<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<meta name="Generator" content="Microsoft Word 15 (filtered medium)">
<style><!--
/* Font Definitions */
@font-face
{font-family:Helvetica;
panose-1:2 11 6 4 2 2 2 2 2 4;}
@font-face
{font-family:"MS Gothic";
panose-1:2 11 6 9 7 2 5 8 2 4;}
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:"\@MS Gothic";
panose-1:2 11 6 9 7 2 5 8 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri",sans-serif;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
p.msonormal0, li.msonormal0, div.msonormal0
{mso-style-name:msonormal;
mso-margin-top-alt:auto;
margin-right:0in;
mso-margin-bottom-alt:auto;
margin-left:0in;
font-size:11.0pt;
font-family:"Calibri",sans-serif;}
span.apple-style-span
{mso-style-name:apple-style-span;}
span.apple-converted-space
{mso-style-name:apple-converted-space;}
span.EmailStyle20
{mso-style-type:personal-reply;
font-family:"Calibri",sans-serif;
color:#002060;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang="EN-US" link="blue" vlink="purple">
<div class="WordSection1">
<p class="MsoNormal"><span style="color:#002060">If you’re going to go with 3, at least use a claim name that’s specific to the task at hand – not a very generic one like “target” that would likely have other more general-purpose uses. I’d suggest a claim
name such as “risc_subject” for the data structure that you would define.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#002060"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="color:#002060"> -- Mike<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#002060"><o:p> </o:p></span></p>
<div>
<div style="border:none;border-top:solid #E1E1E1 1.0pt;padding:3.0pt 0in 0in 0in">
<p class="MsoNormal"><b>From:</b> Phil Hunt [mailto:phil.hunt@oracle.com] <br>
<b>Sent:</b> Thursday, August 3, 2017 10:55 AM<br>
<b>To:</b> Mike Jones <Michael.Jones@microsoft.com><br>
<b>Cc:</b> Nat Sakimura <sakimura@gmail.com>; Marius Scurtescu <mscurtescu@google.com>; openid-specs-risc@lists.openid.net<br>
<b>Subject:</b> Re: [Openid-specs-risc] issuer conflict<o:p></o:p></p>
</div>
</div>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">Mike/Nat<o:p></o:p></p>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<div>
<p class="MsoNormal">Option 2 is only simple if your world is exclusively connect and events only come from IDPs.<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<div>
<p class="MsoNormal">When you look at the broader cases, you can’t stop parsing just because you found a “sub” and “iss” at the top level. In the future parsers will have to check to see if “iss” is present in the event payload in order to infer the correct
interpretation. If they fail to check for an embedded “iss” they could end up making assumptions about the wrong subject.<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<div>
<p class="MsoNormal">This seems *very* complex in the sense that there are lots of unanticipated mistakes and assumptions that could be erroneously made in practice.<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<div>
<p class="MsoNormal">I *still* would like to see some consistency. I like #3 because it affords flexibility between event types. It would still allow “iss” and “sub” to be used within the nested object.<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
<div>
<div>
<div>
<div>
<div>
<div>
<div>
<div>
<div>
<div>
<div>
<div>
