[Openid-specs-mobile-profile] OIDC Mobile profile call Nov 19th: preliminary notes

Lodderstedt, Torsten t.lodderstedt at telekom.de
Wed Nov 19 17:02:54 UTC 2014


Jörg Connotte (Deutsche Telekom)
Sebastian Ebling (Deutsche Telekom)
Roland Hedberg (Umeå University)
John Bradley (Ping)
Gozalo Fernander Rodriguez (Telefonica)
Michael Engan (T-Mobile US)

Discussion of John's discovery proposal

-          Discovery for web apps based on a redirect protocol (OAuth) with special scope

-          Main motivation - "use what's already there" - mechanisms prevent e.g. open redirectors

-          Additionally, describe usage of account chooser to further stream line discovery/login process

-          John will document proposal in mobile discovery spec
Discussion about usage of login_hint, id_token_hint

-          Different use cases (prefilling username vs. enforce re-login for known user account/known subject)

-          Jörg will prepare description of what to use for which purpose
Gonzalo mentioned new project item "attribute providing" at GSMA mobile connect project

-          Could consider to extend scope of WG to cover attributes/claims/scopes
Discussion about LOAs,AMRs , ACRs

-          Difficult topic as RPs seem to get to know detailed information regarding authenticators which somehow contradicts abstraction introduced by ACRs

-          Providing RPs with detaillied information will probably result in hundreds (if not thousands) of ACR or AMR values - limits agility and interop

-          Could try to define reasonable ACR (not directly adopt e.g. ISO LOAs)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-mobile-profile/attachments/20141119/105b31d0/attachment.html>

More information about the Openid-specs-mobile-profile mailing list