<html><head><meta http-equiv="content-type" content="text/html; charset=utf-8"></head><body dir="auto"><div>Right. </div><div id="AppleMailSignature"><br></div><div id="AppleMailSignature">But it can also be expressed as the issuer is not interested in events on subject x. The expectation is that the receiver than decides to remove the subject from the reciprocating feed. However it is not a command. </div><div id="AppleMailSignature"><br></div><div id="AppleMailSignature">It is the same subtle difference that the logout spec has. It is saying "this service provider has canceled sid y for subject x". The expectation is that the receiver cancels their local session z.<br><br>Phil</div><div><br>On Mar 1, 2017, at 7:32 PM, Hardt, Dick <<a href="mailto:dick@amazon.com">dick@amazon.com</a>> wrote:<br><br></div><blockquote type="cite"><div>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<meta name="Title" content="">
<meta name="Keywords" content="">
<meta name="Generator" content="Microsoft Word 15 (filtered medium)">
<style><!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Times New Roman";}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
span.hoenzb
{mso-style-name:hoenzb;}
span.EmailStyle18
{mso-style-type:personal;
font-family:Calibri;
color:windowtext;}
span.EmailStyle19
{mso-style-type:personal-reply;
font-family:Calibri;
color:windowtext;}
span.msoIns
{mso-style-type:export-only;
mso-style-name:"";
text-decoration:underline;
color:teal;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
--></style>
<div class="WordSection1">
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:Calibri">If Amazon says it no longer wants any events from oracle on subject X, that is clearly a command.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:Calibri"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:Calibri">/Dick<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:Calibri"><o:p> </o:p></span></p>
<div>
<div>
<p class="MsoNormal" style="margin-left:.5in">On 3/1/17, 7:06 PM, someone claiming to be "Phil Hunt (IDM)" <<a href="mailto:phil.hunt@oracle.com">phil.hunt@oracle.com</a>> wrote:<o:p></o:p></p>
</div>
</div>
<div>
<p class="MsoNormal" style="margin-left:.5in"><o:p> </o:p></p>
</div>
<div>
<p class="MsoNormal" style="margin-left:.5in">Depends on what you are expressing. If you are saying amazon has an interest in subject x, it is an event compatible with data plane. <o:p></o:p></p>
</div>
<div id="AppleMailSignature">
<p class="MsoNormal" style="margin-left:.5in"><o:p> </o:p></p>
</div>
<div id="AppleMailSignature">
<p class="MsoNormal" style="margin-left:.5in">If you are saying amazon wants oracle to deliver events on subject x, that is a command and must be part of control. <o:p></o:p></p>
</div>
<div id="AppleMailSignature">
<p class="MsoNormal" style="margin-left:.5in"><o:p> </o:p></p>
</div>
<div id="AppleMailSignature">
<p class="MsoNormal" style="margin-left:.5in">The problem is that no party should be forced to disclosed events because a third party says so. They must get consent from their subject. We should get legal to confirm this. <o:p></o:p></p>
</div>
<div id="AppleMailSignature">
<p class="MsoNormal" style="margin-left:.5in"><o:p> </o:p></p>
</div>
<div id="AppleMailSignature">
<p class="MsoNormal" style="margin-left:.5in">My thought is that the event causes the receiver to subsequently confirm with the user for permission. <br>
<br>
Phil<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal" style="mso-margin-top-alt:0in;margin-right:0in;margin-bottom:12.0pt;margin-left:.5in">
<br>
On Mar 1, 2017, at 4:46 PM, Hardt, Dick <<a href="mailto:dick@amazon.com">dick@amazon.com</a>> wrote:<o:p></o:p></p>
</div>
<blockquote style="margin-top:5.0pt;margin-bottom:5.0pt">
<div>
<p class="MsoNormal" style="margin-left:.5in"><span style="font-size:11.0pt;font-family:Calibri">Mixing control plane and data plane is very concerning to me.</span><o:p></o:p></p>
<p class="MsoNormal" style="margin-left:.5in"><span style="font-size:11.0pt;font-family:Calibri"> </span><o:p></o:p></p>
<p class="MsoNormal" style="margin-left:.5in"><span style="font-size:11.0pt;font-family:Calibri">That is considered an anti-pattern in AWS. It complicates development, security and operations.</span><o:p></o:p></p>
<p class="MsoNormal" style="margin-left:.5in"><span style="font-size:11.0pt;font-family:Calibri"> </span><o:p></o:p></p>