<div>
<div>
<div>
<div>
<div>
<div>
<p class="MsoNormal"><span style="color:black">Phil<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="color:black"><o:p> </o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="color:black">Oracle Corporation, Identity Cloud Services Architect & Standards<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="color:black">@independentid<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="color:black"><a href="http://www.independentid.com">www.independentid.com</a><o:p></o:p></span></p>
</div>
</div>
</div>
</div>
<p class="MsoNormal"><span style="color:black"><a href="mailto:phil.hunt@oracle.com">phil.hunt@oracle.com</a><o:p></o:p></span></p>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
<p class="MsoNormal"><o:p> </o:p></p>
<div>
<blockquote style="margin-top:5.0pt;margin-bottom:5.0pt">
<div>
<p class="MsoNormal">On Aug 3, 2017, at 10:41 AM, Mike Jones <<a href="mailto:Michael.Jones@microsoft.com">Michael.Jones@microsoft.com</a>> wrote:<o:p></o:p></p>
</div>
<p class="MsoNormal"><o:p> </o:p></p>
<div>
<div>
<p class="MsoNormal"><span style="color:#002060">I agree with Nat here. This seems like the simplest solution.</span><o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><span style="color:#002060"> </span><o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><span style="color:#002060"> -- Mike</span><o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><a name="_MailEndCompose"><span style="color:#002060"> </span></a><span style="mso-bookmark:_MailEndCompose"></span><o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><b>From:</b><span class="apple-converted-space"> </span>Openid-specs-risc [<a href="mailto:openid-specs-risc-bounces@lists.openid.net"><span style="color:purple">mailto:openid-specs-risc-bounces@lists.openid.net</span></a>]<span class="apple-converted-space"> </span><b>On
Behalf Of<span class="apple-converted-space"> </span></b>Nat Sakimura<br>
<b>Sent:</b><span class="apple-converted-space"> </span>Thursday, August 3, 2017 1:53 AM<br>
<b>To:</b><span class="apple-converted-space"> </span>Marius Scurtescu <<a href="mailto:mscurtescu@google.com"><span style="color:purple">mscurtescu@google.com</span></a>>;<span class="apple-converted-space"> </span><a href="mailto:openid-specs-risc@lists.openid.net"><span style="color:purple">openid-specs-risc@lists.openid.net</span></a><br>
<b>Subject:</b><span class="apple-converted-space"> </span>Re: [Openid-specs-risc] issuer conflict<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"> <o:p></o:p></p>
</div>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="font-size:9.0pt;font-family:"Helvetica",sans-serif">My preference: If all SET only supports a single iss/sub pair, then 1. If a SET can have events for multiple iss/sub
pair, then 2.<o:p></o:p></span></p>
<div>
<p class="MsoNormal"> <o:p></o:p></p>
</div>
<div>
<div>
<div>
<p class="MsoNormal">2017<span style="font-family:"MS Gothic"">年</span>8<span style="font-family:"MS Gothic"">月</span>3<span style="font-family:"MS Gothic"">日</span>(<span style="font-family:"MS Gothic"">木</span>) 7:49 Marius Scurtescu <<a href="mailto:mscurtescu@google.com"><span style="color:purple">mscurtescu@google.com</span></a>>:<o:p></o:p></p>
</div>
</div>
<blockquote style="border:none;border-left:solid #CCCCCC 1.0pt;padding:0in 0in 0in 6.0pt;margin-left:4.8pt;margin-top:5.0pt;margin-right:0in;margin-bottom:5.0pt">
