[Openid-specs-mobile-profile] New Revision of Discovery Draft
torsten at lodderstedt.net
Sat Jul 25 17:17:32 UTC 2015
Am 23.07.2015 um 14:50 schrieb philippe.clement at orange.com:
> Hi torsten,
> Thanks a lot for this document, here are my comments
> 2. Overview:
> - "•a RP may not process the MSISDN in the course of the discovery
> I think that in some cases, the RP will have this MSISDN, and that
> this one will be secured at the RP by a real secured process
> (challenge with a phone call, confirmation by OTP...). Case of banks
> for example, but they are not alone.
> As this MSISDN at RP exist, we should use it to simplify the user
> journey at the discovery stage and not risk to re-ask to the user some
> information regarding his MNO. Indeed, in some cases, the discovery
> service will have, in absence of user/MNO data, to ask to the user
> pieces of information (MSISDN, MCC/MNC...).
> This could be added in § 2.1 C : "Moreover, the client may pass MCC,
> MNC or IMSI as part of the discovery request."
make sense. I just created a new issue and added your and Sebastian's
comments to it (and added placeholders for a msisdn parameter to both
requests). I'm open to this enhancements as it would improve UX in the
same way as the encrypted login hint.
> - "OpenID Connect Clients using this specification are encouraged to
> use the OpenID Account chooser service [Account.Chooser]. This allows
> them to bypass discovery for users that already have account
> information cached."
> Are we confident that Account Chooser can endorse the discovery
> mechanism of an MNO for a specific user ? In other words, do we know
> exactly what should be the changes at Account Chooser level and at MNO
> level to bypass the discovery process ?
As far as I understand, there are two extensions required:
- a represention of the user id, which can only be interpreted by the OP
- a description of the user id for display in the account chooser UI
(e.g. MSISDN with some digests replaced by stars)
@John: is that correct? Do you know the current status of those extensions?
> Hope this helps,
> -----Message d'origine-----
> De : Openid-specs-mobile-profile
> [mailto:openid-specs-mobile-profile-bounces at lists.openid.net] De la
> part de Torsten Lodderstedt
> Envoyé : samedi 18 juillet 2015 19:41
> À : openid-specs-mobile-profile at lists.openid.net
> Objet : [Openid-specs-mobile-profile] New Revision of Discovery Draft
> Hi all,
> I just posted a new revision of the discovery draft to the repository.
> The HTML version can also be found here:
> I revision reflects the current discovery design for both web and
> native apps as described in the web sequence diagrams. I also added an
> overview and restructured the document.
> Please review it and give feedback to the list.
> kind regards,
> Openid-specs-mobile-profile mailing list
> Openid-specs-mobile-profile at lists.openid.net
> <mailto:Openid-specs-mobile-profile at lists.openid.net>
> Ce message et ses pieces jointes peuvent contenir des informations confidentielles ou privilegiees et ne doivent donc
> pas etre diffuses, exploites ou copies sans autorisation. Si vous avez recu ce message par erreur, veuillez le signaler
> a l'expediteur et le detruire ainsi que les pieces jointes. Les messages electroniques etant susceptibles d'alteration,
> Orange decline toute responsabilite si ce message a ete altere, deforme ou falsifie. Merci.
> This message and its attachments may contain confidential or privileged information that may be protected by law;
> they should not be distributed, used or copied without authorisation.
> If you have received this email in error, please notify the sender and delete this message and its attachments.
> As emails may be altered, Orange is not liable for messages that have been modified, changed or falsified.
> Thank you.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Openid-specs-mobile-profile