<p class="MsoNormal" style="margin-left:.5in"><span style="font-size:11.0pt;font-family:Calibri">/Dick</span><o:p></o:p></p>
<p class="MsoNormal" style="margin-left:.5in"><span style="font-size:11.0pt;font-family:Calibri"> </span><o:p></o:p></p>
<div>
<div>
<p class="MsoNormal" style="margin-left:1.0in">On 2/28/17, 10:24 PM, someone claiming to be "Adam Dawes" <<a href="mailto:adawes@google.com">adawes@google.com</a>> wrote:<o:p></o:p></p>
</div>
</div>
<div>
<p class="MsoNormal" style="margin-left:1.0in"> <o:p></o:p></p>
</div>
<div>
<p class="MsoNormal" style="margin-left:1.0in">Thanks for bringing this up Dick. I think you're worried about, when
<a href="mailto:alice@gmail.com">alice@gmail.com</a> signs up for an account at Amazon, how would Amazon register to get events from Google. I think we can deal with this if Amazon sends a SET token to google with an "account created" event which would then
create a registration at google for Amazon to receive events about alice@. <o:p>
</o:p></p>
<div>
<p class="MsoNormal" style="margin-left:1.0in"> <o:p></o:p></p>
</div>
<div>
<p class="MsoNormal" style="margin-left:1.0in">I think it is totally reasonable to think of account creation as a notifiable event. And in typical RISC fashion, it is up to the recipient to do what it will with the events. From Google's perspective, we would
white list a set of partners where we have contracts to enable implicit registration. I think we should work out some response codes to make it clear to the sender whether the registration succeeded.<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal" style="margin-left:1.0in"> <o:p></o:p></p>
</div>
<div>
<p class="MsoNormal" style="margin-left:1.0in">We didn't talk a lot about this in the F2F but is an idea that I had in my deck and I think it came up in Phil and my conversation last week. Phil, does the above give you any concerns? <o:p></o:p></p>
</div>
</div>
<div>
<p class="MsoNormal" style="margin-left:1.0in"> <o:p></o:p></p>
<div>
<p class="MsoNormal" style="margin-left:1.0in">On Tue, Feb 28, 2017 at 9:12 AM, Phil Hunt (IDM) <<a href="mailto:phil.hunt@oracle.com" target="_blank">phil.hunt@oracle.com</a>> wrote:<o:p></o:p></p>
<blockquote style="border:none;border-left:solid #CCCCCC 1.0pt;padding:0in 0in 0in 6.0pt;margin-left:4.8pt;margin-top:5.0pt;margin-right:0in;margin-bottom:5.0pt">
<div>
<div>
<p class="MsoNormal" style="margin-left:1.0in">RISC use case is typically bi-directional so events can be used. It also works better because usually a receiver may add only or drop only depending on implicit or explicit federation. <o:p></o:p></p>
</div>
<div id="m_8417452791228652780AppleMailSignature">
<p class="MsoNormal" style="margin-left:1.0in"> <o:p></o:p></p>
</div>
<div id="m_8417452791228652780AppleMailSignature">
<p class="MsoNormal" style="margin-left:1.0in">Adam argued for all other update items to be done OOB. <o:p></o:p></p>
</div>
<div id="m_8417452791228652780AppleMailSignature">
<p class="MsoNormal" style="margin-left:1.0in"> <o:p></o:p></p>
</div>
<div id="m_8417452791228652780AppleMailSignature">
<p class="MsoNormal" style="margin-left:1.0in">That just left error signalling for the receiver to find out why events were not coming. <o:p></o:p></p>
</div>
<div id="m_8417452791228652780AppleMailSignature">
<p class="MsoNormal" style="margin-left:1.0in"> <o:p></o:p></p>
</div>
<div id="m_8417452791228652780AppleMailSignature">
<p class="MsoNormal" style="margin-left:1.0in">We left it that scim can be quickly added for those that want full automated CRUD (oracle does). Buy it would not be required in core. <span style="color:#888888"><br>
<br>
<span class="hoenzb">Phil</span></span><o:p></o:p></p>
</div>
<div>
<div>
<div>
<p class="MsoNormal" style="mso-margin-top-alt:0in;margin-right:0in;margin-bottom:12.0pt;margin-left:1.0in">
<br>
On Feb 28, 2017, at 8:32 AM, Hardt, Dick <<a href="mailto:dick@amazon.com" target="_blank">dick@amazon.com</a>> wrote:<o:p></o:p></p>
</div>
<blockquote style="margin-top:5.0pt;margin-bottom:5.0pt">
<div>
<div>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;margin-left:1.0in">
<span style="font-size:11.0pt;font-family:Calibri">Perhaps I am missing it, but I don’t see a mechanism for the receiver to add / delete which subjects the receiver is interested in. Is this not included, or am I misunderstanding what is below?