<div>
<div>
<p class="MsoNormal">Each SET profile must define or clarify several aspects of the specs. For RISC most of these must only be only specified (like key resolution), but there is at least one issue for which we don't have an agreed on solution.<o:p></o:p></p>
</div>
<div>
<div>
<p class="MsoNormal"> <o:p></o:p></p>
</div>
</div>
<div>
<div>
<p class="MsoNormal">In some use cases the issuer of the SET is different from the issuer of the subject identifier, and at least in those cases there cannot be only one top level "iss" claim.<o:p></o:p></p>
</div>
</div>
<div>
<div>
<p class="MsoNormal"> <o:p></o:p></p>
</div>
</div>
<div>
<div>
<p class="MsoNormal">Here are the proposals I am aware of to solve this issue:<o:p></o:p></p>
</div>
</div>
<div>
<div>
<p class="MsoNormal"> <o:p></o:p></p>
</div>
</div>
<div>
<div>
<p class="MsoNormal">1. Move iss+sub to the event level. The drawback of this approach is redundancy when multiple events are present in the SET.<o:p></o:p></p>
</div>
</div>
<div>
<div>
<p class="MsoNormal"> <o:p></o:p></p>
</div>
</div>
<div>
<div>
<div>
<p class="MsoNormal"><span style="font-family:"Courier New"">{</span><o:p></o:p></p>
</div>
</div>
<div>
<div>
<p class="MsoNormal"><span style="font-family:"Courier New""> "jti": "3d0c3cf797584bd193bd0fb1bd4e7d30",</span><o:p></o:p></p>
</div>
</div>
<div>
<div>
<p class="MsoNormal"><span style="font-family:"Courier New""> "iat": 1458496025,</span><o:p></o:p></p>
</div>
</div>
<div>
<div>
<p class="MsoNormal"><span style="font-family:"Courier New""> "iss": "<a href="https://tr.example.com/" target="_blank"><span style="color:purple">https://tr.example.com</span></a>",</span><o:p></o:p></p>
</div>
</div>
<div>
<div>
<p class="MsoNormal"><span style="font-family:"Courier New""> "aud": "<a href="https://rv.example.com/" target="_blank"><span style="color:purple">https://rv.example.com/</span></a>",</span><o:p></o:p></p>
</div>
</div>
<div>
<div>
<p class="MsoNormal"><span style="font-family:"Courier New""> "events": {</span><o:p></o:p></p>
</div>
</div>
<div>
<div>
<p class="MsoNormal"><span style="font-family:"Courier New""> "urn:ietf:params:risc:event:sessions-revoked":</span><o:p></o:p></p>
</div>
</div>
<div>
<div>
<p class="MsoNormal"><span style="font-family:"Courier New""> {</span><o:p></o:p></p>
</div>
</div>
<div>
<div>
<p class="MsoNormal"><span style="font-family:"Courier New""> "iss": "<a href="https://example.com/" target="_blank"><span style="color:purple">https://example.com</span></a>",</span><o:p></o:p></p>
</div>
</div>
<div>
<div>
<p class="MsoNormal"><span style="font-family:"Courier New""> "sub": "47635747",</span><o:p></o:p></p>
</div>
</div>
<div>
<div>
<p class="MsoNormal"><span style="font-family:"Courier New""> },</span><o:p></o:p></p>
</div>
</div>
<div>
<div>
<p class="MsoNormal"><span style="font-family:"Courier New""> "urn:ietf:params:risc:event:tokens-revoked":</span><o:p></o:p></p>
</div>
</div>
<div>
<div>
<p class="MsoNormal"><span style="font-family:"Courier New""> {</span><o:p></o:p></p>
</div>
</div>
<div>
<div>
<p class="MsoNormal"><span style="font-family:"Courier New""> "iss": "<a href="https://example.com/" target="_blank"><span style="color:purple">https://example.com</span></a>",</span><o:p></o:p></p>
</div>
</div>
<div>
<div>
<p class="MsoNormal"><span style="font-family:"Courier New""> "sub": "47635747",</span><o:p></o:p></p>
