[Openid-specs-mobile-profile] Alternative account porting design

torsten at lodderstedt.net torsten at lodderstedt.net
Wed Aug 24 08:38:19 UTC 2016


Hi Arne,

I hope Mobile Connect discovery and credential management will be decoupled and aligned with OpenId/OAuth standard mechanisms. We had productive discussions about that topic with GSMA and will see first results with the intro of the openid-configuration to API exchange soon. Next step might be use of Software Statements for credential mgmt. 

I recommend you to take a look onto MODRNA discovery and registration drafts in our repo.  

In this case, RPs will have/manage their OP credentials independent of the discovery process. So it should be possible to authenticate towards the old OP.        

best regards,
Torsten.  

Sent by MailWise – See your emails as clean, short chats.

-------- Originalnachricht --------
Betreff: Re: [Openid-specs-mobile-profile] Alternative account porting design
Von: Arne Georg Gleditsch <argggh at telenordigital.com>
An: Torsten Lodderstedt <torsten at lodderstedt.net>
Cc: "Manger, James" <James.H.Manger at team.telstra.com>,openid-specs-mobile-profile at lists.openid.net

>Torsten Lodderstedt <torsten at lodderstedt.net> writes:
>> 3) RP sends request to porting check API at the old OP, including the
>> porting token + the credentials it regularily uses to
>> identify/authenticate with the tokens endpoint of this particular OP
>> (it must have an identity with this OP as it is a RP for this OP as
>> well)
>
>I agree that complete separation of RP identification is a nice feature
>-- however, we need to keep in mind that in a Mobile Connect context,
>the RPs cannot be expected to hold on to (up-to-date) credentials for
>all OPs, not even the ones they have previously been in communication
>with.  For them to to be able to authenticate towards the old OP, they
>would need to first communicate with the Operator Discovery facility to
>retrieve OP-specific credentials.  This is not a show-stopper per se,
>but it is going to complicate the flow a bit for the RPs.  We also need
>to supply them with information they can use towards Operator Discovery
>to resolve the old OP, i.e just indicating the old iss value is not
>going to be enough at this step.  (Although it would be nice if OD
>supported lookups by iss...)
>
>-- 
>
>							Arne.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-mobile-profile/attachments/20160824/a977272c/attachment.html>


More information about the Openid-specs-mobile-profile mailing list