some of them have important impacts on
what we proposed. Sorry for the delay, we'll come back to you as
soon as possible with the new amended version.</p>
<p>BR,</p>
<p>Charles.<br>
</p>
<br>
<div class="moz-cite-prefix">Le 09/09/2016 à 12:30,
<a class="moz-txt-link-abbreviated" href="mailto:Sebastian.Ebling@telekom.de">Sebastian.Ebling@telekom.de</a> a écrit :<br>
</div>
<blockquote
cite="mid:bddb4fa6c79945e3821af74d4ea8f5e0@HE105715.emea1.cds.t-internal.com"
type="cite">
<meta http-equiv="Content-Type" content="text/html;
charset=windows-1252">
<meta name="Generator" content="Microsoft Word 12 (filtered
medium)">
<style><!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Tahoma;
panose-1:2 11 6 4 3 5 4 4 2 4;}
@font-face
{font-family:Consolas;
panose-1:2 11 6 9 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0cm;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Times New Roman","serif";}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
pre
{mso-style-priority:99;
mso-style-link:"HTML Vorformatiert Zchn";
margin:0cm;
margin-bottom:.0001pt;
font-size:10.0pt;
font-family:"Courier New";}
tt
{mso-style-priority:99;
font-family:"Courier New";}
p.MsoAcetate, li.MsoAcetate, div.MsoAcetate
{mso-style-priority:99;
mso-style-link:"Sprechblasentext Zchn";
margin:0cm;
margin-bottom:.0001pt;
font-size:8.0pt;
font-family:"Tahoma","sans-serif";}
p.MsoListParagraph, li.MsoListParagraph, div.MsoListParagraph
{mso-style-priority:34;
margin-top:0cm;
margin-right:0cm;
margin-bottom:0cm;
margin-left:36.0pt;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Times New Roman","serif";}
span.HTMLVorformatiertZchn
{mso-style-name:"HTML Vorformatiert Zchn";
mso-style-priority:99;
mso-style-link:"HTML Vorformatiert";
font-family:Consolas;}
span.SprechblasentextZchn
{mso-style-name:"Sprechblasentext Zchn";
mso-style-priority:99;
mso-style-link:Sprechblasentext;
font-family:"Tahoma","sans-serif";}
span.E-MailFormatvorlage22
{mso-style-type:personal;
font-family:"Calibri","sans-serif";
color:#1F497D;}
span.E-MailFormatvorlage23
{mso-style-type:personal-reply;
font-family:"Calibri","sans-serif";
color:#1F497D;}
span.apple-converted-space
{mso-style-name:apple-converted-space;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page WordSection1
{size:612.0pt 792.0pt;
margin:70.85pt 70.85pt 2.0cm 70.85pt;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
<div class="WordSection1">
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">Hi
all,<o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"
lang="EN-US">I also do not understand why there must be this
super generic Questioning Object.<o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"
lang="EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"
lang="EN-US">Besides that, I also found some small things
while reading:<o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"
lang="EN-US">Chapter 1.4 point 1: Two fullstops after the
first sentence. I would also write “Do you allow payment of
x Euros to party y?” (y instead of x)<o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"
lang="EN-US">Chapter 1.4 point 4: Replace “plateform” with
“platform”<o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"
lang="EN-US">Chapter 2: Missing fullstop after bracket in
description.<o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"
lang="EN-US">Chapter 2.3: I suggest
“VERIFICATION_CODE_REQUIRED” instead of
“VERIFICATION_CODE_NEEDED”. Just for consistence to terms
like login_required or interaction_required out of the
OpenID spec. Btw: why are the status values uppercase?<o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"
lang="EN-US">Chapter 2.4: The abbreviation PCR is not
explained in the whole document?<o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"
lang="EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"
lang="EN-US">Best regards<o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"
lang="EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"
