[Openid-specs-mobile-profile] Issue #1: Context

Torsten Lodderstedt torsten at lodderstedt.net
Wed Jul 1 18:51:12 UTC 2015


Hi Jörg

I agree with your description. Moreover, I think use case #2 also may require to sign an answer using key material associated with the user in order to prove user consent and assure none-repudation. I therefore think this use case should be factored out and folded into the requirement for "data to be signed".

kind regards,
Torsten.



> Am 01.07.2015 um 09:52 schrieb Connotte, Joerg <j.connotte at telekom.de>:
> 
> Hi all,
>  
> in our last call we had a lengthy discussion about Issue #1.
>  
> In my opinion we are talking about two different use cases where context is useful. But the requirements about the context are very different for those use cases
>  
> 1)      Context for authentication/login. Here the purpose of the context is to create an interlock between the consumption device and the authentication device to allow the user to make sure that the request to log in really comes from a process he himself initiated on the consumption device. To facilitate this some nonsense text would be sufficient. In any case there is no need to have a structured context or some mechanisms to process the context besides show the context-text on the authentication device AND the consumption device.
> 2)      Context to authorize business transactions (e.g. payment transactions). Here the purpose of the context is to make sure that the user is aware that he has to authorize a certain transaction which does not necessary include a primary authentication. This implies that the context is highly structured and is processed in the IdP. For example for a payment transaction the IdP has to understand that this is a payment transaction and has to store context (and possibly the whole transaction) to allow for non-repudiation issues.
>  
> What do you think?
>  
> Kind Regards
> Jörg Connotte 
>  
>  
> DEUTSCHE TELEKOM AG
> Products & Innovation
> Jörg Connotte
> Customer Platforms
> T-Online-Allee 1, 64295 Darmstadt
> +49 6151 680-7288 (Tel.)
> +49 151 184-15517 (Mobil)
> E-Mail: j.connotte at telekom.de
> www.telekom.com
>  
> LIFE IS FOR SHARING. 
>  
> You can find the obligatory information on www.telekom.com/compulsory-statement
>  
> BIG CHANGES START SMALL – CONSERVE RESOURCES BY NOT PRINTING EVERY E-MAIL.
>  
> _______________________________________________
> Openid-specs-mobile-profile mailing list
> Openid-specs-mobile-profile at lists.openid.net
> http://lists.openid.net/mailman/listinfo/openid-specs-mobile-profile
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-mobile-profile/attachments/20150701/40494d0b/attachment-0001.html>


More information about the Openid-specs-mobile-profile mailing list