Re: [GNAP] User consent
Francis Pouatcha <fpo@adorsys.de> Fri, 14 August 2020 16:13 UTC
Return-Path: <fpo@adorsys.de>
X-Original-To: txauth@ietfa.amsl.com
Delivered-To: txauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id AB93E3A0D94 for <txauth@ietfa.amsl.com>; Fri, 14 Aug 2020 09:13:37 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.097
X-Spam-Level:
X-Spam-Status: No, score=-2.097 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_FONT_LOW_CONTRAST=0.001, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=adorsys.de
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Bi3vr6cMG5j0 for <txauth@ietfa.amsl.com>; Fri, 14 Aug 2020 09:13:35 -0700 (PDT)
Received: from mail-wm1-x32e.google.com (mail-wm1-x32e.google.com [IPv6:2a00:1450:4864:20::32e]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 65E113A0D91 for <txauth@ietf.org>; Fri, 14 Aug 2020 09:13:34 -0700 (PDT)
Received: by mail-wm1-x32e.google.com with SMTP id g8so7913873wmk.3 for <txauth@ietf.org>; Fri, 14 Aug 2020 09:13:34 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=adorsys.de; s=google; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=87Ij3Tq3qF038tFLP1tHUgrW0lHCKiInMjd7mncdV4A=; b=VU8wJ6+lr2fqQdqNKhC8+yA/q7kXf80/SRUrKVpvqGewqnY806KcKDVJ1CrFrbUbeU +3GjUFGrWeo//Oy70LYufGd1UHXLz45K1Uv1XjR6oXsgn75goRKqLrVjcBs+zCJxciel zQLPiatNpXou4UMWFzZ5bf23+MKDnfqqFE+6E=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=87Ij3Tq3qF038tFLP1tHUgrW0lHCKiInMjd7mncdV4A=; b=X7BDumsBnvy1QRSKkKcGoyceYe7bv4ZqJT36PtpSZPh8OBUS7u1SMKmqNjVgqMA+o4 eosjCfojSqE7bUDKE4SlEm0CSjhqD7ZvYg2mUMI3GWvhzdKLmPOC/b/WWH8LW8PtmL2l TLmHTzi4yKqjXqaEAHWlfozJPa2YuNCI0BVUsmv2DJWKJQQ0t9LOfhye0B+tZFwLXCJ/ +R7o2q6hQPIMGg7DehRu1xYLGrIAN8xA2d8tzeMVwqcTKi3i/HFDfi3r3+fjYuWXdCLj AzVttk+eoQQTPon3t+skJBvxj9sZDyJhsv05K+DknHT2+ILXT6WPOJjzkNpcgQTse5N5 xj8g==
X-Gm-Message-State: AOAM5304GIwwrkEVsiwCNMNC2xXwQeRXVwQrwbW2ugiIekHwGZiPGGB6 yjD0ckZQXYfJCNh2xY0YwhIdLfzVrO6XbNFwG+Hv+g==
X-Google-Smtp-Source: ABdhPJwyhRdE4Ud+Q1EMStwiGDenVExULgyGR+lWmKx8AOyH87AsqEZlzwQVKwYsVNJImCCeXt1GLeQGX9HOHI9UWQk=
X-Received: by 2002:a1c:b145:: with SMTP id a66mr3332786wmf.133.1597421612383; Fri, 14 Aug 2020 09:13:32 -0700 (PDT)
MIME-Version: 1.0
References: <c5f40413-93b8-2e8c-0a3e-14a07cd27ad0@free.fr> <ECF217AE-1D67-4EAE-AE51-531F6EE6E222@mit.edu> <583aedda-ae41-1f3e-6623-671f2197614c@free.fr> <20200804185313.GT92412@kduck.mit.edu> <CAJot-L2hykst2vFxcwLn_auDMMaw7psVwsKFHKhQp9DA49ydWg@mail.gmail.com> <A4DC7B4E-FD34-454F-9396-B971CF5D57A4@mit.edu> <CAD9ie-tKEp+PV3F4p84Zbu7Kd1dQutawnzHybt8cmg-XniLYLQ@mail.gmail.com> <CAOW4vyN4ifCXmk1XAyGK4cEfY1jTp6+AWOL-uNjEpVcp0Ku0UQ@mail.gmail.com> <CAD9ie-ugjNevqKAPWFjKqGMMpCvX6yyC=M4bs9naenJf-k9uqg@mail.gmail.com> <1b06d5849bf941d69376d1d7efbc4950@oc11expo18.exchange.mit.edu> <CAK2Cwb5ZVpTzOtQBGcw5zgteGe5EGR9sMBxWVrQ2mZP7-tc-kg@mail.gmail.com> <49B10559-0FB2-4B80-81C6-6F25F76F2ED8@mit.edu> <CAD9ie-vrFmSMY6bC4BqtpVn9i6MeFnghOXaHfdhXvOr59u1rzg@mail.gmail.com> <a3e44960-3e2f-03cf-08e7-412525443ff5@free.fr> <CAD9ie-v_YFufNmgfHSx0sr9kmMTjrOa--acic2UAg9LfpLNssQ@mail.gmail.com> <58369087-2bfa-152a-ea8d-22f32424aefb@free.fr>
In-Reply-To: <58369087-2bfa-152a-ea8d-22f32424aefb@free.fr>
From: Francis Pouatcha <fpo@adorsys.de>
