[Openid-specs-mobile-profile] MODRNA WG Call June 1st 2016

Torsten.Lodderstedt at telekom.de Torsten.Lodderstedt at telekom.de
Fri Jun 3 11:51:12 UTC 2016


HI all,

did you discuss scoping of sub/PCR values by the issuer value? Will the respective GSMA spec be changed or are Mobile Connect RP/SPs still supposed to recognize an user account based on the sub claim only?

My hypothesis: if the migration process is implemented properly and uses scoped user ids, then the value of a PCR, which is stable across MNOs, is rather small. The RP just saves the database update in case of the migration process.

kind regards,
Torsten.

Von: philippe.clement at orange.com [mailto:philippe.clement at orange.com]
Gesendet: Freitag, 3. Juni 2016 11:04
An: Lodderstedt, Torsten; openid-specs-mobile-profile at lists.openid.net; John Bradley
Cc: philippe.clement.ft at gmail.com; philippe.clement.ft at gmail.com
Betreff: RE: MODRNA WG Call June 1st 2016

Dear all,

Please consider below a new version of the minutes of our call, following some suggestions from Siva, and contribute if you feel you have to.
Updates in italics


Participants: John, Bjorn, Nat, Philippe, Siva, Jörg
 Agenda : Progress on GSMA PCR portability, Change to MC Authorisaiton minutes
•         Some discussions happened in CPAS about signing JWT and chain migration from a user to different MNOs
•         John explains that signing JWT is wishable and not complex for an MNO
•         An introspection endpoint is needed on MNO side to attest the signed JWT to the RP. Keys rotating will be taken into account. Special keys for the Use Case ?
•         Discussion about the PCR and the fact it must be stable in time or different from an MNO to another regarding the same user at the same RP. The generality of the migration process is wishable, so addressing different PCR for the same user at an RP for different MNO is acceptable. On the other hand, the MNO process to create PCR is not standardized yet, and no vision is available on the delay for all MNO to change their PCR method.
•         Siva informed forum members that CPAS members agreed the PCR new format (GUID, version 4, RFC 4112) and all MNOs will migrate to generate in this format, ( few MNOs are already working on this migration). PCR new format and migration is being executed as a separate deployment project for the moment. (De-coupled from current Mobile Connect release).
•         Discussions about the period while to maintain the migration open for a user at an MNO.
•         John explains that if we keep the same PCR for migration, then it will be Mobile Connect specific migration, and it cannot be made as a generic solution from OpenID Connect specifications.  (Perhaps specs can come with multiple options/choice).
•         Chain migration: discussions on the management of the signed JWT and which MNOs the JWTs will be addressed to. Proposal: sent each signed JWT to respective MNOs.
•         Siva informed forum members of changing the wording in the minutes regarding MC Authorisation since it is creating much confusion for R2 activities.  Also informed that MC Authorisation is just a marketing term w.r.t. Mobile Connect, whereas it is “Contextual Authentication” with additional features, which is well aligned with OIDC protocol and fit for purpose in R2.   Joerg informed that there would not be a problem to change the minutes.
•         If agreed/required all Mobile Connect improvements/discussions apply to Mobile Connect future releases only.
•         Discussions in CPAS to be led by Siva

Best regards,
Philippe

_____________________________________________
De : CLEMENT Philippe IMT TECHNO
Envoyé : jeudi 2 juin 2016 09:41
À : Torsten.Lodderstedt at telekom.de<mailto:Torsten.Lodderstedt at telekom.de>; openid-specs-mobile-profile at lists.openid.net<mailto:openid-specs-mobile-profile at lists.openid.net>; John Bradley
Cc : philippe.clement.ft at gmail.com<mailto:philippe.clement.ft at gmail.com>
Objet : MODRNA WG Call June 1st 2016


Dear all,

Please find below the preliminary notes of the meeting
Any error or adjustment needed, please let me know

Participants: John, Bjorn, Nat, Philippe, Siva, Jörg

Agenda : Progress on GSMA PCR portability

Some discussions happened in CPAS about signing JWT and chain migration from a user to different MNOs
John explains that signing JWT is wishable and not complex for an MNO
An introspection endpoint is needed on MNO side to attest the signed JWT to the RP. Keys rotating will be taken into account. Special keys for the Use Case ?

Discussion about the PCR and the fact it must be stable in time or different from an MNO to another regrding the same user at the same RP. The genericity of the migration process is wishable, so addressing different PCR for the same user at an RP for different MNO is acceptable. On the other hand, the MNO process to create PCR is not standardized yet, and no vision is available on the delay for all MNO to change their PCR method.
Discussions about the period while to maintain the migration open for a user at an MNO.
Chain migration: discussions on the management of the signed JWT and which MNOs the JWTs will be addressed to. Proposal: sent each signed JWT to respective MNOs.

·         Discussions in CPAS to be led by Siva

Kind regards,
Philippe

-----Rendez-vous d'origine-----
De : Torsten.Lodderstedt at telekom.de<mailto:Torsten.Lodderstedt at telekom.de> [mailto:Torsten.Lodderstedt at telekom.de]
Envoyé : lundi 30 mai 2016 13:55
À : Torsten.Lodderstedt at telekom.de<mailto:Torsten.Lodderstedt at telekom.de>; openid-specs-mobile-profile at lists.openid.net<mailto:openid-specs-mobile-profile at lists.openid.net>
Objet : [Openid-specs-mobile-profile] MODRNA WG Call
Date : mercredi 1 juin 2016 16:00-17:00 (UTC+01:00) Amsterdam, Berlin, Berne, Rome, Stockholm, Vienne.
Où : https://global.gotomeeting.com/join/927253461




Zeit: Mittwoch, 1. Juni 2016 16:00-17:00 (UTC+01:00) Amsterdam, Berlin, Bern, Rom, Stockholm, Wien.
Ort: https://global.gotomeeting.com/join/927253461

Hinweis: Die oben angegebene Abweichung von GMT berücksichtigt keine Anpassungen für Sommerzeit.

*~*~*~*~*~*~*~*~*~*

Hi all,

the objective of this call is to discuss the tasks we came up with during the technical workshop. Please take a look onto the respective issues in our tracker in advance: https://bitbucket.org/openid/mobile/issues?milestone=TWS_DA_05_2016


best regards,
Torsten.
  << Fichier: ATT00001.txt >>


_________________________________________________________________________________________________________________________



Ce message et ses pieces jointes peuvent contenir des informations confidentielles ou privilegiees et ne doivent donc

pas etre diffuses, exploites ou copies sans autorisation. Si vous avez recu ce message par erreur, veuillez le signaler

a l'expediteur et le detruire ainsi que les pieces jointes. Les messages electroniques etant susceptibles d'alteration,

Orange decline toute responsabilite si ce message a ete altere, deforme ou falsifie. Merci.



This message and its attachments may contain confidential or privileged information that may be protected by law;

they should not be distributed, used or copied without authorisation.

If you have received this email in error, please notify the sender and delete this message and its attachments.

As emails may be altered, Orange is not liable for messages that have been modified, changed or falsified.

Thank you.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-mobile-profile/attachments/20160603/26230c73/attachment-0001.html>


More information about the Openid-specs-mobile-profile mailing list