lang="EN-US">Sebastian<o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"
lang="EN-US"><o:p> </o:p></span></p>
<div>
<div style="border:none;border-top:solid #B5C4DF
1.0pt;padding:3.0pt 0cm 0cm 0cm">
<p class="MsoNormal"><b><span
style="font-size:10.0pt;font-family:"Tahoma","sans-serif"">Von:</span></b><span
style="font-size:10.0pt;font-family:"Tahoma","sans-serif"">
Openid-specs-mobile-profile
[<a class="moz-txt-link-freetext" href="mailto:openid-specs-mobile-profile-bounces@lists.openid.net">mailto:openid-specs-mobile-profile-bounces@lists.openid.net</a>]
<b>Im Auftrag von </b>Lodderstedt, Torsten<br>
<b>Gesendet:</b> Mittwoch, 7. September 2016 17:51<br>
<b>An:</b> <a class="moz-txt-link-abbreviated" href="mailto:openid-specs-mobile-profile@lists.openid.net">openid-specs-mobile-profile@lists.openid.net</a><br>
<b>Cc:</b> <a class="moz-txt-link-abbreviated" href="mailto:philippe.clement.ft@gmail.com">philippe.clement.ft@gmail.com</a><br>
<b>Betreff:</b> Re: [Openid-specs-mobile-profile] Fwd:
[User Questioning (a.k.a Transaction Authorization)]
First draft<o:p></o:p></span></p>
</div>
</div>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">Hi
all,<o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"
lang="EN-US">thank you for producing this first draft for
user questioning (formerly known as transaction
authorization).<o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"
lang="EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"
lang="EN-US">Here are some comments:<o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"
lang="EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"
lang="EN-US">Verification code: the document defines three
different flows how a client can obtain the user’s answer.
What is the use case for the “terminated by client” flow?
From the discussion in our WG call I understood you want to
support SMS-based OTP mechanisms for getting the user’s
answer. I personally think this does not require user to
(somehow) give the code to the client which in turn uses it
as a credential to obtain the answer from the user
questioning endpoint. Integration of SMS could be achieved
(encapsulated within the OP) by adding a confirmation URL to
the SMS pointing to a suitable (internal) endpoint at the
OP. This way even SMS can be used in conjunction with the
other modes.<o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"
lang="EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"
lang="EN-US">User Questioning Object: What is the benefit of
using always the same object type in all requests and
responses from/to the user questioning API? I think ordinary
request/response parameters would do the job. For example,
why do I need to respond to the client user id and type
given I sent this data to the OP in the request?<o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"
lang="EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"
lang="EN-US">best regards,<o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"
lang="EN-US">Torsten.<o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"
lang="EN-US"><o:p> </o:p></span></p>
<div style="border:none;border-left:solid blue 1.5pt;padding:0cm
0cm 0cm 4.0pt">
<div>
<div style="border:none;border-top:solid #B5C4DF
1.0pt;padding:3.0pt 0cm 0cm 0cm">
<p class="MsoNormal"><b><span
style="font-size:10.0pt;font-family:"Tahoma","sans-serif"">Von:</span></b><span
style="font-size:10.0pt;font-family:"Tahoma","sans-serif"">
Openid-specs-mobile-profile [</span><span
style="font-size:10.0pt;font-family:"Tahoma","sans-serif""
lang="EN-US"><a moz-do-not-send="true"
href="mailto:openid-specs-mobile-profile-bounces@lists.openid.net"><span
lang="DE">mailto:openid-specs-mobile-profile-bounces@lists.openid.net</span></a></span><span
style="font-size:10.0pt;font-family:"Tahoma","sans-serif"">]
<b>Im Auftrag von </b>Philippe Clément<br>
<b>Gesendet:</b> Donnerstag, 1. </span><span
style="font-size:10.0pt;font-family:"Tahoma","sans-serif""
lang="EN-US">September 2016 14:45<br>
<b>An:</b> </span><span