</div>
</div>
<div>
<div>
<p class="MsoNormal"><span style="font-family:"Courier New""> }</span><o:p></o:p></p>
</div>
</div>
<div>
<div>
<p class="MsoNormal"><span style="font-family:"Courier New""> }</span><o:p></o:p></p>
</div>
</div>
<div>
<div>
<p class="MsoNormal"><span style="font-family:"Courier New"">}</span><o:p></o:p></p>
</div>
</div>
</div>
<div>
<div>
<p class="MsoNormal"> <o:p></o:p></p>
</div>
</div>
<div>
<div>
<p class="MsoNormal"> <o:p></o:p></p>
</div>
</div>
<div>
<div>
<p class="MsoNormal">1.1 Move only the subject "iss" to the event level and leave "sub" at the top level (next to the SET "iss"). I find this solution very confusing.<o:p></o:p></p>
</div>
</div>
<div>
<div>
<p class="MsoNormal"> <o:p></o:p></p>
</div>
</div>
<div>
<div>
<div>
<p class="MsoNormal"><span style="font-family:"Courier New"">{</span><o:p></o:p></p>
</div>
</div>
<div>
<div>
<p class="MsoNormal"><span style="font-family:"Courier New""> "jti": "3d0c3cf797584bd193bd0fb1bd4e7d30",</span><o:p></o:p></p>
</div>
</div>
<div>
<div>
<p class="MsoNormal"><span style="font-family:"Courier New""> "iat": 1458496025,</span><o:p></o:p></p>
</div>
</div>
<div>
<div>
<p class="MsoNormal"><span style="font-family:"Courier New""> "iss": "<a href="https://tr.example.com/" target="_blank"><span style="color:purple">https://tr.example.com</span></a>",</span><o:p></o:p></p>
</div>
</div>
<div>
<div>
<p class="MsoNormal"><span style="font-family:"Courier New""> "sub": "47635747",</span><o:p></o:p></p>
</div>
</div>
<div>
<div>
<p class="MsoNormal"><span style="font-family:"Courier New""> "aud": "<a href="https://rv.example.com/" target="_blank"><span style="color:purple">https://rv.example.com/</span></a>",</span><o:p></o:p></p>
</div>
</div>
<div>
<div>
<p class="MsoNormal"><span style="font-family:"Courier New""> "events": {</span><o:p></o:p></p>
</div>
</div>
<div>
<div>
<p class="MsoNormal"><span style="font-family:"Courier New""> "urn:ietf:params:risc:event:sessions-revoked":</span><o:p></o:p></p>
</div>
</div>
<div>
<div>
<p class="MsoNormal"><span style="font-family:"Courier New""> {</span><o:p></o:p></p>
</div>
</div>
<div>
<div>
<p class="MsoNormal"><span style="font-family:"Courier New""> "iss": "<a href="https://example.com/" target="_blank"><span style="color:purple">https://example.com</span></a>",</span><o:p></o:p></p>
</div>
</div>
<div>
<div>
<p class="MsoNormal"><span style="font-family:"Courier New""> },</span><o:p></o:p></p>
</div>
</div>
<div>
<div>
<p class="MsoNormal"><span style="font-family:"Courier New""> "urn:ietf:params:risc:event:tokens-revoked":</span><o:p></o:p></p>
</div>
</div>
<div>
<div>
<p class="MsoNormal"><span style="font-family:"Courier New""> {</span><o:p></o:p></p>
</div>
</div>
<div>
<div>
<p class="MsoNormal"><span style="font-family:"Courier New""> "iss": "<a href="https://example.com/" target="_blank"><span style="color:purple">https://example.com</span></a>",</span><o:p></o:p></p>
</div>
</div>
<div>
<div>
<p class="MsoNormal"><span style="font-family:"Courier New""> }</span><o:p></o:p></p>
</div>
</div>
<div>
<div>
<p class="MsoNormal"><span style="font-family:"Courier New""> }</span><o:p></o:p></p>
</div>
</div>
<div>
<div>
<p class="MsoNormal"><span style="font-family:"Courier New"">}</span><o:p></o:p></p>
</div>
</div>
</div>
<div>
<div>
<p class="MsoNormal"> <o:p></o:p></p>
</div>
</div>
<div>
<div>
