[Openid-specs-mobile-profile] CIBA update

Axel.Nennker at telekom.de Axel.Nennker at telekom.de
Mon Jan 2 14:45:13 UTC 2017


Hi all,

Happy New Year!

Today I updated CIBA:
https://xml2rfc.tools.ietf.org/cgi-bin/xml2rfc.cgi?Submit=Submit&format=ascii&mode=html&type=ascii&url=https://bitbucket.org/openid/mobile/raw/tip/draft-mobile-client-initiated-backchannel-authentication.xml?at=default


-          Remove xref from abstract. Moved it to Introduction.

-          removed -02 from docName

-          xref first occurrence of MODRNA Authentication profile

-          move example left

-          more and better xrefs

-          Introduce CIBA as Client Initiated Backchannel Authentication

-          remove paragraph about error case from the "success" section

-          Service Provider -> Client; Identity Provider -> OpenID Provider

-          unknown_auth_req_id error is only returned in Polling Mode

-          make grant_type stay unhyphenated

-
Please review before the workshop next week and (re-)raise issues.

Major outstanding issues:

-          binding_message discussion (Jörg C and John B.)
remove binding_message completely because it is the OP’s business alone?

-          better use cases

-          polling using HTTP status codes details (Petteri S.)

-          your issue I forgot about right now (sorry)







Kind regards
Axel




From: Openid-specs-mobile-profile [mailto:openid-specs-mobile-profile-bounces at lists.openid.net] On Behalf Of charles.marais at orange.com
Sent: Monday, January 02, 2017 10:28 AM
To: openid-specs-mobile-profile at lists.openid.net; AILLERY Nicolas IMT-OLPS; CLEMENT Philippe IMT TECHNO
Subject: Re: [Openid-specs-mobile-profile] MODRNA WG minutes Call on dec 14th 2016


Happy new year to all of you !

Nicolas and I are going too.

Charles.

Le 30/12/2016 à 15:00, Axel.Nennker at telekom.de<mailto:Axel.Nennker at telekom.de> a écrit :
I am going

From: Openid-specs-mobile-profile [mailto:openid-specs-mobile-profile-bounces at lists.openid.net] On Behalf Of John Bradley
Sent: Wednesday, December 28, 2016 4:16 PM
To: nicolas.aillery at orange.com<mailto:nicolas.aillery at orange.com>
Cc: openid-specs-mobile-profile at lists.openid.net<mailto:openid-specs-mobile-profile at lists.openid.net>
Subject: Re: [Openid-specs-mobile-profile] MODRNA WG minutes Call on dec 14th 2016

I am just catching up on things after my Vacation.
I haven't had a chance to talk to Joerg yet.

I hope we can work on this over the next couple of weeks.

I won’t be at the London workshop myself.
Who is going from the WG?

John B.

On Dec 21, 2016, at 1:41 PM, nicolas.aillery at orange.com<mailto:nicolas.aillery at orange.com> wrote:

Hello Jörg and John,

    There will be a GSMA workshop in London on January 10th.
    We’ll discuss about “MC Authorise” product, CIBA and User Questioning, and we’ll need a clear position from the OIDF on how should “MC Authorise” be handled by OIDF standards.

   Do you think you can provide us with first results of your study (i.e. “Jörg and John will work on writing down the CIBA use case, and sort out the binding message and context parameters situation, and describe whether UQ or CIBA are concerned”) before this workshop?

Regards,

Nicolas

_____________________________________________
De : CLEMENT Philippe IMT TECHNO
Envoyé : mercredi 14 décembre 2016 18:17
À : Torsten.Lodderstedt at telekom.de<mailto:Torsten.Lodderstedt at telekom.de>; openid-specs-mobile-profile at lists.openid.net<mailto:openid-specs-mobile-profile at lists.openid.net>
Objet : MODRNA WG minutes Call on dec 14th 2016


Dear all,

Please find below the preliminary minutes of our call. Any error, misunderstanding, please let me know.

