[Openid-specs-mobile-profile] CIBA binding_message

Axel.Nennker at telekom.de Axel.Nennker at telekom.de
Tue Nov 29 10:00:04 UTC 2016

I removed context and put binding_message back in.
Although the definition from MODRNA Authentication seems questionable in CIBA because CIBA does not really mention the consumption device.

This is the text from MODRNA Authentication:

"				<t hangText="binding_message">
				    OPTIONAL. This is a new parameter. An Interlock message to tie the consumption 
				    device and the authentication device together.
				    How to ensure that the message is actually shown on all relevant 
				    devices is out of the scope of this document.
				    Possible values and constraints are specified in 
				    <xref target="binding_message_details" />.
				    Ways to protect the integrity of the binding_message are discussed 
				    in <xref target="security_considerations" />.

In the last version of CIBA "context" was REQUIRED while in the version I copied binding_message back from it was OPTIONAL.
I resurrected binding_message as OPTIONAL. 

What do you think about OPTIONAL versus REQUIRED?

// Axel

More information about the Openid-specs-mobile-profile mailing list