[Openid-specs-mobile-profile] MODRNA WG Call

Torsten Lodderstedt torsten at lodderstedt.net
Sun Jul 19 16:43:37 UTC 2015


Hi Bjorn,

wrt "new application": sounds reasonable
wrt signing algorithm(s): I think we need to decide on (and state) the 
supported (or better mandatory to implement) algorithms for interop 
reasons. Otherwise, a receiver must implement each and every alg in 
order to be compatible with every potential client. I also think we need 
to somehow describe how the receiver is supposed to obtain key material 
needed to verify the statement's signature. We need a similar decision 
for the login token hint. So what is the opinion of other WG members?

best regards,
Torsten.

Am 18.07.2015 um 00:41 schrieb Hjelm, Bjorn:
>
> Torsten,
>
> Please see my comments below.
>
> BR,
>
> Bjorn
>
> *From:*Lodderstedt, Torsten [mailto:t.lodderstedt at telekom.de]
> *Sent:* Tuesday, June 16, 2015 11:19 PM
> *To:* Hjelm, Bjorn
> *Cc:* Openid-specs-mobile-profile
> *Subject:* AW: [Openid-specs-mobile-profile] MODRNA WG Call
>
> Hi Bjorn,
>
> thanks for sharing this document with us.
>
> Here are my comments:
>
> -1. – “asserted by a primary MNO that the client has a relationship 
> with” – That’s one option. Another could be that the statement is 
> issued by a central registry all MNOs rely on. So my suggestion for 
> this spec is to talk of a “trusted entity, e.g. a primary MNO” – 
> potentially also “developer MNO”*/[Bjorn:] Agreed./*
>
> -1.2 Terminology: I think this should be replaced by MODRNA specific 
> terminology, e.g. MNO*/[Bjorn:] Added definition for MNO but will 
> change this section based on final decision by the group./*
>
> -3.1. Editors Note 1: I would suggest to add a implementation note 
> section and explain the options we see there, including using the 
> statement as client_id -> note: If the operators uses the statement as 
> client_id it won’t most likely not issue a secret, which contradicts 
> the text in the first sentence of this section.*/[Bjorn:] Revising the 
> section to add possible options./*
>
> -3.1, 2^nd paragraph: “If the client is registered with another MNO, a 
> new version of the application is required.” – What does “new 
> application” mean?*/[Bjorn:] I believe “new application” should be new 
> Client_ID if I remember the discussion correctly. Am I wrong in my 
> recollection?/*
>
> -3.1. Editors note 3: I think the introduction or a requirements 
> section should state that this spec will support this feature.
>
> -3.2
>
> oSignature algorithm – I suggest we limit this to RSA (to start 
> with)*/[Bjorn:] If there is group agreement to limit to RSA then I’ll 
> mark this in the draft./*
>
> oWhat is/are “acus”?*/[Bjorn:] Typo. Should be “Aalowed cars”. Notes 
> from IIW./*
>
> oWhat’s “gti”?/[Bjorn:] *Typo. Should be “jti”. Notes from IIW.*/
>
> best regards,
>
> Torsten.
>
> *Von:*Hjelm, Bjorn [mailto:Bjorn.Hjelm at VerizonWireless.com]
> *Ge**sendet:*Mittwoch, 20. Mai 2015 02:50
> *An:* Lodderstedt, Torsten; Openid-specs-mobile-profile
> *Betreff:* RE: [Openid-specs-mobile-profile] MODRNA WG Call
>
> Attached is a revised version of the draft registration spec.
>
> BR,
>
> Bjorn
>
> -----Original Appointment-----
> *From:* Lodderstedt, Torsten [mailto:t.lodderstedt at telekom.de]
> *Sent:* Monday, May 18, 2015 10:17 AM
> *To:* Lodderstedt, Torsten; Openid-specs-mobile-profile
> *Subject:* [Openid-specs-mobile-profile] MODRNA WG Call
> *When:* Wednesday, May 20, 2015 4:00 PM-5:00 PM (UTC+01:00) Amsterdam, 
> Berlin, Bern, Rome, Stockholm, Vienna.
> *Where:* https://global.gotomeeting.com/join/764054389
>
> Zeit: Mittwoch, 20. Mai 2015 16:00-17:00 (UTC+01:00) Amsterdam, 
> Berlin, Bern, Rom, Stockholm, Wien.
>
> Ort: https://global.gotomeeting.com/join/764054389
>
> Hinweis: Die oben angegebene Abweichung von GMT berücksichtigt keine 
> Anpassungen für Sommerzeit.
>
> *~*~*~*~*~*~*~*~*~*
>
> Hi all,
>
> I won’t be able to attend but John will moderate the call instead 
> (thanks!).
>
> I would suggest the following topics:
>
> ·Discussion of discovery design (native vs. web – probably using 
> sequence diagrams)
>
> ·Status of registration spec (esp. software statement contents)
>
> ·Alignment of GSMA work and authentication draft
>
> best regards,
>
> Torsten.
>
>   << File: ATT00002.txt >>
>
>
>
> _______________________________________________
> Openid-specs-mobile-profile mailing list
> Openid-specs-mobile-profile at lists.openid.net
> http://lists.openid.net/mailman/listinfo/openid-specs-mobile-profile

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-mobile-profile/attachments/20150719/af0fdfbb/attachment-0001.html>


More information about the Openid-specs-mobile-profile mailing list