style="font-size:10.0pt;font-family:"Tahoma","sans-serif""><a
moz-do-not-send="true"
href="mailto:openid-specs-mobile-profile@lists.openid.net"><span
lang="EN-US">openid-specs-mobile-profile@lists.openid.net</span></a></span><span
style="font-size:10.0pt;font-family:"Tahoma","sans-serif""
lang="EN-US"><br>
<b>Betreff:</b> [Openid-specs-mobile-profile] Fwd:
[User Questioning (a.k.a Transaction Authorization)]
First draft<o:p></o:p></span></p>
</div>
</div>
<p class="MsoNormal"><span lang="EN-US"><o:p> </o:p></span></p>
<div>
<p class="MsoNormal">Dear all, <o:p></o:p></p>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
<div>
<p class="MsoNormal">please find below the first draft
of Orange participation in the User Questionning API
(aka transaction authorization). Do not hesitate to
feedback Nicolas or Charles on the list<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<div>
<p class="MsoNormal">regards,<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal">Philippe<o:p></o:p></p>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
<div>
<p class="MsoNormal" style="margin-bottom:12.0pt">----------
Forwarded message ----------<br>
From: <<a moz-do-not-send="true"
href="mailto:philippe.clement@orange.com">philippe.clement@orange.com</a>><br>
Date: 2016-09-01 14:40 GMT+02:00<br>
Subject: TR: [User Questioning (a.k.a Transaction
Authorization)] First draft<br>
To: Openid-specs-mobile-profile <<a
moz-do-not-send="true"
href="mailto:openid-specs-mobile-profile@lists.openid.net">openid-specs-mobile-profile@lists.openid.net</a>><br>
Cc: "<a moz-do-not-send="true"
href="mailto:philippe.clement.ft@gmail.com">philippe.clement.ft@gmail.com</a>"
<<a moz-do-not-send="true"
href="mailto:philippe.clement.ft@gmail.com">philippe.clement.ft@gmail.com</a>><br>
<br>
<o:p></o:p></p>
<div>
<div>
<p class="MsoNormal"
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span
style="font-family:"Arial","sans-serif";color:#1F497D"
lang="FR"> </span><span lang="FR"><o:p></o:p></span></p>
<p class="MsoNormal"
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span
style="font-family:"Arial","sans-serif";color:#1F497D"
lang="FR"> </span><span lang="FR"><o:p></o:p></span></p>
<div>
<div style="border:none;border-top:solid
#B5C4DF 1.0pt;padding:3.0pt 0cm 0cm 0cm">
<p class="MsoNormal"
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><b><span
style="font-size:10.0pt;font-family:"Tahoma","sans-serif""
lang="FR">De :</span></b><span
style="font-size:10.0pt;font-family:"Tahoma","sans-serif""
lang="FR"> AILLERY Nicolas IMT/OLPS <br>
<b>Envoyé :</b> mercredi 31 août 2016
11:35<br>
<b>À :</b> <a moz-do-not-send="true"
href="mailto:openid-specs-mobile-profile@lists.openid.net"
target="_blank">
openid-specs-mobile-profile@lists.openid.net</a><br>
<b>Cc :</b> John Bradley; <a
moz-do-not-send="true"
href="mailto:Torsten.Lodderstedt@telekom.de"
target="_blank">
Torsten.Lodderstedt@telekom.de</a>;
CLEMENT Philippe IMT TECHNO; VASSELET
Mickaël IMT/OLN; MARAIS Charles IMT/OLPS<br>
<b>Objet :</b> [User Questioning (a.k.a
Transaction Authorization)] First draft</span><span
lang="FR"><o:p></o:p></span></p>
</div>
</div>
<p class="MsoNormal"
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span
lang="FR"> <o:p></o:p></span></p>
<p class="MsoNormal"
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span
lang="FR">Hi all,<o:p></o:p></span></p>
<p class="MsoNormal"
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span
lang="FR"> <o:p></o:p></span></p>
<p class="MsoNormal"
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span
lang="EN-US"> Please find in attachment a
first draft for the API enabling transaction
authorization.</span><span lang="FR"><o:p></o:p></span></p>
<p class="MsoNormal"
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span
lang="EN-US"> We chose to name this API
‘User Questioning’ to avoid possible
misunderstanding with ‘oauth authorization’.</span><span
lang="FR"><o:p></o:p></span></p>
<p class="MsoNormal"