<p class="MsoNormal"> <o:p></o:p></p>
</div>
</div>
<div>
<div>
<p class="MsoNormal">2. Move iss+sub immediately under the "events" claim. No redundancy in this case.<o:p></o:p></p>
</div>
</div>
<div>
<div>
<p class="MsoNormal"> <o:p></o:p></p>
</div>
</div>
<div>
<div>
<div>
<p class="MsoNormal"><span style="font-family:"Courier New"">{</span><o:p></o:p></p>
</div>
</div>
<div>
<div>
<p class="MsoNormal"><span style="font-family:"Courier New""> "jti": "3d0c3cf797584bd193bd0fb1bd4e7d30",</span><o:p></o:p></p>
</div>
</div>
<div>
<div>
<p class="MsoNormal"><span style="font-family:"Courier New""> "iat": 1458496025,</span><o:p></o:p></p>
</div>
</div>
<div>
<div>
<p class="MsoNormal"><span style="font-family:"Courier New""> "iss": "<a href="https://tr.example.com/" target="_blank"><span style="color:purple">https://tr.example.com</span></a>",</span><o:p></o:p></p>
</div>
</div>
<div>
<div>
<p class="MsoNormal"><span style="font-family:"Courier New""> "aud": "<a href="https://rv.example.com/" target="_blank"><span style="color:purple">https://rv.example.com/</span></a>",</span><o:p></o:p></p>
</div>
</div>
<div>
<div>
<p class="MsoNormal"><span style="font-family:"Courier New""> "events": {</span><o:p></o:p></p>
</div>
</div>
<div>
<div>
<p class="MsoNormal"><span style="font-family:"Courier New""> "iss": "<a href="https://example.com/" target="_blank"><span style="color:purple">https://example.com</span></a>",</span><o:p></o:p></p>
</div>
</div>
<div>
<div>
<p class="MsoNormal"><span style="font-family:"Courier New""> "sub": "47635747",</span><o:p></o:p></p>
</div>
</div>
<div>
<div>
<p class="MsoNormal"><span style="font-family:"Courier New""> "urn:ietf:params:risc:event:sessions-revoked": {},</span><o:p></o:p></p>
</div>
</div>
<div>
<div>
<p class="MsoNormal"><span style="font-family:"Courier New""> "urn:ietf:params:risc:event:tokens-revoked": {}</span><o:p></o:p></p>
</div>
</div>
<div>
<div>
<p class="MsoNormal"><span style="font-family:"Courier New""> }</span><o:p></o:p></p>
</div>
</div>
<div>
<div>
<p class="MsoNormal"><span style="font-family:"Courier New"">}</span><o:p></o:p></p>
</div>
</div>
</div>
<div>
<div>
<p class="MsoNormal"> <o:p></o:p></p>
</div>
</div>
<div>
<div>
<p class="MsoNormal"> <o:p></o:p></p>
</div>
</div>
<div>
<div>
<p class="MsoNormal">3. Move iss+sub to a new nested claim.<o:p></o:p></p>
</div>
</div>
<div>
<div>
<p class="MsoNormal"> <o:p></o:p></p>
</div>
</div>
<div>
<div>
<div>
<p class="MsoNormal"><span style="font-family:"Courier New"">{</span><o:p></o:p></p>
</div>
</div>
<div>
<div>
<p class="MsoNormal"><span style="font-family:"Courier New""> "jti": "3d0c3cf797584bd193bd0fb1bd4e7d30",</span><o:p></o:p></p>
</div>
</div>
<div>
<div>
<p class="MsoNormal"><span style="font-family:"Courier New""> "iat": 1458496025,</span><o:p></o:p></p>
</div>
</div>
<div>
<div>
<p class="MsoNormal"><span style="font-family:"Courier New""> "iss": "<a href="https://tr.example.com/" target="_blank"><span style="color:purple">https://tr.example.com</span></a>",</span><o:p></o:p></p>
</div>
</div>
<div>
<div>
<p class="MsoNormal"><span style="font-family:"Courier New""> "aud": "<a href="https://rv.example.com/" target="_blank"><span style="color:purple">https://rv.example.com/</span></a>",</span><o:p></o:p></p>
</div>
</div>
<div>
<div>
<p class="MsoNormal"><span style="font-family:"Courier New""> "target": {</span><o:p></o:p></p>
</div>
</div>