Date: Fri, 14 Aug 2020 12:13:21 -0400
Message-ID: <CAOW4vyNu=BLC_fKSAU8Nk-oLHXfaU6pNCAc7nbAXXKiUZ=Fnvg@mail.gmail.com>
To: Denis <denis.ietf@free.fr>
Cc: Dick Hardt <dick.hardt@gmail.com>, "txauth@ietf.org" <txauth@ietf.org>
Content-Type: multipart/alternative; boundary="000000000000c35df705acd8b3a8"
Archived-At: <https://mailarchive.ietf.org/arch/msg/txauth/mCXjLt7qvdw10BQ2j1hgT1niuw0>
Subject: Re: [GNAP] User consent
X-BeenThere: txauth@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: <txauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/txauth>, <mailto:txauth-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/txauth/>
List-Post: <mailto:txauth@ietf.org>
List-Help: <mailto:txauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/txauth>, <mailto:txauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 14 Aug 2020 16:13:38 -0000
Small digest of the consent discussion into the suggested abstract flow. Please do not nail on the words used (just working assumptions). - GS is used to refer to the token manager (what Justin calls Delegation Server (DS) - handles the back-channel stuff) - AS is used to refer to the authorization server (what Justin calls Interaction Server (IS) - handles the front-channel stuff) - (End User), (Client) are sample entities materializing the corresponding roles (in oAuth2 for example) Added Separation between GS and AS (resp. DS and IS sse above) - 3a: GS forwards request for the RC consent to an AS, that knows how to interact with the RC - 3b: AS returns RC consent to GS. This separation might help draw a line between token management and user authorization. This is essential for forward thinking into the world of Fido, SSI, DID. Display front channel and back channel (At the Abstraction Level-0 -GNAP, this shall not matter.) Steps (1, 4, 7) are good candidates for a front channel, as we are interacting with a potential (End User). Steps (2, 3, 5 , 6) are good candidates for back channel. Steps (3a, 3b) are candidates for both, as AS might be running on a user device. Here is the new diagram. +-----------+ +--------------+ +----+ +----+ +----+ +---------------------+ | Requestor | | Orchestrator | | | | | | | | Resource Controller | | | | | | RS | | GS | | AS | | | |(End User) | | (Client) | | | | | | | | (End User) | +-----------+ +--------------+ +----+ +----+ +----+ +---------------------+ |(1) ServiceRequest | | | | | |---------------------->| | | | | | |(2) ServiceIntent:AuthZChallenge | | |<---------->| | | | | | | | | | | |(3) AuthZRequest(AuthZChallenge) | | |------------------->| | | | | | |(3a)ConsentRequest(AuthZChallenge) | | | |------->| | | | | | |(4) ConsentRequest:Consent | | | | |<-------------->| | | | |(3b)UserConsent | | | | |<-------| | | |(5) GrantAccess(AuthZ). | | | |<-------------------| | | | | | | | | | |(6) ServiceRequest(AuthZ):ServiceResponse. | | |<---------->| | | | |(7) ServiceResponse | | | | | |<----------------------| | | | | + + + + + + Best regards. /Francis On Fri, Aug 14, 2020 at 6:14 AM Denis <denis.ietf@free.fr> wrote: > This is a new thread built from "Revisiting the photo sharing example (a > driving use case for the creation of OAuth)" > > Hi Dick, > > I don't see how