[Openid-specs-mobile-profile] Issue #23: MSISDN as discovery parameter? (openid/mobile)
issues-reply at bitbucket.org
Sat Jul 25 16:58:25 UTC 2015
New issue 23: MSISDN as discovery parameter?
Sebastian's comment on the current discovery design:
I also think we should add msisdn as optional parameter to both, user interaction endpoint and issuer endpoint.
For the POST based flow because the app may already have the permission to query the msisdn from the device and then the user experience can be enhanced. See also Johns comment on https://bitbucket.org/openid/mobile/issues/6/general-questions
For the redirect based flow, because the RP may already know the msisdn and only wants a secure attestation for it. I know that mobile connect is aware of privacy and designed not to tell every RP the msisdn. But I'm sure that for some RPs this will become a valid use case and then the usability can be improved. The Discovery Service may deny the request if the client is not authorized to discover the mno by msisdn.
More information about the Openid-specs-mobile-profile