Participants:
Torsten, Petteri, Philippe, Nicolas, Jörg, Siva, Bjorn, Gonzalo

Agenda:
1.      Move draft specs UQ, CIBA, account portability and Authentication to implementers draft
2.      Asynchronous notification mode, Petteri proposal

Torsten first announces his leaving of DT and of Chairman position of the MODRNA OIF WG. Makes a proposal for Bjorn to handover the position (to be held by a MNO representative). No objection is heard on the call and Bjorn is consensually agreed to chair the MODRNA WG.
Many thanks to Torsten for having chaired this MODRNA WG and best wishes for his next future in the startup agile environment !

Discussion
1.      Implementers draft

Torsten proposal to move UQ, CIBA, account porting and Authentication in the Implementers draft status.
Remarks done on the lack of Use Cases in CIBA specs that could have helped to better understand the document, and avoid ambiguities and misinterpretations on the objectives of the specs.
Gonzalo mentions his working on the topic.
Torsten proposal is to write into the document that CIBA is specified for backchannel server authentication, being the same as OIDF core 1.0, but for backchannel authentication.

Some cases are show during the call. Questions arise about the Use Cases that could influence the text displayed on the user authentication device, especially from SP.
It is important to separate backchannel authentication from transaction acknowledgement.

·         Jörg and John will work on writing down the CIBA use case, and sort out the binding message and context parameters situation, and describe whether UQ or CIBA are concerned.

2.      Petteri proposal

Two proposals were made to the list for asynchronous notifications:
1.      HTTP level polling generalizing.
2.      Callback mechanism, defined in Paris meeting where push turned into pull method

Question is raised about John’s proposal to “generalize” notification (pull or push) across the OIF global specifications. We will first try to sort out the question for MODRNA specs.
Someone with good knowledge of HTTP mechanisms would be appropriate to take over the work.
Having this question solved in a generic manner in MODRNA WG will help then to adapt UQ and CIBA specs.

·         Petteri  volunteers for describing precisely and document his proposal, mentioning the pros and cons of each method.

Best regards,
Philippe


_________________________________________________________________________________________________________________________



Ce message et ses pieces jointes peuvent contenir des informations confidentielles ou privilegiees et ne doivent donc

pas etre diffuses, exploites ou copies sans autorisation. Si vous avez recu ce message par erreur, veuillez le signaler

a l'expediteur et le detruire ainsi que les pieces jointes. Les messages electroniques etant susceptibles d'alteration,

Orange decline toute responsabilite si ce message a ete altere, deforme ou falsifie. Merci.



This message and its attachments may contain confidential or privileged information that may be protected by law;

they should not be distributed, used or copied without authorisation.

If you have received this email in error, please notify the sender and delete this message and its attachments.

As emails may be altered, Orange is not liable for messages that have been modified, changed or falsified.

Thank you.





_______________________________________________

Openid-specs-mobile-profile mailing list

Openid-specs-mobile-profile at lists.openid.net<mailto:Openid-specs-mobile-profile at lists.openid.net>

http://lists.openid.net/mailman/listinfo/openid-specs-mobile-profile

--
[cid:image001.gif at 01D2650B.A094FD10]

MARAIS Charles
Orange Labs Lannion
Tel : +33 (0)2 96 07 24 18
charles.marais at orange.com<mailto:charles.marais at orange.com>
Orange Labs Lannion
2, avenue Pierre Marzin
22307 LANNION Cedex - France


_________________________________________________________________________________________________________________________



Ce message et ses pieces jointes peuvent contenir des informations confidentielles ou privilegiees et ne doivent donc

pas etre diffuses, exploites ou copies sans autorisation. Si vous avez recu ce message par erreur, veuillez le signaler

a l'expediteur et le detruire ainsi que les pieces jointes. Les messages electroniques etant susceptibles d'alteration,

Orange decline toute responsabilite si ce message a ete altere, deforme ou falsifie. Merci.



This message and its attachments may contain confidential or privileged information that may be protected by law;

they should not be distributed, used or copied without authorisation.

If you have received this email in error, please notify the sender and delete this message and its attachments.

As emails may be altered, Orange is not liable for messages that have been modified, changed or falsified.

Thank you.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-mobile-profile/attachments/20170102/a9d0b6d8/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.gif
Type: image/gif
Size: 1264 bytes
Desc: image001.gif
URL: <http://lists.openid.net/pipermail/openid-specs-mobile-profile/attachments/20170102/a9d0b6d8/attachment-0001.gif>


More information about the Openid-specs-mobile-profile mailing list