[Openid-specs-mobile-profile] MODRNA WG Call on oct 19th 2016 preliminary notes
philippe.clement at orange.com
philippe.clement at orange.com
Wed Oct 19 15:56:03 UTC 2016
please find below the preliminary notes of our call today. Any error or misunderstanding, please let me know.
Torsten, John, Siva, Philippe, Nicolas, Celestin, Bjorn,
- status of 3 drafts
User Questionning API
Status of Orange headways:
- a draft version 3, on which some exchanges occurred in the last hours. Updates are going on towards a draft version 4
- development of a prototype: first API for UQ up and running, the pull flow is working well
o Possibilities offered to the RP regarding question and answers
* the client is responsible for the wording of the question, and understands the answer of the user
o how much freedom for the client to formulate the question ?
* in the specs, simple to enable a multivalued question in regard of several answers, under the responsibility of the client
o Should we and how to address the capabilities of the device to display the question and multiple possible answers ?
* solutions to authenticate the user could not be sufficient for questioning the user
o Security: do we separate authentication and security (pin, biometrics...) of the formatting of the question ?
o Are there a unique mecanism for questioning and authenticating ?
* From an authentication point of view, they could be the same
* --> implementation considerations to add in the specs regarding components
o qcr and qmr:
* hard to see the difference with acr and amr...
* --> give concrete exemples in the specs to illustrate
o Is there a multi step exchange between RP and OP to agree on the means to question the user ? No, It should only be a question of features discovering
o Should UQ work with sim applet ? Yes, but with restrictions
o The specs does not take care of the different authenticators of the OP to the user. With UQ: we use sim applet (limited), but the prototype works with SMS URLs
* --> Insert these examples into the specs.
==> Everyone on the list to give a feedback regarding this draft
no update at this time
DT planned to implement the prototype of SIBA mechanism (server initiated backchannel authentication)
John: will be raised in a next OAuth meeting, to fetch potential support. Remaining correlative questions on the device flow
coming up next week, before the IIW.
Bjorn to send on the list a draft version of the status of documents we are working on
Zeit: Mittwoch, 19. Oktober 2016 16:00-17:00 (UTC+01:00) Amsterdam, Berlin, Bern, Rom, Stockholm, Wien.
Hinweis: Die oben angegebene Abweichung von GMT berücksichtigt keine Anpassungen für Sommerzeit.
please post topic suggestions to the list.
I see the following topics for today:
* Status of SIBA, UQ and Migration/Porting
* Decision: Account Migration move vs. link
* Prototypes / Implementers Draft
* Next workshop
<< Fichier: ATT00001.txt >>
Ce message et ses pieces jointes peuvent contenir des informations confidentielles ou privilegiees et ne doivent donc
pas etre diffuses, exploites ou copies sans autorisation. Si vous avez recu ce message par erreur, veuillez le signaler
a l'expediteur et le detruire ainsi que les pieces jointes. Les messages electroniques etant susceptibles d'alteration,
Orange decline toute responsabilite si ce message a ete altere, deforme ou falsifie. Merci.
This message and its attachments may contain confidential or privileged information that may be protected by law;
they should not be distributed, used or copied without authorisation.
If you have received this email in error, please notify the sender and delete this message and its attachments.
As emails may be altered, Orange is not liable for messages that have been modified, changed or falsified.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Openid-specs-mobile-profile