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span
lang="EN-US"> </span><span lang="FR"><o:p></o:p></span></p>
<p class="MsoNormal"
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span
lang="FR">Best regards,<o:p></o:p></span></p>
<p class="MsoNormal"
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span
lang="FR"> <o:p></o:p></span></p>
<p class="MsoNormal"
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span
lang="FR">Nicolas<o:p></o:p></span></p>
</div>
<pre><span lang="FR">_________________________________________________________________________________________________________________________<o:p></o:p></span></pre>
<pre><span lang="FR"><o:p> </o:p></span></pre>
<pre><span lang="FR">Ce message et ses pieces jointes peuvent contenir des informations confidentielles ou privilegiees et ne doivent donc<o:p></o:p></span></pre>
<pre><span lang="FR">pas etre diffuses, exploites ou copies sans autorisation. Si vous avez recu ce message par erreur, veuillez le signaler<o:p></o:p></span></pre>
<pre><span lang="FR">a l'expediteur et le detruire ainsi que les pieces jointes. Les messages electroniques etant susceptibles d'alteration,<o:p></o:p></span></pre>
<pre><span lang="FR">Orange decline toute responsabilite si ce message a ete altere, deforme ou falsifie. Merci.<o:p></o:p></span></pre>
<pre><span lang="FR"><o:p> </o:p></span></pre>
<pre><span lang="FR">This message and its attachments may contain confidential or privileged information that may be protected by law;<o:p></o:p></span></pre>
<pre><span lang="FR">they should not be distributed, used or copied without authorisation.<o:p></o:p></span></pre>
<pre><span lang="FR">If you have received this email in error, please notify the sender and delete this message and its attachments.<o:p></o:p></span></pre>
<pre><span lang="FR">As emails may be altered, Orange is not liable for messages that have been modified, changed or falsified.<o:p></o:p></span></pre>
<pre><span lang="FR">Thank you.<o:p></o:p></span></pre>
</div>
</div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
</div>
</div>
</div>
</div>
</div>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
Openid-specs-mobile-profile mailing list
<a class="moz-txt-link-abbreviated" href="mailto:Openid-specs-mobile-profile@lists.openid.net">Openid-specs-mobile-profile@lists.openid.net</a>
<a class="moz-txt-link-freetext" href="http://lists.openid.net/mailman/listinfo/openid-specs-mobile-profile">http://lists.openid.net/mailman/listinfo/openid-specs-mobile-profile</a>
</pre>
</blockquote>
<br>
<div class="moz-signature">-- <br>
<font face="TIMES"><font size="2">
<img src="cid:part9.71828C58.1C445543@orange.com" <br="">
<font color="BLACK">
<br>
<b> MARAIS Charles </b><br>
<b> Orange Labs Lannion</b></font><br>
Tel : +33 (0)2 96 07 24 18 <br>
<a href="mailto:charles.marais@orange.com">charles.marais@orange.com</a><br>
Orange Labs Lannion <br>
2, avenue Pierre Marzin <br>
22307 LANNION Cedex - France
<br>
<br>
<br>
</font></font></div>
<PRE>_________________________________________________________________________________________________________________________
Ce message et ses pieces jointes peuvent contenir des informations confidentielles ou privilegiees et ne doivent donc
pas etre diffuses, exploites ou copies sans autorisation. Si vous avez recu ce message par erreur, veuillez le signaler
a l'expediteur et le detruire ainsi que les pieces jointes. Les messages electroniques etant susceptibles d'alteration,
Orange decline toute responsabilite si ce message a ete altere, deforme ou falsifie. Merci.
This message and its attachments may contain confidential or privileged information that may be protected by law;
they should not be distributed, used or copied without authorisation.
If you have received this email in error, please notify the sender and delete this message and its attachments.
As emails may be altered, Orange is not liable for messages that have been modified, changed or falsified.
Thank you.
</PRE></body>
</html>