[Openid-specs-mobile-profile] MODRNA WG call June 17th: final notes

Lodderstedt, Torsten t.lodderstedt at telekom.de
Tue Jun 30 11:57:01 UTC 2015


Hi all,

please find below the notes of the WG call of June 17th.

Best regards,
Torsten.


Participants:

-          John Bradley

-          Nat Sakimura

-          Jörg Connotte

-          Sebastian Ebling

-          Matthieu Verdier

Brief presentation of the new version of the discovery flows. John will review it and give feedback to Torsten.

We afterwards discussed two the authentication topics with highest priority.

Encrypted Login Hint:

-          reduce the claims to MSISDN, iss, aud, and iat

-          JWT is encrypted with public key of MNO JWT and signed with private key of issuer

-          login_hint_token is moved to authentication spec

Context parameter

-          request object is used to protect context data from being modified/eavesdropped

-          Current text covers two different use cases

1.       give a context for a authentication transaction (login on PC at home) and

2.       authorize a certain transaction (e.g. payment tx for a certain amount)

-          We need to discuss whether we use the same parameter to enable both use cases or different parameters. Discussion will be continued on the list (Jörg will post a use case description).

DEUTSCHE TELEKOM AG
Products & Innovation
Dr.-Ing. Torsten Lodderstedt
Leiter Technology Enabling Platforms
T-Online Allee 1, 64295 Darmstadt
+49 6151 680 7038 (Tel.)
E-Mail: t.lodderstedt at telekom.de<mailto:t.lodderstedt at telekom.de>
www.telekom.com<http://www.telekom.com>
ERLEBEN, WAS VERBINDET.
Die gesetzlichen Pflichtangaben finden Sie unter:
www.telekom.com/pflichtangaben<http://www.telekom.com/pflichtangaben>



DEUTSCHE TELEKOM AG
Digital Business Unit
Dr.-Ing. Torsten Lodderstedt
Leiter Technology Enabling Platforms
T-Online Allee 1, 64295 Darmstadt
+49 6151 680 7038 (Tel.)
E-Mail: t.lodderstedt at telekom.de<mailto:t.lodderstedt at telekom.de>
www.telekom.com<http://www.telekom.com>

ERLEBEN, WAS VERBINDET.

Die gesetzlichen Pflichtangaben finden Sie unter:
www.telekom.com/pflichtangaben<http://www.telekom.com/pflichtangaben>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-mobile-profile/attachments/20150630/4890407c/attachment.html>


More information about the Openid-specs-mobile-profile mailing list