[Openid-specs-mobile-profile] MODRNA WG Call June 1st 2016

John Bradley ve7jtb at ve7jtb.com
Sun Jun 5 13:08:14 UTC 2016


Yes, the worst case is of they don't for some rarely used accounts they
will need to do some sort of account recovery.   That could be by proving
they have the same phone number or something else.   Most RP are going to
have account recovery.   There are always edge cases where the user is on a
fixed bag as we say in Chille,  or stops otherwise suspends a prepaid
account and can't authenticate.

I think one port is enough.

John B.
On Jun 5, 2016 7:42 AM, "Torsten Lodderstedt" <torsten at lodderstedt.net>
wrote:

> Am 04.06.2016 um 14:17 schrieb John Bradley:
>
>>
>> We can.  I think the GSMA was going to discuss our feedback.
>>
>>
> I will draft a first version.
>
> They had some other concerns with people doing multiple ports over a short
>> period of time.  I don't know how much history is wort supporting vs
>> increased complexity for the client
>>
>> The easier approach is to ask the user to force migration at the RP by
> logging in after every port. Otherwise, this is ending up in signficant
> increased complexitity and potentially security holes.
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-mobile-profile/attachments/20160605/0515ee18/attachment.html>


More information about the Openid-specs-mobile-profile mailing list