[Openid-specs-mobile-profile] MODRNA CIBA draft 03 - public review

charles.marais at orange.com charles.marais at orange.com
Wed Apr 19 09:24:02 UTC 2017

Hi Cezary,

Please, find hereafter our comments :

- CIBA has been designed to allow authentication use cases (GSMA MC 
Authentication product) and has not been designed to address GSMA MC 
Authorise product. To address GSMA Authorise product, OIDF has designed 
the User Questioning Api which is currently under the implementer's 
draft process. These aspects have been discussed several times inside 
the working group (Paris meeting, Modrna list, periodic calls...).

- Concerning the binding message, when used, this parameter is used as 
an interlock mechanism in order to visually pair the consumtion device 
with the authentication device. This message should be short, non 
predictable and easily checkable by the user.

- MC Profile contains several things (context, client_name, 
prompt=mobile, backchannel calls, additional id_token claims...) which 
have not been discussed nor approved by OIDF.



Le 29/03/2017 à 10:19, Orliński Cezary a écrit :
> Hi
> I would like to comment on the MODRNA Client initiated Backchannel Authentication Flow 1.0 (CIBA), draft 03 specification.
> We are working in Poland with other MNOs to bring Mobile Connect server initiated (server-to-server) use cases into life. The CIBA spec looks great for our use cases but we lack some functionalities:
> - There are no fields such as "context" and "client_name" in the Authentication Request that would allow us to display Client defined text on Authentication Device. Instead now the OP can display only a "binding_message" sent by the Client which has a bit different purpose. In our use cases the Client wishes to send its own text e.g. "Client requests you to authorize the operation X...". The fields "context" and "client_name" are present in Mobile Connect's PDATA.01 specification (MC Profile 1.2) and they fit perfectly our needs.
> Please consider adding these fields to the CIBA spec since MC Profile 1.2 seems quite compatible with CIBA.
> Best Regards
> Cezary Orliński
> T-MOBILE POLSKA S.A. z siedzibą w Warszawie
> Adres: ul. Marynarska 12, 02-674 Warszawa
> Zarząd Spółki:
> Adam Sawicki - Prezes Zarządu;
> Szabolcs Gáborjáni-Szabó - Członek Zarządu, Dyrektor ds. Finansowych;
> Thomas Lips - Członek Zarządu, Dyrektor ds. Technologii i Innowacji;
> Artur Ostrowski - Członek Zarządu, Dyrektor ds. Rynku Biznesowego;
> Spółka zarejestrowana w Sądzie Rejonowym dla m.st. Warszawy w Warszawie,
> XIII Wydział Gospodarczy Krajowego Rejestru Sądowego.
> KRS 0000391193 | NIP 526-10-40-567 | Regon 011417295
> Kapitał zakładowy 471 mln złotych, kapitał wpłacony w całości.
> Ta wiadomość i jej treść są zastrzeżone w szczegółowym zakresie dostępnym na http://www.t-mobile.pl/stopka
> This e-mail and its contents are subject to a DISCLAIMER with important RESERVATIONS: see http://www.t-mobile.pl/stopka
> _______________________________________________
> Openid-specs-mobile-profile mailing list
> Openid-specs-mobile-profile at lists.openid.net
> http://lists.openid.net/mailman/listinfo/openid-specs-mobile-profile


*MARAIS Charles *
*Orange Labs Lannion*
Tel : +33 (0)2 96 07 24 18
charles.marais at orange.com <mailto:charles.marais at orange.com>
Orange Labs Lannion
2, avenue Pierre Marzin
22307 LANNION Cedex - France


Ce message et ses pieces jointes peuvent contenir des informations confidentielles ou privilegiees et ne doivent donc
pas etre diffuses, exploites ou copies sans autorisation. Si vous avez recu ce message par erreur, veuillez le signaler
a l'expediteur et le detruire ainsi que les pieces jointes. Les messages electroniques etant susceptibles d'alteration,
Orange decline toute responsabilite si ce message a ete altere, deforme ou falsifie. Merci.

This message and its attachments may contain confidential or privileged information that may be protected by law;
they should not be distributed, used or copied without authorisation.
If you have received this email in error, please notify the sender and delete this message and its attachments.
As emails may be altered, Orange is not liable for messages that have been modified, changed or falsified.
Thank you.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-mobile-profile/attachments/20170419/a0b8af4b/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: orange_logo.gif
Type: image/gif
Size: 1264 bytes
Desc: not available
URL: <http://lists.openid.net/pipermail/openid-specs-mobile-profile/attachments/20170419/a0b8af4b/attachment.gif>

More information about the Openid-specs-mobile-profile mailing list