[Openid-specs-mobile-profile] Preliminary minutes of MODRNA WG Call on August 10th 2016

GONZALO FERNANDEZ RODRIGUEZ gonzalo.fernandezrodriguez at telefonica.com
Thu Aug 18 13:30:06 UTC 2016


Hi guys,

I have just updated the so-called “Server Initiation” document: https://bitbucket.org/openid/mobile/src/75eae8b8e50737059c069965c8c37e794843b510/draft-mobile-client-initiated-backchannel-authentication-01.html?at=default&fileviewer=file-view-default


  *   Since now the flow is called “Client Initiated Backendchannel Authentication”
  *   Some new sections and non-normative examples have been added.

The current document is still keeping the “auth_req_id” to correlate the request and the asynchronous response through the redirect_uri. However if you remember the Florian’s proposal to use a dynamic path in the redirect_uri (building this path with a unique identifier that identifies the request uniquely) is under discussion, I personally consider it could be a good solution too.


Thanks a lot in advance,
Gonza.

From: Openid-specs-mobile-profile <openid-specs-mobile-profile-bounces at lists.openid.net<mailto:openid-specs-mobile-profile-bounces at lists.openid.net>> on behalf of "Torsten.Lodderstedt at telekom.de<mailto:Torsten.Lodderstedt at telekom.de>" <Torsten.Lodderstedt at telekom.de<mailto:Torsten.Lodderstedt at telekom.de>>
Date: jueves, 11 de agosto de 2016, 12:15
To: "openid-specs-mobile-profile at lists.openid.net<mailto:openid-specs-mobile-profile at lists.openid.net>" <openid-specs-mobile-profile at lists.openid.net<mailto:openid-specs-mobile-profile at lists.openid.net>>
Subject: [Openid-specs-mobile-profile] Preliminary minutes of MODRNA WG Call on August 10th 2016

Hi all,

please find below the draft of the WG Call minutes.

Best regards,
Torsten.

Participants: John Bradley, Venkatasivakumar Boyalakuntla (Siva), James Manger, Bjorn Hjelm, Florian Walter, Jörg Connotte, Nat Sakimura, Gonzalo Fernandez Rodriguez, Ijaz Khan, Torsten Lodderstedt

Status of our high-prio drafts:

  1.  Server-initiated authentication

  *   Gonzalo and Florian presented the first draft (https://bitbucket.org/openid/mobile/raw/75ca37860ae1fe90b085d32ad88507e82e2f374f/draft-mobile-server-initiation-01.txt)
  *   All WG members are asked to review it and give feedback on the list

  1.  Account migration

  *   James Manger explained an alternative proposal for handling of migration data. The basic idea is to instead of transferring it via a signed JWT, the old OP exposes an endpoint where the RP can directly call and determine whether and where a particular account has been migrated to
  *   The RP should be able to authenticate with the old OP since it is a RP of this OP as well (since it uses the old OP for logins)
  *   pro: no issue regarding signing key expiration
  *   James will post a more detailed description on the list so we can have a discussion of which way to go

  1.  Attributes UserInfo/PremiumInfo

- Siva presented current list
- WG members gave feedback and advice on how to incorporate Mobile Connect specific claims into OIDC (UserInfo and ID Token) by constructing collision resistant claim names
- Siva takes this back to CPAS

Status Workshop

  *   Eventbrite event has been set up and will be distributed soon
  *   No further information on location and logistics since Philippe did not attend the call




Deutsche Telekom AG
Group Innovation+/ Products & Innovation
Dr.-Ing. Torsten Lodderstedt
Leiter Enabling Platforms / Technology
T-Online Allee 1, 64295 Darmstadt, Germany
+49 6151 5837619  (Phone)
E-Mail: torsten.lodderstedt at telekom.de<mailto:t.lodderstedt at telekom.de>
www.telekom.com<http://www.telekom.com/>

Life is for sharing.

You can find the obligatory information on www.telekom.com/compulsory-statement<http://www.telekom.com/compulsory-statement>

Big changes start small – conserve resources by not printing every e-mail.




________________________________

Este mensaje y sus adjuntos se dirigen exclusivamente a su destinatario, puede contener información privilegiada o confidencial y es para uso exclusivo de la persona o entidad de destino. Si no es usted. el destinatario indicado, queda notificado de que la lectura, utilización, divulgación y/o copia sin autorización puede estar prohibida en virtud de la legislación vigente. Si ha recibido este mensaje por error, le rogamos que nos lo comunique inmediatamente por esta misma vía y proceda a su destrucción.

The information contained in this transmission is privileged and confidential information intended only for the use of the individual or entity named above. If the reader of this message is not the intended recipient, you are hereby notified that any dissemination, distribution or copying of this communication is strictly prohibited. If you have received this transmission in error, do not read it. Please immediately reply to the sender that you have received this communication in error and then delete it.

Esta mensagem e seus anexos se dirigem exclusivamente ao seu destinatário, pode conter informação privilegiada ou confidencial e é para uso exclusivo da pessoa ou entidade de destino. Se não é vossa senhoria o destinatário indicado, fica notificado de que a leitura, utilização, divulgação e/ou cópia sem autorização pode estar proibida em virtude da legislação vigente. Se recebeu esta mensagem por erro, rogamos-lhe que nos o comunique imediatamente por esta mesma via e proceda a sua destruição
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-mobile-profile/attachments/20160818/5bc94460/attachment.html>


More information about the Openid-specs-mobile-profile mailing list