[Openid-specs-mobile-profile] CIBA binding_message
Axel.Nennker at telekom.de
Axel.Nennker at telekom.de
Tue Nov 29 10:00:04 UTC 2016
I removed context and put binding_message back in.
https://bitbucket.org/openid/mobile/commits/7b27654d636a93324c3b556ebe21f2b4d66456b5
Although the definition from MODRNA Authentication seems questionable in CIBA because CIBA does not really mention the consumption device.
This is the text from MODRNA Authentication:
" <t hangText="binding_message">
OPTIONAL. This is a new parameter. An Interlock message to tie the consumption
device and the authentication device together.
How to ensure that the message is actually shown on all relevant
devices is out of the scope of this document.
Possible values and constraints are specified in
<xref target="binding_message_details" />.
Ways to protect the integrity of the binding_message are discussed
in <xref target="security_considerations" />.
</t>
"
In the last version of CIBA "context" was REQUIRED while in the version I copied binding_message back from it was OPTIONAL.
I resurrected binding_message as OPTIONAL.
What do you think about OPTIONAL versus REQUIRED?
// Axel
More information about the Openid-specs-mobile-profile
mailing list