<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=us-ascii">
<meta name="Generator" content="Microsoft Word 15 (filtered medium)">
<style><!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Consolas;
panose-1:2 11 6 9 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Times New Roman","serif";
color:black;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
pre
{mso-style-priority:99;
mso-style-link:"HTML Preformatted Char";
margin:0in;
margin-bottom:.0001pt;
font-size:10.0pt;
font-family:"Courier New";
color:black;}
span.HTMLPreformattedChar
{mso-style-name:"HTML Preformatted Char";
mso-style-priority:99;
mso-style-link:"HTML Preformatted";
font-family:Consolas;
color:black;}
span.EmailStyle19
{mso-style-type:personal;
font-family:"Calibri","sans-serif";
color:#1F497D;}
span.EmailStyle20
{mso-style-type:personal-reply;
font-family:"Calibri","sans-serif";
color:#1F497D;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
</head>
<body bgcolor="white" lang="EN-US" link="blue" vlink="purple">
<div class="WordSection1">
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">I have lots of objections, but we will start with these 2<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">1. Name, I suggest a name of “token delegation”<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">2. Issue here is that OIDF started down a dynamic registration path, and then IETF wanted to do this and in a somewhat different way , so why start this nightmare,
cull out the basic exchanges/structures/schema/etc. needed for delegation make that an IETF draft and then anything that is OIDF specific become work in OIDF.<o:p></o:p></span></p>
<p class="MsoNormal"><a name="_MailEndCompose"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"><o:p> </o:p></span></a></p>
<div>
<div style="border:none;border-top:solid #E1E1E1 1.0pt;padding:3.0pt 0in 0in 0in">
<p class="MsoNormal"><b><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:windowtext">From:</span></b><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:windowtext"> Paul Madsen [mailto:pmadsen@pingidentity.com]
<br>
<b>Sent:</b> Wednesday, July 3, 2013 3:10 PM<br>
<b>To:</b> Anthony Nadalin<br>
<b>Cc:</b> Mike Jones; John Bradley; specs-council@openid.net; ashishjain@vmware.com; openid-board@lists.openid.net; openid-specs@lists.openid.net<br>
<b>Subject:</b> Re: [OIDFSC] Native application SSO Working Group<o:p></o:p></span></p>
</div>
</div>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal" style="margin-bottom:12.0pt"><span style="font-family:"Arial","sans-serif"">you are making two objections - let's keep them separate<br>
<br>
1) naming - UMA (as an example) does set a precedent of describing a profile in terms of something more abstract than its mechanics.
<br>
<br>
Ultimately, profiles are *meant* to do one thing - and this one is meant to 'do SSO'<br>
<br>
2) forum - I fail to see how doing the work of creating a profile of OIDC could be any easier or more straightforward in the IETF than the body that defined the spec itself??<br>
<br>
paul</span><o:p></o:p></p>
<div>
<p class="MsoNormal">On 7/3/13 5:59 PM, Anthony Nadalin wrote:<o:p></o:p></p>
</div>
<blockquote style="margin-top:5.0pt;margin-bottom:5.0pt">
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">The user experience may be SSO but that is only 1 type of experience, this is a byproduct of the token delegation. I don’t want the situation we are in with
dynamic registration we are now, having to keep the OIDF work in sync with the IETF work, its suck. I think this could be easily profiled in IETF to be generic and then anything specific can be done in OIDF</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"> </span><o:p></o:p></p>
<div>
<div style="border:none;border-top:solid #E1E1E1 1.0pt;padding:3.0pt 0in 0in 0in">
<p class="MsoNormal"><b><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:windowtext">From:</span></b><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:windowtext"> Paul Madsen [<a href="mailto:pmadsen@pingidentity.com">mailto:pmadsen@pingidentity.com</a>]
<br>
<b>Sent:</b> Wednesday, July 3, 2013 2:47 PM<br>
<b>To:</b> Anthony Nadalin<br>
<b>Cc:</b> Mike Jones; John Bradley; <a href="mailto:specs-council@openid.net">specs-council@openid.net</a>;
