[Openid-specs-mobile-profile] OIDC Mobile profile call March 11th: preliminary notes

Lodderstedt, Torsten t.lodderstedt at telekom.de
Wed Mar 11 16:38:54 UTC 2015


Hi all

please find below the preliminary minutes of our call for your review.

Best regards,
Torsten.
-----------------------------
John Bradley
Gonzalo Fernandéz
Ian Deakin
Michael Egan
Torsten Lodderstedt
Bjorn Helm (partially)

Reports from MWC (John, Jörg, Gonzalo)

-          some demonstrations of mobile connect

-          all used SIM-based authentication (SIM Applet or USSD)

-          most were based on solutions of Ericsson and WSO2

-          some operators are mostly interested to replace SMS PIN codes by SIM-based authentication, no identity proving

-          Orange wants to use SIM applet for Orange services, e.g. customer service agent sending gathering confirmations that way

-          Discussions with David Pollington regarding convergence between GSMA work and our work. We need to finish work on at least registration first before we can start a discussion.
WG Documents (all)

-          Given the conclusion above, we now focus on registration and produce a new revision of the discovery

-          Work on authentication is suspended until we finalized this work

-          Jörg and John will set up a call with Bjorn to plan further work
New Topic: Service provider wants to influence message on the device (Gonzalo)

-          Use case: bank uses Mobile Connect to access secure 2nd factor, bank wants to show to the user a message related to the actual transaction on the device

-          Key question: how to sanitize such a message in order to prevent injection attacks?

-          Put it in the requirements list

DEUTSCHE TELEKOM AG
Products & Innovation
Dr.-Ing. Torsten Lodderstedt
Head of Development
Customer Platforms
T-Online Allee 1, 64295 Darmstadt
+49 6151 680 7038 (Tel.)
E-Mail: t.lodderstedt at telekom.de<mailto:t.lodderstedt at telekom.de>
www.telekom.com<http://www.telekom.com>

ERLEBEN, WAS VERBINDET.

Die gesetzlichen Pflichtangaben finden Sie unter:
www.telekom.com/pflichtangaben<http://www.telekom.com/pflichtangaben>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-mobile-profile/attachments/20150311/d9f2846f/attachment-0001.html>


More information about the Openid-specs-mobile-profile mailing list