we can technically standardize a user experience, and it > is not clear why a standard would be needed for interoperability. > > I already wrote a proposal and made it available to the mailing list. > > An access will be granted by a RS based on an mathematical expression > which is formed using some combination of AND and OR conditions. > > Examples of combinations: > > *condition 1* AND > *condition 2 condition 1* OR *condition 2* > (*condition 1* AND *condition 2)* OR > *condition 3 (condition 1* OR *condition 2)* AND *condition 3* > > The following notation is being used for the *conditions*: > > *condition x* = { AS identifier + set of attributes types } > > Each RS internally constructs an *authorization table* with the following > content: > > 1° For the "authentication" operation: either FIDO U2F or a mathematical > expression using conditions; > > 2° For any other operation: a mathematical expression using conditions. > > Given the operation selected by the client, the RS returns the appropriate > mathematical expression and only the associated conditions > used in that mathematical expression. The User may then decide whether > they are appropriate to him or not. > > In many jurisdictions there are regulations regarding what information > needs to be conveyed to a user, and potentially a consent requirement, > for example a site explaining its use of cookies -- but I don't see how > IETF would play a role in that. > > On a related note, the browsers attempted to standardize the username / > password prompt, and that has been rejected by pretty much every site. > The only site I've visited in the last decade that has used the browsers' > built in username / password prompt was the W3C site -- and it was a > frustrating > experience since there was no button for account recovery -- it would just > keep popping up. > > What I am proposing is unrelated to the two above cases you mention. > > Denis > > > > ᐧ > > On Thu, Aug 13, 2020 at 10:29 AM Denis <denis.ietf@free.fr> wrote: > >> Dick, >> >> I think Tom's objection, and I agree with it, is that humans don't >> interact in bits and bytes. >> >> I think it is useful to separate human interactions with software from >> software interactions with software. >> The latter we can standardize, the former we can call out as part of the >> overall process, but it is not something >> that is testable or required for interop, so I would argue human to >> software interactions are NOT part of the protocol. >> >> I disagree. A set of a choices should be presented by the RS to the >> Client in a standardized way. The choices made by the user >> should be locally recorded by the Client, hence the RS does not need to >> be informed of these choices. The RS will only know >> the end result of these choices when/if it gets back one or more access >> tokens. >> >> Human to software interactions should be part of the protocol. >> >> RS to Client: a set of choices >> >> Client to RS: Done (choices have been done by the user). >> >> Denis >> >> >> >> ᐧ >> >> On Thu, Aug 13, 2020 at 8:11 AM Justin Richer <jricher@mit.edu> wrote: >> >>> It’s a role fulfilled by a person, so I’m not sure where the objection >>> you’re raising