</span><o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;margin-left:1.0in">
<span style="font-size:11.0pt;font-family:Calibri"> </span><o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;margin-left:1.0in">
<span style="font-size:11.0pt;font-family:Calibri">Or is that out of scope? If so, that seems odd as there is a control plane API in (3)</span><o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;margin-left:1.0in">
<span style="font-size:11.0pt;font-family:Calibri"> </span><o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;margin-left:1.0in">
<span style="font-size:11.0pt;font-family:Calibri">/Dick</span><o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;margin-left:1.0in">
<span style="font-size:11.0pt;font-family:Calibri"> </span><o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;margin-left:1.0in">
<span style="font-size:11.0pt;font-family:Calibri"> </span><o:p></o:p></p>
<div>
<div>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;margin-left:1.5in">
On 2/28/17, 12:53 AM, someone claiming to be "Openid-specs-risc on behalf of Adam Dawes" <<a href="mailto:openid-specs-risc-bounces@lists.openid.net" target="_blank">openid-specs-risc-bounces@lists.openid.net</a> on behalf of
<a href="mailto:adawes@google.com" target="_blank">adawes@google.com</a>> wrote:<o:p></o:p></p>
</div>
</div>
<div>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;margin-left:1.5in">
<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;margin-left:1.5in">
I think this is great Phil. Thanks again for the detailed conversation where we were able to arrive at this.<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;margin-left:1.5in">
<o:p></o:p></p>
<div>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;margin-left:1.5in">
On Mon, Feb 27, 2017 at 1:35 PM, Phil Hunt <<a href="mailto:phil.hunt@oracle.com" target="_blank">phil.hunt@oracle.com</a>> wrote:<o:p></o:p></p>
<blockquote style="border:none;border-left:solid #CCCCCC 1.0pt;padding:0in 0in 0in 6.0pt;margin-left:4.8pt;margin-top:5.0pt;margin-right:0in;margin-bottom:5.0pt">
<div>
<div>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;margin-left:1.5in">
Please confirm if you agree with the following:<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;margin-left:1.5in">
<o:p></o:p></p>
</div>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;margin-left:1.5in">
I had previously promised to break up the distribution draft into components. I ran into some difficulty as to how subscribers (receivers) of events find out if the publisher is having problems delivering events.
<o:p></o:p></p>
<div>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;margin-left:1.5in">
<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;margin-left:1.5in">
After some discussion with the RISC WG folks and Adam Dawes, I would like to propose that I break out a SET Transmission draft that includes the following:<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;margin-left:1.5in">
<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;margin-left:1.5in">
1. Basic HTTPS POST profile to a specified endpoint. It is up to the receiver to provide fault tolerance and high-availability that meets its own delivery assurance requirements.<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;margin-left:1.5in">
2. A set of metadata that describes the endpoints, the encryption methods (eg. keys for signing and encrypting JWTs) etc.<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;margin-left:1.5in">
3. A simple control plane API that allows a subscriber (receiver) to perform an HTTPS GET to obtain the current configuration and subscription (stream) status. While compatible with SCIM, it will NOT require SCIM to be implemented. <o:p></o:p></p>
</div>
<div>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;margin-left:1.5in">
4. Configuration of subscriptions (streams) is done through out-of-scope administrative processes offered by event publishers.<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;margin-left:1.5in">
5. In the initial profile, subscribers will not be able to “pause” streams automatically unless offered through the administrative interface of the publisher.<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;margin-left:1.5in">
<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;margin-left:1.5in">
If people have a need for automated management, the basic idea is that you implement the POST and PATCH methods of SCIM and you are good to go. We don’t need to spend a lot of time on it as there is nothing special to do once the metadata for streams is defined.<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;margin-left:1.5in">
<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;margin-left:1.5in">
Does this work for everyone?<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;margin-left:1.5in">
