[Openid-specs-fapi] [Bitbucket] Issue #127: CIBA: security issues (openid/fapi)

Tom Jones thomasclinganjones at gmail.com
Tue Nov 28 16:12:31 UTC 2017

To be really clear then. Only the telco can support CIBA, correct?

Note that i voted against the MODRNA specs because, IMO, they do not uphold
the user consent requirements in OpenID Connect. For FAPI to endorse the
telco involvement in a financial transaction would exacerbate this failing.


Peace ..tom

On Tue, Nov 28, 2017 at 7:16 AM, Gonzalo Fernández <
issues-reply at bitbucket.org> wrote:

> [image: xixon2002]
> *Gonzalo Fernández* commented on issue #127:
> CIBA: security issues
> <https://bitbucket.org/openid/fapi/issues/127/ciba-security-issues>
> Hi Nat,
> Telcos companies do know the device associated with a user, in fact they
> use such information to improve customer care when he calls for something
> related with the device. As far as I know, when the terminal has been
> registered in the network, it sends the IMEI and thanks to that the
> operator is able to know the device and associated it to the MSISDN and
> IMSI because at this time it also has that information.
> View this issue
> <https://bitbucket.org/openid/fapi/issues/127/ciba-security-issues> or
> add a comment by replying to this email.
> Unsubscribe from issue emails
> <https://bitbucket.org/api/1.0/repositories/openid/fapi/issue/127/unsubscribe/tomcjones/f30a0030618b6476696b7a6f4abe3a0090d0f6ad/>
> for this repository. [image: Bitbucket] <https://bitbucket.org>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-fapi/attachments/20171128/0d3431bf/attachment.html>

More information about the Openid-specs-fapi mailing list