comes from. >>> >>> Also, whatever roles we define here, whether software or human-ware, >>> they need to be related to the protocol. >>> >>> — Justin >>> >>> On Aug 13, 2020, at 10:59 AM, Tom Jones <thomasclinganjones@gmail.com> >>> wrote: >>> >>> I strong object to the objectification of human users. It is way past >>> time that the IETF becaume user oriented instead of web service oriented. >>> users are human in my language. >>> Peace ..tom >>> >>> >>> On Tue, Aug 11, 2020 at 4:38 PM Justin Richer <jricher@mit.edu> wrote: >>> >>>> If defined as the party operating the client software, then the user is >>>> a role. I believe this is more accurate and inclusive than the definition >>>> you have proposed with the user as an entity. >>>> >>>> - Justin >>>> ________________________________________ >>>> From: Dick Hardt [dick.hardt@gmail.com] >>>> Sent: Tuesday, August 11, 2020 6:21 PM >>>> To: Francis Pouatcha >>>> Cc: Justin Richer; Denis; Benjamin James Kaduk; txauth@ietf.org >>>> Subject: Re: [GNAP] [Txauth] Revisiting the photo sharing example (a >>>> driving use case for the creation of OAuth) >>>> >>>> Hi Francis >>>> >>>> The user is an entity, not a role in the protocol in how I am defining >>>> roles, so steps (1) and (7) are confusing to me on what is happening. >>>> >>>> I also think that (2) could be an extension to GNAP, rather than part >>>> of the core protocol. >>>> >>>> >>>> >>>> >>>> >>>> On Mon, Aug 10, 2020 at 8:04 PM Francis Pouatcha <fpo@adorsys.de >>>> <mailto:fpo@adorsys.de>> wrote: >>>> In this context, I suggest we pick some words to work with, and sharpen >>>> them as we move on, discover and map new use cases to the protocol. >>>> >>>> In this diagram from the original thread ( >>>> https://mailarchive.ietf.org/arch/msg/txauth/IaSLC_72_KimjOBJqdmQY-JOGNw/), >>>> I replaced the words: >>>> >>>> +-----------+ +--------------+ +----+ +----+ >>>> +---------------------+ >>>> | Requestor | | Orchestrator | | | | GS | | Resource >>>> Controller | >>>> | was | | was | | RS | | or | | was >>>> | >>>> | User | | Client | | | | AS | | Resource >>>> Owner | >>>> +-----------+ +--------------+ +----+ +----+ >>>> +---------------------+ >>>> |(1) ServiceRequest | | | | >>>> |---------------------->| | | | >>>> | |(2) ServiceIntent:AuthZChallenge | >>>> | |<---------->| | | >>>> | | | | | >>>> | |(3) AuthZRequest(AuthZChallenge) | >>>> | |------------------->| | >>>> | | | |(4) ConsentRequest:Grant >>>> | | | |<-------------->| >>>> | |(5) GrantAccess(AuthZ) | >>>> | |<-------------------| | >>>> | | | | | >>>> | |(6) ServiceRequest(AuthZ):ServiceResponse >>>> | |<---------->| | | >>>> |(7) ServiceResponse | | | | >>>> |<----------------------| | | | >>>> + + + + + >>>> >>>> The purpose of the GNAP protocol is to help negotiate access to a >>>> protected resource. It starts with a requestor delegating activity to an >>>> orchestrator. These are all roles, no entities. Let focus on mapping the >>>> use cases to the protocol roles and interactions so wwe can discover what >>>> is missing. >>>> >>>> It seems cumbersome to use it in discussions as it is impossible to >>>> give the word "Client" a clear definition. >>>> >>>> We can mention in the