<div>
<div>
<p class="MsoNormal"><span style="font-family:"Courier New""> "iss": "<a href="https://example.com/" target="_blank"><span style="color:purple">https://example.com</span></a>",</span><o:p></o:p></p>
</div>
</div>
<div>
<div>
<p class="MsoNormal"><span style="font-family:"Courier New""> "sub": "47635747",</span><o:p></o:p></p>
</div>
</div>
<div>
<div>
<p class="MsoNormal"><span style="font-family:"Courier New""> },</span><o:p></o:p></p>
</div>
</div>
<div>
<div>
<p class="MsoNormal"><span style="font-family:"Courier New""> "events": {</span><o:p></o:p></p>
</div>
</div>
<div>
<div>
<p class="MsoNormal"><span style="font-family:"Courier New""> "urn:ietf:params:risc:event:sessions-revoked": {},</span><o:p></o:p></p>
</div>
</div>
<div>
<div>
<p class="MsoNormal"><span style="font-family:"Courier New""> "urn:ietf:params:risc:event:tokens-revoked": {}</span><o:p></o:p></p>
</div>
</div>
<div>
<div>
<p class="MsoNormal"><span style="font-family:"Courier New""> }</span><o:p></o:p></p>
</div>
</div>
<div>
<div>
<p class="MsoNormal"><span style="font-family:"Courier New"">}</span><o:p></o:p></p>
</div>
</div>
</div>
<div>
<div>
<p class="MsoNormal"> <o:p></o:p></p>
</div>
</div>
<div>
<div>
<p class="MsoNormal"> <o:p></o:p></p>
</div>
</div>
<div>
<div>
<p class="MsoNormal">4. Define a new top level issuer claim either for the SET or for the subject.<o:p></o:p></p>
</div>
</div>
<div>
<div>
<p class="MsoNormal"> <o:p></o:p></p>
</div>
</div>
<div>
<div>
<div>
<p class="MsoNormal"><span style="font-family:"Courier New"">{</span><o:p></o:p></p>
</div>
</div>
<div>
<div>
<p class="MsoNormal"><span style="font-family:"Courier New""> "jti": "3d0c3cf797584bd193bd0fb1bd4e7d30",</span><o:p></o:p></p>
</div>
</div>
<div>
<div>
<p class="MsoNormal"><span style="font-family:"Courier New""> "iat": 1458496025,</span><o:p></o:p></p>
</div>
</div>
<div>
<div>
<p class="MsoNormal"><span style="font-family:"Courier New""> "iss": "<a href="https://tr.example.com/" target="_blank"><span style="color:purple">https://tr.example.com</span></a>",</span><o:p></o:p></p>
</div>
</div>
<div>
<div>
<p class="MsoNormal"><span style="font-family:"Courier New""> "iss-sub": "<a href="https://example.com/" target="_blank"><span style="color:purple">https://example.com</span></a>",</span><o:p></o:p></p>
</div>
</div>
<div>
<div>
<p class="MsoNormal"><span style="font-family:"Courier New""> "sub": "47635747",</span><o:p></o:p></p>
</div>
</div>
<div>
<div>
<p class="MsoNormal"><span style="font-family:"Courier New""> "aud": "<a href="https://rv.example.com/" target="_blank"><span style="color:purple">https://rv.example.com/</span></a>",</span><o:p></o:p></p>
</div>
</div>
<div>
<div>
<p class="MsoNormal"><span style="font-family:"Courier New""> "events": {</span><o:p></o:p></p>
</div>
</div>
<div>
<div>
<p class="MsoNormal"><span style="font-family:"Courier New""> "urn:ietf:params:risc:event:sessions-revoked": {},</span><o:p></o:p></p>
</div>
</div>
<div>
<div>
<p class="MsoNormal"><span style="font-family:"Courier New""> "urn:ietf:params:risc:event:tokens-revoked": {}</span><o:p></o:p></p>
</div>
</div>
<div>
<div>
<p class="MsoNormal"><span style="font-family:"Courier New""> }</span><o:p></o:p></p>
</div>
</div>
<div>
<div>
<p class="MsoNormal"><span style="font-family:"Courier New"">}</span><o:p></o:p></p>
</div>
</div>
</div>
<div>
<div>
<p class="MsoNormal"> <o:p></o:p></p>