<a href="mailto:ashishjain@vmware.com">ashishjain@vmware.com</a>; <a href="mailto:openid-board@lists.openid.net">
openid-board@lists.openid.net</a>; <a href="mailto:openid-specs@lists.openid.net">
openid-specs@lists.openid.net</a><br>
<b>Subject:</b> Re: [OIDFSC] Native application SSO Working Group</span><o:p></o:p></p>
</div>
</div>
<p class="MsoNormal"> <o:p></o:p></p>
<p class="MsoNormal" style="margin-bottom:12.0pt"><span style="font-family:"Arial","sans-serif"">it enables a 'login once, enjoy seamless access' across multiple native apps - how is that not SSO? While the mechanism may be token delegation, the user experience
is SSO<br>
<br>
The proposal is to profile OIDC - it's not a distinct protocol - that's why we are bringing it to OIDF<br>
<br>
paul</span><o:p></o:p></p>
<div>
<p class="MsoNormal">On 7/3/13 5:42 PM, Anthony Nadalin wrote:<o:p></o:p></p>
</div>
<blockquote style="margin-top:5.0pt;margin-bottom:5.0pt">
<pre>This is a real crappy name, as its not SSO, it's a "token delegation agent" (so proposal is to handle both authentication and authorization). Question is does it belong here or at IETF, if the dynamic registration fits in IETF why wouldn't this ?<o:p></o:p></pre>
<pre> <o:p></o:p></pre>
<pre>-----Original Message-----<o:p></o:p></pre>
<pre>From: <a href="mailto:openid-specs-bounces@lists.openid.net">openid-specs-bounces@lists.openid.net</a> [<a href="mailto:openid-specs-bounces@lists.openid.net">mailto:openid-specs-bounces@lists.openid.net</a>] On Behalf Of Mike Jones<o:p></o:p></pre>
<pre>Sent: Wednesday, July 3, 2013 2:26 PM<o:p></o:p></pre>
<pre>To: John Bradley; <a href="mailto:specs-council@openid.net">specs-council@openid.net</a><o:p></o:p></pre>
<pre>Cc: <a href="mailto:ashishjain@vmware.com">ashishjain@vmware.com</a>; Paul Madsen; <a href="mailto:openid-board@lists.openid.net">openid-board@lists.openid.net</a>; <a href="mailto:openid-specs@lists.openid.net">openid-specs@lists.openid.net</a><o:p></o:p></pre>
<pre>Subject: RE: [OIDFSC] Native application SSO Working Group<o:p></o:p></pre>
<pre> <o:p></o:p></pre>
<pre>This proposed charter did not incorporate any of the proposed improvements and clarifications that I circulated to the authors - not even the spelling corrections or the (I believe necessary) statement that "This specification will not make breaking changes to OpenID Connect 1.0".<o:p></o:p></pre>
<pre> <o:p></o:p></pre>
<pre>My proposed version is attached. I would appreciate it you would resubmit the charter with these corrections incorporated. After that, I will support the formation of the working group.<o:p></o:p></pre>
<pre> <o:p></o:p></pre>
<pre> Thank you,<o:p></o:p></pre>
<pre> -- Mike<o:p></o:p></pre>
<pre> <o:p></o:p></pre>
<pre>-----Original Message-----<o:p></o:p></pre>
<pre>From: <a href="mailto:openid-specs-council-bounces@lists.openid.net">openid-specs-council-bounces@lists.openid.net</a> [<a href="mailto:openid-specs-council-bounces@lists.openid.net">mailto:openid-specs-council-bounces@lists.openid.net</a>] On Behalf Of John Bradley<o:p></o:p></pre>
<pre>Sent: Sunday, June 30, 2013 5:35 PM<o:p></o:p></pre>
<pre>To: <a href="mailto:specs-council@openid.net">specs-council@openid.net</a><o:p></o:p></pre>
<pre>Cc: <a href="mailto:ashishjain@vmware.com">ashishjain@vmware.com</a>; Paul Madsen; Chuck Mortimore; <a href="mailto:openid-specs@lists.openid.net">openid-specs@lists.openid.net</a>; Nat Sakimura; matake@gmail; <a href="mailto:openid-board@lists.openid.net">openid-board@lists.openid.net</a><o:p></o:p></pre>
<pre>Subject: [OIDFSC] Native application SSO Working Group<o:p></o:p></pre>
<pre> <o:p></o:p></pre>
<pre>The enclosed Work Group Charter is being sent to the Specs Council for review in anticipation of chartering the Group.<o:p></o:p></pre>
<pre> <o:p></o:p></pre>
<pre>It is best have this activity under the foundation IPR as soon as possible.<o:p></o:p></pre>
<pre> <o:p></o:p></pre>
<pre>Regards<o:p></o:p></pre>
<pre>John B.<o:p></o:p></pre>
<pre> <o:p></o:p></pre>
<pre> <o:p></o:p></pre>
<pre> <o:p></o:p></pre>
</blockquote>
<p class="MsoNormal"> <o:p></o:p></p>
</blockquote>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
</body>
</html>