[Openid-specs-mobile-profile] OIDC Mobile profile call Nov 5th: preliminary notes

Lodderstedt, Torsten t.lodderstedt at telekom.de
Wed Nov 5 17:14:59 UTC 2014

Hi all,

please find below the draft minutes of today's call.

Best regards,

Philippe Clement, Orange
Bjorn Hjelm, Verizon Wireless
John Bradley, Ping Identity
Torsten Lodderstedt, Deutsche Telekom

Discovery - Discussion about way forward and content of discovery spec - results:
- explanation of assumptions
  - discovery service across MNOs needed
  - different deployment options shall be supported (e.g. global provided by GSMA OneAPI Exchange, local per market or group of operators)
  - all deplyoments shall speak the same protocol (that's the scope of our WG)
- different needs/capabilities for different types of apps (native vs. web)
- basic discovery options - mnc/mcc, IP, MSISDN
- add on 1 - account chooser (probably pre-populated)
  - allows user to directly select account with operator
  - RP is directly provided with MNOs issuer URL
  - no additional discovery step required, no need to enter further data (such as MSISDN) -> privacy and convenient
  - approach is best suited for Web Apps
  - account chooser could also offer an option to add MNO account to the list -> privacy (disovery data is only entered in account chooser)
- add on 2 - UI for entering MSISDN/selecting Operator
  - no real improvement as App can get access to the MSISDN anyway + entering an MSISDN is a user consent
- returning a privacy protected login hint (e.g. encrypted MSISDN) to improve user experience in the login flow
- authorization: not neccessary (as long as there are no respective business requirements)
- discovery shall be independent of client credential management
- John will draft a first version next week

Dyn. Registration
Bjorn will outline options & questions and we will discuss it on the list (and/or in the next call)

Products & Innovation
Dr.-Ing. Torsten Lodderstedt
Head of Development
Customer Platforms
T-Online Allee 1, 64295 Darmstadt
+49 6151 680 7038 (Tel.)
E-Mail: t.lodderstedt at telekom.de<mailto:t.lodderstedt at telekom.de>
Die gesetzlichen Pflichtangaben finden Sie unter:

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-mobile-profile/attachments/20141105/1bcfd766/attachment.html>

More information about the Openid-specs-mobile-profile mailing list