</div>
</div>
<div>
<div>
<p class="MsoNormal"> <o:p></o:p></p>
</div>
</div>
<div>
<div>
<p class="MsoNormal">An open question is if this new iss+sub solution should be always required or if a top level iss+sub should also be allowed (when there is no conflict). I vote for having only one way for simplicity.<o:p></o:p></p>
</div>
</div>
<div>
<div>
<p class="MsoNormal"> <o:p></o:p></p>
</div>
</div>
<div>
<div>
<p class="MsoNormal">Once we decide on a solution we can start working on the RISC profile draft.<o:p></o:p></p>
</div>
</div>
<div>
<div>
<p class="MsoNormal"> <o:p></o:p></p>
</div>
</div>
<div>
<div>
<p class="MsoNormal">Thoughts?<o:p></o:p></p>
</div>
</div>
<div>
<div>
<p class="MsoNormal"> <o:p></o:p></p>
</div>
</div>
<div>
<div>
<div>
<p class="MsoNormal">Marius<span class="apple-converted-space"> </span><o:p></o:p></p>
</div>
</div>
</div>
</div>
<div>
<p class="MsoNormal">_______________________________________________<br>
Openid-specs-risc mailing list<br>
<a href="mailto:Openid-specs-risc@lists.openid.net" target="_blank"><span style="color:purple">Openid-specs-risc@lists.openid.net</span></a><br>
<a href="https://urldefense.proofpoint.com/v2/url?u=http-3A__lists.openid.net_mailman_listinfo_openid-2Dspecs-2Drisc&d=DwMGaQ&c=RoP1YumCXCgaWHvlZYR8PQcxBKCX5YTpkKY057SbK10&r=JBm5biRrKugCH0FkITSeGJxPEivzjWwlNKe4C_lLIGk&m=4k0dpAmH57T_gD1fVCmltEYUmKxb4gb1hiM5ybc6jWg&s=xW2ScC8zZWSE739rBXF8kBvf2HyiRwKKJbgxuOXRr3s&e=" target="_blank"><span style="color:purple">http://lists.openid.net/mailman/listinfo/openid-specs-risc</span></a><o:p></o:p></p>
</div>
</blockquote>
</div>
<div>
<div>
<p class="MsoNormal">--<span class="apple-converted-space"> </span><o:p></o:p></p>
</div>
</div>
<div>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="font-size:9.0pt;font-family:"Helvetica",sans-serif">Nat Sakimura<o:p></o:p></span></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="font-size:9.0pt;font-family:"Helvetica",sans-serif">Chairman of the Board, OpenID Foundation<o:p></o:p></span></p>
</div>
<p class="MsoNormal"><span style="font-size:9.0pt;font-family:"Helvetica",sans-serif">_______________________________________________<br>
Openid-specs-risc mailing list<br>
</span><a href="mailto:Openid-specs-risc@lists.openid.net"><span style="font-size:9.0pt;font-family:"Helvetica",sans-serif;color:purple">Openid-specs-risc@lists.openid.net</span></a><span style="font-size:9.0pt;font-family:"Helvetica",sans-serif"><br>
</span><a href="https://urldefense.proofpoint.com/v2/url?u=http-3A__lists.openid.net_mailman_listinfo_openid-2Dspecs-2Drisc&d=DwICAg&c=RoP1YumCXCgaWHvlZYR8PQcxBKCX5YTpkKY057SbK10&r=JBm5biRrKugCH0FkITSeGJxPEivzjWwlNKe4C_lLIGk&m=4k0dpAmH57T_gD1fVCmltEYUmKxb4gb1hiM5ybc6jWg&s=xW2ScC8zZWSE739rBXF8kBvf2HyiRwKKJbgxuOXRr3s&e="><span style="font-size:9.0pt;font-family:"Helvetica",sans-serif;color:purple">https://urldefense.proofpoint.com/v2/url?u=http-3A__lists.openid.net_mailman_listinfo_openid-2Dspecs-2Drisc&d=DwICAg&c=RoP1YumCXCgaWHvlZYR8PQcxBKCX5YTpkKY057SbK10&r=JBm5biRrKugCH0FkITSeGJxPEivzjWwlNKe4C_lLIGk&m=4k0dpAmH57T_gD1fVCmltEYUmKxb4gb1hiM5ybc6jWg&s=xW2ScC8zZWSE739rBXF8kBvf2HyiRwKKJbgxuOXRr3s&e=</span></a><span class="apple-converted-space"><span style="font-size:9.0pt;font-family:"Helvetica",sans-serif"> </span></span><o:p></o:p></p>
</div>
</blockquote>
</div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
</div>
</div>
</body>
</html>