[Openid-specs-fapi] [E] Re: [Bitbucket] Issue #127: CIBA: security issues (openid/fapi)

Wed Dec 6 15:15:15 UTC 2017

Tom,
I’m not sure I understand the reasoning behind the statement that “only the telco can support CIBA”?

BR,
Bjorn

From: Openid-specs-fapi [mailto:openid-specs-fapi-bounces at lists.openid.net] On Behalf Of Tom Jones via Openid-specs-fapi
Sent: Tuesday, November 28, 2017 8:13 AM
To: Gonzalo Fernández; Financial API Working Group List
Cc: Tom Jones
Subject: [E] Re: [Openid-specs-fapi] [Bitbucket] Issue #127: CIBA: security issues (openid/fapi)

To be really clear then. Only the telco can support CIBA, correct?

Note that i voted against the MODRNA specs because, IMO, they do not uphold the user consent requirements in OpenID Connect. For FAPI to endorse the telco involvement in a financial transaction would exacerbate this failing.

..tom

Peace ..tom

On Tue, Nov 28, 2017 at 7:16 AM, Gonzalo Fernández <issues-reply at bitbucket.org<mailto:issues-reply at bitbucket.org>> wrote:
[xixon2002]

Gonzalo Fernández commented on issue #127:

CIBA: security issues<https://urldefense.proofpoint.com/v2/url?u=https-3A__bitbucket.org_openid_fapi_issues_127_ciba-2Dsecurity-2Dissues&d=DwMFaQ&c=udBTRvFvXC5Dhqg7UHpJlPps3mZ3LRxpb6__0PomBTQ&r=NMZJHCV8pjvGIH2fTx9z6l7g7-V-a2xW7ISf9uHdz0A&m=WKKL3u2bCFK_S3-cdUcTpKtFv6WtIOfgf-q9kODpVaE&s=1KCgOH0C_ZjNSl2pUFYoN-ZeFnwsk7z276YIIeSRdfs&e=>

Hi Nat,

Telcos companies do know the device associated with a user, in fact they use such information to improve customer care when he calls for something related with the device. As far as I know, when the terminal has been registered in the network, it sends the IMEI and thanks to that the operator is able to know the device and associated it to the MSISDN and IMSI because at this time it also has that information.

View this issue<https://urldefense.proofpoint.com/v2/url?u=https-3A__bitbucket.org_openid_fapi_issues_127_ciba-2Dsecurity-2Dissues&d=DwMFaQ&c=udBTRvFvXC5Dhqg7UHpJlPps3mZ3LRxpb6__0PomBTQ&r=NMZJHCV8pjvGIH2fTx9z6l7g7-V-a2xW7ISf9uHdz0A&m=WKKL3u2bCFK_S3-cdUcTpKtFv6WtIOfgf-q9kODpVaE&s=1KCgOH0C_ZjNSl2pUFYoN-ZeFnwsk7z276YIIeSRdfs&e=> or add a comment by replying to this email.

Unsubscribe from issue emails<https://urldefense.proofpoint.com/v2/url?u=https-3A__bitbucket.org_api_1.0_repositories_openid_fapi_issue_127_unsubscribe_tomcjones_f30a0030618b6476696b7a6f4abe3a0090d0f6ad_&d=DwMFaQ&c=udBTRvFvXC5Dhqg7UHpJlPps3mZ3LRxpb6__0PomBTQ&r=NMZJHCV8pjvGIH2fTx9z6l7g7-V-a2xW7ISf9uHdz0A&m=WKKL3u2bCFK_S3-cdUcTpKtFv6WtIOfgf-q9kODpVaE&s=LWBWzL1lZYI5dP20SHpqmtpQqIJpGAGmuCXgVJnh63w&e=> for this repository.

[Bitbucket]<https://urldefense.proofpoint.com/v2/url?u=https-3A__bitbucket.org&d=DwMFaQ&c=udBTRvFvXC5Dhqg7UHpJlPps3mZ3LRxpb6__0PomBTQ&r=NMZJHCV8pjvGIH2fTx9z6l7g7-V-a2xW7ISf9uHdz0A&m=WKKL3u2bCFK_S3-cdUcTpKtFv6WtIOfgf-q9kODpVaE&s=JBjIAgmVopP8Hh1TctI1LpWKdM7jwJZRmYSJ7BaZo54&e=>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-fapi/attachments/20171206/15478ed5/attachment.html>