final document, that the "Orchestrator" (or >>>> whatever word we finally use) plays the same role as the "Client" in oAuth2. >>>> >>>> Best regards. >>>> /Francis >>>> >>>> >>>> >>>> >>>> >>>> On Wed, Aug 5, 2020 at 9:05 PM Dick Hardt <dick.hardt@gmail.com<mailto: >>>> dick.hardt@gmail.com>> wrote: >>>> I agree with Justin. Redefining well used terms will lead to >>>> significant confusion. If we have a different role than what we have had in >>>> the past, then that role should have a name not being used already in OAuth >>>> or OIDC. >>>> >>>> Given what we have learned, and my own experience explaining what a >>>> Client is, and is not, improving the definition for Client could prove >>>> useful. I am not suggesting the term be redefined, but clarified. >>>> >>>> For example, clarifying that a Client is a role an entity plays in the >>>> protocol, and that the same entity may play other roles at other times, or >>>> some other language to help differentiate between "role" and "entity". >>>> >>>> /Dick >>>> [ >>>> https://mailfoogae.appspot.com/t?sender=aZGljay5oYXJkdEBnbWFpbC5jb20%3D&type=zerocontent&guid=e48e13f4-2306-4d7c-8654-d50e00dbac3a]ᐧ >>>> <https://mailfoogae.appspot.com/t?sender=aZGljay5oYXJkdEBnbWFpbC5jb20%3D&type=zerocontent&guid=e48e13f4-2306-4d7c-8654-d50e00dbac3a]%E1%90%A7> >>>> >>>> On Wed, Aug 5, 2020 at 8:20 AM Justin Richer <jricher@mit..edu<mailto: >>>> jricher@mit.edu>> wrote: >>>> I’m in favor of coming up with a new term that’s a better fit, but I’m >>>> not really in favor of taking an existing term and applying a completely >>>> new definition to it. In other words, I would sooner stop using “client” >>>> and come up with a new, more specific and accurate term for the role than >>>> to define “client” as meaning something completely different. We did this >>>> in going from OAuth 1 to OAuth 2 already, moving from the >>>> even-more-confusing “consumer” to “client”, but OAuth 2 doesn’t use the >>>> term “consumer” at all, nor does it use “server” on its own but instead >>>> always qualifies it with “Authorization Server” and “Resource Server”. >>>> >>>> GNAP can do something similar, in my opinion. But what we can’t do is >>>> ignore the fact that GNAP is going to be coming up in a world that is >>>> already permeated by OAuth 2 and its terminology. We don’t have a blank >>>> slate to work with, but neither are we bound to use the same terms and >>>> constructs as before. It’s going to be a delicate balance! >>>> >>>> — Justin >>>> >>>> On Aug 4, 2020, at 3:32 PM, Warren Parad <wparad@rhosys.ch<mailto: >>>> wparad@rhosys.ch>> wrote: >>>> >>>> I think that is fundamentally part of the question: >>>> We are clear that we are producing a protocol that is >>>> conceptually (if not more strongly) related to OAuth 2.0, and reusing >>>> terms >>>> from OAuth 2.0 but with different definitions may lead to unnecessary >>>> confusion >>>> >>>> If we say that this document assumes OAuth2.0 terminology, then we >>>> should not change the meanings of any definition. If we are saying this >>>> supersedes or replaces what OAuth 2.0 creates, then we should pick the best >>>> word for the job and ignore conflicting meanings from OAuth 2.0. I have