[Openid-specs-mobile-profile] OIDC Mobile profile call March 11th: preliminary notes
t.lodderstedt at telekom.de
Wed Mar 11 16:38:54 UTC 2015
please find below the preliminary minutes of our call for your review.
Bjorn Helm (partially)
Reports from MWC (John, Jörg, Gonzalo)
- some demonstrations of mobile connect
- all used SIM-based authentication (SIM Applet or USSD)
- most were based on solutions of Ericsson and WSO2
- some operators are mostly interested to replace SMS PIN codes by SIM-based authentication, no identity proving
- Orange wants to use SIM applet for Orange services, e.g. customer service agent sending gathering confirmations that way
- Discussions with David Pollington regarding convergence between GSMA work and our work. We need to finish work on at least registration first before we can start a discussion.
WG Documents (all)
- Given the conclusion above, we now focus on registration and produce a new revision of the discovery
- Work on authentication is suspended until we finalized this work
- Jörg and John will set up a call with Bjorn to plan further work
New Topic: Service provider wants to influence message on the device (Gonzalo)
- Use case: bank uses Mobile Connect to access secure 2nd factor, bank wants to show to the user a message related to the actual transaction on the device
- Key question: how to sanitize such a message in order to prevent injection attacks?
- Put it in the requirements list
DEUTSCHE TELEKOM AG
Products & Innovation
Dr.-Ing. Torsten Lodderstedt
Head of Development
T-Online Allee 1, 64295 Darmstadt
+49 6151 680 7038 (Tel.)
E-Mail: t.lodderstedt at telekom.de<mailto:t.lodderstedt at telekom.de>
ERLEBEN, WAS VERBINDET.
Die gesetzlichen Pflichtangaben finden Sie unter:
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Openid-specs-mobile-profile