<o:p></o:p></p>
</div>
<div>
<div>
<div>
<div>
<div>
<div>
<div>
<div>
<div>
<div>
<div>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;margin-left:1.5in">
<span style="color:black">Phil</span><o:p></o:p></p>
</div>
<div>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;margin-left:1.5in">
<span style="color:black"> </span><o:p></o:p></p>
</div>
<div>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;margin-left:1.5in">
<span style="color:black">Oracle Corporation, Identity Cloud Services & Identity Standards</span><o:p></o:p></p>
</div>
<div>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;margin-left:1.5in">
<span style="color:black">@independentid</span><o:p></o:p></p>
</div>
<div>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;margin-left:1.5in">
<span style="color:black"><a href="http://www.independentid.com" target="_blank">www.independentid.com</a></span><o:p></o:p></p>
</div>
</div>
</div>
</div>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;margin-left:1.5in">
<span style="color:black"><a href="mailto:phil.hunt@oracle.com" target="_blank">phil.hunt@oracle.com</a></span><o:p></o:p></p>
</div>
<div>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;margin-left:1.5in">
<span style="color:black"> </span><o:p></o:p></p>
</div>
</div>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;margin-left:1.5in">
<span style="color:black"> </span><o:p></o:p></p>
</div>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;margin-left:1.5in">
<span style="color:black"> </span><o:p></o:p></p>
</div>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;margin-left:1.5in">
<span style="color:black"> </span><o:p></o:p></p>
</div>
<p class="MsoNormal" style="mso-margin-top-alt:auto;margin-bottom:12.0pt;margin-left:1.5in">
<o:p></o:p></p>
</div>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;margin-left:1.5in">
<o:p></o:p></p>
</div>
</div>
<p class="MsoNormal" style="mso-margin-top-alt:auto;margin-bottom:12.0pt;margin-left:1.5in">
<br>
_______________________________________________<br>
Id-event mailing list<br>
<a href="mailto:Id-event@ietf.org" target="_blank">Id-event@ietf.org</a><br>
<a href="https://www.ietf.org/mailman/listinfo/id-event" target="_blank">https://www.ietf.org/mailman/listinfo/id-event</a><o:p></o:p></p>
</blockquote>
</div>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;margin-left:1.5in">
<br>
<br clear="all">
<o:p></o:p></p>
<div>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;margin-left:1.5in">
<o:p></o:p></p>
</div>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;margin-left:1.5in">
-- <o:p></o:p></p>
<div>
<div>
<div style="margin-top:7.5pt">
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;margin-left:1.5in;line-height:18.0pt">
<span style="font-family:Helvetica;color:#555555;border:solid #D50F25 1.5pt;padding:2.0pt">Adam Dawes |</span><span style="font-family:Helvetica;color:#555555;border:solid #3369E8 1.5pt;padding:2.0pt"> Sr. Product Manager |</span><span style="font-family:Helvetica;color:#555555;border:solid #009939 1.5pt;padding:2.0pt"> <a href="mailto:adawes@google.com" target="_blank">adawes@google.com</a> |</span><span style="font-family:Helvetica;color:#555555;border:solid #EEB211 1.5pt;padding:2.0pt"> +1
<a href="tel:(650)%20214-2410" target="_blank">650-214-2410</a></span><o:p></o:p></p>
</div>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;margin-left:1.5in">
<o:p></o:p></p>
</div>
</div>
</div>
</div>
</div>
</blockquote>
</div>
</div>
</div>
</blockquote>
</div>
<p class="MsoNormal" style="margin-left:1.0in"><br>
<br clear="all">
<o:p></o:p></p>
<div>
<p class="MsoNormal" style="margin-left:1.0in"> <o:p></o:p></p>
</div>
<p class="MsoNormal" style="margin-left:1.0in">-- <o:p></o:p></p>
<div>
<div>
<div style="margin-top:7.5pt">
<p class="MsoNormal" style="margin-left:1.0in;line-height:18.0pt"><span style="font-family:Helvetica;color:#555555;border:solid #D50F25 1.5pt;padding:2.0pt">Adam Dawes |</span><span style="font-family:Helvetica;color:#555555;border:solid #3369E8 1.5pt;padding:2.0pt"> Sr.
Product Manager |</span><span style="font-family:Helvetica;color:#555555;border:solid #009939 1.5pt;padding:2.0pt"> <a href="mailto:adawes@google.com" target="_blank">adawes@google.com</a> |</span><span style="font-family:Helvetica;color:#555555;border:solid #EEB211 1.5pt;padding:2.0pt"> +1
650-214-2410</span><o:p></o:p></p>
</div>
<p class="MsoNormal" style="margin-left:1.0in"> <o:p></o:p></p>
</div>
</div>
</div>
</div>
</blockquote>
</div>
</div></blockquote><blockquote type="cite"><div><span>_______________________________________________</span><br><span>Id-event mailing list</span><br><span><a href="mailto:Id-event@ietf.org">Id-event@ietf.org</a></span><br><span><a href="https://www.ietf.org/mailman/listinfo/id-event">https://www.ietf.org/mailman/listinfo/id-event</a></span><br></div></blockquote></body></html>