a >>>> lot of first hand experience of industries "ruining words", and attempting >>>> to side-step the problem rather than redefining the word just confuses >>>> everyone as everyone forgets the original meaning as new documents come >>>> out, but the confusion with the use of a non-obvious word continues. >>>> >>>> Food for thought. >>>> - Warren >>>> >>>> [ >>>> https://lh6.googleusercontent.com/DNiDx1QGIrSqMPKDN1oKevxYuyVRXsqhXdfZOsW56Rf2A74mUKbAPtrJSNw4qynkSjoltWkPYdBhaZJg1BO45YOc1xs6r9KJ1fYsNHogY-nh6hjuIm9GCeBRRzrSc8kWcUSNtuA >>>> ] >>>> >>>> Warren Parad >>>> Founder, CTO >>>> >>>> Secure your user data and complete your authorization architecture. >>>> Implement Authress<https://bit..ly/37SSO1p>. >>>> >>>> >>>> On Tue, Aug 4, 2020 at 8:53 PM Benjamin Kaduk <kaduk@mit.edu<mailto: >>>> kaduk@mit.edu>> wrote: >>>> Hi Denis, >>>> >>>> On Tue, Aug 04, 2020 at 11:31:34AM +0200, Denis wrote: >>>> > Hi Justin, >>>> > >>>> > Since you replied in parallel, I will make a response similar to the >>>> one >>>> > I sent to Dick. >>>> > >>>> > > Hi Denis, >>>> > > >>>> > > I think there’s still a problem with the terminology in use here. >>>> What >>>> > > you describe as RS2, which might in fact be an RS unto itself, is a >>>> > > “Client” in OAuth parlance because it is /a client of RS1/. What you >>>> > > call a “client” has no analogue in the OAuth world, but it is not at >>>> > > all the same as an OAuth client. I appreciate your mapping of the >>>> > > entities below, but it makes it difficult to hold a discussion if we >>>> > > aren’t using the same terms. >>>> > > >>>> > > The good news is that this isn’t OAuth, and as a new WG we can >>>> define >>>> > > our own terms. The bad news is that this is really hard to do. >>>> > > >>>> > > In GNAP, we shouldn’t just re-use existing terms with new >>>> definitions, >>>> > > but we’ve got a chance to be more precise with how we define things. >>>> > >>>> > In the ISO context, each document must define its own terminology. The >>>> > boiler plate for RFCs does not mandate a terminology or definitions >>>> section >>>> > but does not prevent it either. The vocabulary is limited and as long >>>> as >>>> > we clearly define what our terms are meaning, we can re-use a term >>>> already >>>> > used in another RFC. This is also the ISO approach. >>>> >>>> Just because we can do something does not necessarily mean that it is a >>>> good idea to do so. We are clear that we are producing a protocol that >>>> is >>>> conceptually (if not more strongly) related to OAuth 2.0, and reusing >>>> terms >>>> from OAuth 2.0 but with different definitions may lead to unnecessary >>>> confusion. If I understand correctly, a similar reasoning prompted >>>> Dick to >>>> use the term "GS" in XAuth, picking a name that was not already used in >>>> OAuth 2.0. >>>> >>>> -Ben >>>> >>>> -- >>>> Txauth mailing list >>>> Txauth@ietf.org<mailto:Txauth@ietf.org> >>>> https://www.ietf.org/mailman/listinfo/txauth >>>> -- >>>> Txauth mailing list >>>> Txauth@ietf.org<mailto:Txauth@ietf.org> >>>> https://www.ietf.org/mailman/listinfo/txauth >>>> >>>> -- >>>> TXAuth mailing list >>>> TXAuth@ietf.org<mailto:TXAuth@ietf.org> >>>> https://www.ietf.org/mailman/listinfo/txauth >>>> -- >>>> TXAuth mailing list >>>> TXAuth@ietf.org<mailto:TXAuth@ietf.org> >>>> https://www.ietf.org/mailman/listinfo/txauth >>>> >>>> >>>> -- >>>> Francis Pouatcha >>>> Co-Founder and Technical Lead >>>> adorsys GmbH & Co. KG >>>> https://adorsys-platform.de/solutions/ >>>> -- >>>> TXAuth mailing list >>>> TXAuth@ietf.org >>>> https://www.ietf.org/mailman/listinfo/txauth >>>> >>> >>> >> -- >> TXAuth mailing list >> TXAuth@ietf.org >> https://www.ietf.org/mailman/listinfo/txauth >> > > -- > TXAuth mailing list > TXAuth@ietf.org > https://www.ietf.org/mailman/listinfo/txauth > -- Francis Pouatcha Co-Founder and Technical Lead adorsys GmbH & Co. KG https://adorsys-platform.de/solutions/
- [Txauth] Revisiting the photo sharing example (a … Denis
- Re: [Txauth] Revisiting the photo sharing example… Dick Hardt
- Re: [Txauth] Revisiting the photo sharing example… Justin Richer
- Re: [Txauth] Revisiting the photo sharing example… Tom Jones
- Re: [Txauth] Revisiting the photo sharing example… Denis
- Re: [Txauth] Revisiting the photo sharing example… Denis
- Re: [Txauth] Revisiting the photo sharing example… Justin Richer
- Re: [Txauth] Revisiting the photo sharing example… Dick Hardt
- Re: [Txauth] Revisiting the photo sharing example… Dick Hardt
- Re: [Txauth] Revisiting the photo sharing example… Benjamin Kaduk
- Re: [Txauth] Revisiting the photo sharing example… Warren Parad
- Re: [GNAP] [Txauth] Revisiting the photo sharing … Fabien Imbault
- Re: [GNAP] Revisiting the photo sharing example (… Denis
- Re: [GNAP] [Txauth] Revisiting the photo sharing … Justin Richer
- Re: [GNAP] Revisiting the photo sharing example (… Dick Hardt
- Re: [GNAP] [Txauth] Revisiting the photo sharing … Dick Hardt
- [GNAP] Terminology Denis
- Re: [GNAP] Terminology Fabien Imbault
- Re: [GNAP] Terminology Dick Hardt
- Re: [GNAP] Terminology Justin Richer
- Re: [GNAP] Terminology Dick Hardt
- Re: [GNAP] Terminology Francis Pouatcha
- Re: [GNAP] [Txauth] Revisiting the photo sharing … Francis Pouatcha
- Re: [GNAP] Terminology Fabien Imbault
- Re: [GNAP] Terminology Dave Tonge
- Re: [GNAP] Terminology Tom Jones
- Re: [GNAP] Terminology Mike Jones
- Re: [GNAP] Terminology Denis
- Re: [GNAP] Terminology Dick Hardt
- Re: [GNAP] Terminology Justin Richer
- Re: [GNAP] Terminology Dick Hardt
- Re: [GNAP] Terminology Francis Pouatcha
- Re: [GNAP] Terminology Justin Richer
- Re: [GNAP] Terminology Dick Hardt
- Re: [GNAP] [Txauth] Revisiting the photo sharing … Dick Hardt
- Re: [GNAP] [Txauth] Revisiting the photo sharing … Francis Pouatcha
- Re: [GNAP] [Txauth] Revisiting the photo sharing … Dick Hardt
- Re: [GNAP] [Txauth] Revisiting the photo sharing … Justin Richer
- Re: [GNAP] [Txauth] Revisiting the photo sharing … Francis Pouatcha
- Re: [GNAP] [Txauth] Revisiting the photo sharing … Dick Hardt
- Re: [GNAP] [Txauth] Revisiting the photo sharing … Francis Pouatcha
- Re: [GNAP] [Txauth] Revisiting the photo sharing … Denis
- Re: [GNAP] [Txauth] Revisiting the photo sharing … Justin Richer
- Re: [GNAP] Terminology Justin Richer
- Re: [GNAP] [Txauth] Revisiting the photo sharing … Denis
- Re: [GNAP] Terminology Dick Hardt
- Re: [GNAP] Terminology Fabien Imbault
