[Openid-specs-mobile-profile] Issue #13: Encrypted login hint (openid/mobile)

Torsten Lodderstedt issues-reply at bitbucket.org
Sun Jun 7 17:15:19 UTC 2015


New issue 13: Encrypted login hint
https://bitbucket.org/openid/mobile/issue/13/encrypted-login-hint

Torsten Lodderstedt:

The discovery service may ask the user for her MSISDN in order to determin the user's MNO. If available, this data shall be passed to the OP via the RP. In order to preserve privacy, this MSISDN shall not be shipped in the clear but as an encrypted parameter. 

The MODRNA profile shall define an extension parameter to allow the RP to pass this data as additional hint to the OP.

Idea: disocvery service returns MSISDN in an encrypted JWT. This JWT is sent to the OP using a new parameter login_hint_jwt. 

Responsible: Eisiphone


More information about the Openid-specs-mobile-profile mailing list