[Openid-specs-mobile-profile] OIDC Mobile profile call Nov 19th: preliminary notes

philippe.clement at orange.com philippe.clement at orange.com
Mon Nov 24 17:31:04 UTC 2014


Dear all,

Please accept my apologies for not attending this last call on Wednesday.
I was stuck in a Digital Identity Seminar at the MEDEF, the largest entrepreneur network in France. I had intended to escape for our call, but the doors were well guarded (;-)

I've read with a great interest the topics you discussed, and I'm pretty in line with considering to extend scope of WG to cover attributes/claims/scopes

Regarding "Discussion about LOAs,AMRs , ACRs" is the question to approach a taxonomy, or at least a 2 level structure of concrete LOA/acr ?

-          I must admit that only 4 LOAs (or 3 on an european eIDAS approach) are too few for the RP and for the Ops that could build commercial offers comprising detailed authentication means

Kind regards,
Philippe


De : Openid-specs-mobile-profile [mailto:openid-specs-mobile-profile-bounces at lists.openid.net] De la part de Lodderstedt, Torsten
Envoyé : mercredi 19 novembre 2014 18:03
À : openid-specs-mobile-profile at lists.openid.net
Objet : [Openid-specs-mobile-profile] OIDC Mobile profile call Nov 19th: preliminary notes

Participants;

Jörg Connotte (Deutsche Telekom)
Sebastian Ebling (Deutsche Telekom)
Roland Hedberg (Umeå University)
John Bradley (Ping)
Gozalo Fernander Rodriguez (Telefonica)
Michael Engan (T-Mobile US)

Discussion of John's discovery proposal

-          Discovery for web apps based on a redirect protocol (OAuth) with special scope

-          Main motivation - "use what's already there" - mechanisms prevent e.g. open redirectors

-          Additionally, describe usage of account chooser to further stream line discovery/login process

-          John will document proposal in mobile discovery spec
Discussion about usage of login_hint, id_token_hint

-          Different use cases (prefilling username vs. enforce re-login for known user account/known subject)

-          Jörg will prepare description of what to use for which purpose
Gonzalo mentioned new project item "attribute providing" at GSMA mobile connect project

-          Could consider to extend scope of WG to cover attributes/claims/scopes
Discussion about LOAs,AMRs , ACRs

-          Difficult topic as RPs seem to get to know detailed information regarding authenticators which somehow contradicts abstraction introduced by ACRs

-          Providing RPs with detaillied information will probably result in hundreds (if not thousands) of ACR or AMR values - limits agility and interop

-          Could try to define reasonable ACR (not directly adopt e.g. ISO LOAs)

_________________________________________________________________________________________________________________________

Ce message et ses pieces jointes peuvent contenir des informations confidentielles ou privilegiees et ne doivent donc
pas etre diffuses, exploites ou copies sans autorisation. Si vous avez recu ce message par erreur, veuillez le signaler
a l'expediteur et le detruire ainsi que les pieces jointes. Les messages electroniques etant susceptibles d'alteration,
Orange decline toute responsabilite si ce message a ete altere, deforme ou falsifie. Merci.

This message and its attachments may contain confidential or privileged information that may be protected by law;
they should not be distributed, used or copied without authorisation.
If you have received this email in error, please notify the sender and delete this message and its attachments.
As emails may be altered, Orange is not liable for messages that have been modified, changed or falsified.
Thank you.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-mobile-profile/attachments/20141124/992df19b/attachment.html>


More information about the Openid-specs-mobile-profile mailing list