- Re: [GNAP] [Txauth] Revisiting the photo sharing … Dick Hardt
- Re: [GNAP] [Txauth] Revisiting the photo sharing … Justin Richer
- Re: [GNAP] Terminology Justin Richer
- Re: [GNAP] Terminology Fabien Imbault
- Re: [GNAP] Terminology Justin Richer
- Re: [GNAP] [Txauth] Revisiting the photo sharing … Francis Pouatcha
- Re: [GNAP] Terminology Fabien Imbault
- Re: [GNAP] Terminology Dave Tonge
- Re: [GNAP] [Txauth] Revisiting the photo sharing … Denis
- Re: [GNAP] Terminology Fabien Imbault
- Re: [GNAP] [Txauth] Revisiting the photo sharing … Denis
- Re: [GNAP] [Txauth] Revisiting the photo sharing … Dick Hardt
- Re: [GNAP] Terminology Denis
- Re: [GNAP] [Txauth] Revisiting the photo sharing … Denis
- Re: [GNAP] [Txauth] Revisiting the photo sharing … Justin Richer
- Re: [GNAP] Terminology Fabien Imbault
- Re: [GNAP] [Txauth] Revisiting the photo sharing … Tom Jones
- Re: [GNAP] [Txauth] Revisiting the photo sharing … Justin Richer
- Re: [GNAP] [Txauth] Revisiting the photo sharing … Justin Richer
- Re: [GNAP] [Txauth] Revisiting the photo sharing … Fabien Imbault
- Re: [GNAP] [Txauth] Revisiting the photo sharing … Dick Hardt
- Re: [GNAP] [Txauth] Revisiting the photo sharing … Dick Hardt
- Re: [GNAP] [Txauth] Revisiting the photo sharing … Dick Hardt
- Re: [GNAP] [Txauth] Revisiting the photo sharing … Justin Richer
- Re: [GNAP] [Txauth] Revisiting the photo sharing … Fabien Imbault
- Re: [GNAP] [Txauth] Revisiting the photo sharing … Dick Hardt
- Re: [GNAP] [Txauth] Revisiting the photo sharing … Justin Richer
- Re: [GNAP] [Txauth] Revisiting the photo sharing … Dick Hardt
- Re: [GNAP] [Txauth] Revisiting the photo sharing … Tom Jones
- Re: [GNAP] [Txauth] Revisiting the photo sharing … Denis
- Re: [GNAP] [Txauth] Revisiting the photo sharing … Denis
- Re: [GNAP] [Txauth] Revisiting the photo sharing … Justin Richer
- Re: [GNAP] [Txauth] Revisiting the photo sharing … Dick Hardt
- Re: [GNAP] [Txauth] Revisiting the photo sharing … Francis Pouatcha
- Re: [GNAP] [Txauth] Revisiting the photo sharing … Dick Hardt
- Re: [GNAP] [Txauth] Revisiting the photo sharing … Dave Tonge
- Re: [GNAP] [Txauth] Revisiting the photo sharing … Fabien Imbault
- Re: [GNAP] Terminology Denis
- [GNAP] User consent Denis
- [GNAP] User consent Denis
- Re: [GNAP] Terminology Fabien Imbault
- Re: [GNAP] [Txauth] Revisiting the photo sharing … Justin Richer
- Re: [GNAP] Terminology Justin Richer
- Re: [GNAP] Terminology - into Github Issues Francis Pouatcha
- Re: [GNAP] Terminology - into Github Issues Denis
- Re: [GNAP] User consent Francis Pouatcha
- Re: [GNAP] User consent Tom Jones
- Re: [GNAP] User consent Denis
- Re: [GNAP] User consent Denis
- Re: [GNAP] User consent Francis Pouatcha
- Re: [GNAP] Terminology Tom Jones
- Re: [GNAP] Terminology - into Github Issues Fabien Imbault
- Re: [GNAP] Terminology - into Github Issues Warren Parad
- Re: [GNAP] User consent Dick Hardt
- Re: [GNAP] Terminology Dick Hardt
- Re: [GNAP] Terminology Fabien Imbault
- Re: [GNAP] User consent Fabien Imbault
- Re: [GNAP] [Txauth] Revisiting the photo sharing … Fabien Imbault
- Re: [GNAP] [Txauth] Revisiting the photo sharing … Justin Richer
- Re: [GNAP] [Txauth] Revisiting the photo sharing … Fabien Imbault