[Openid-specs-mobile-profile] MODRNA WG Call preliminary notes Sept 23rd 2015

philippe.clement at orange.com philippe.clement at orange.com
Wed Sep 23 15:53:15 UTC 2015

Dear all,

Please find below the preliminary notes or our today's call
Any error please let me know

Participants: Torsten, Philippe, Joerg, John, Matthieu

Agenda:  Authentication specs (Joerg)

-       #15 Amr request parameter: no actual requirement

-       #16 max_age:  Difficult topic in the way of Risk analysis, multi factor authentication
Second factor use case is better addressed using PROMPT=login (in combination w/ ACR), ACR is generally better suited

-       #26 nonce as recommended
Is used specially (and mandatory) for implicit and hybrid flows , required when id-token returned through the front channel, to prevent id-token swap.
==>     Check text and to get arguments from  GSMA

-       #27 acr_values request parameter : recommended with default
      Some combinations (amr + acr) will be proper to MODRNA profile

-       #28 id_token signature mandatory
      Not addressed, to be treated in next call

-       #29 amr response values according to specs
-       Not addressed, to be treated in next call

       #30 amr response value MANDATORY
      Not addressed, to be treated in next call

      #31 What happens if login_hint and login_hint_token are both provided
==>     token takes precedence

best regards,


Ce message et ses pieces jointes peuvent contenir des informations confidentielles ou privilegiees et ne doivent donc
pas etre diffuses, exploites ou copies sans autorisation. Si vous avez recu ce message par erreur, veuillez le signaler
a l'expediteur et le detruire ainsi que les pieces jointes. Les messages electroniques etant susceptibles d'alteration,
Orange decline toute responsabilite si ce message a ete altere, deforme ou falsifie. Merci.

This message and its attachments may contain confidential or privileged information that may be protected by law;
they should not be distributed, used or copied without authorisation.
If you have received this email in error, please notify the sender and delete this message and its attachments.
As emails may be altered, Orange is not liable for messages that have been modified, changed or falsified.
Thank you.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-mobile-profile/attachments/20150923/1d71061c/attachment.html>

More information about the Openid-specs-mobile-profile mailing list