[Openid-specs-mobile-profile] Mobile Profile WG Call on May 3rd preliminary minutes

philippe.clement at orange.com philippe.clement at orange.com
Wed May 10 08:36:43 UTC 2017


Dear all,
Please find below the preliminary minutes of our call on May 3rd. In case of any error or misunderstanding, please let me know.

Participants :
1.      John, Hubert, Nicolas, Petteri, Philippe, Siva, bjorn, Celestin, charles
*       Agenda:
*       1- Update from IIW
*       2- MODRNA-CPAS workshop organization
*       3- AOB
*
*       Discussion:
*       1- Update from IIW, account porting specification
Participants put a great interest to this spec. A lot of questions raised regarding the complexity, the privacy, the token combination along the flows and security. Some examples were sketched, one particularly regarding the migration of an email account.
The case where a user could be tracked to a new IdP where a fake account has been created was evoked.

In conclusion, it appears that being a new flow, the porting function opens probably new vectors of attack, and documenting the kind of attacks is considered as an interesting complement to write.

This subject will be integrated in the next MODRNA-CPAS workshop agenda.
2- MODRNA-CPAS workshop organization
The discussion relied on :
-       Expectations from GSMA,
-       Schedule,
-       Number of participants

3- Discussion with FAPI group
*       Conversation with FAPI leads to a minor chance of success to engage cooperation.
*       Common solution between FAPI and MODRNA. One alignment call in MODRNA ?
*       OIF summit in London may 22nd. for open banking in the UK. They are in the process of adopting FAPI. PSD2 is at stake.
*       Open Banking implementation authority will publish the announcement.
*
*       4- Implementers draft
*       Implementers draft has passed quorum on the poll, and goes into implementers draft.
*       Next step: working on the specs to write improvements and have another round about editorial changes.

Kind regards,
Philippe


_________________________________________________________________________________________________________________________

Ce message et ses pieces jointes peuvent contenir des informations confidentielles ou privilegiees et ne doivent donc
pas etre diffuses, exploites ou copies sans autorisation. Si vous avez recu ce message par erreur, veuillez le signaler
a l'expediteur et le detruire ainsi que les pieces jointes. Les messages electroniques etant susceptibles d'alteration,
Orange decline toute responsabilite si ce message a ete altere, deforme ou falsifie. Merci.

This message and its attachments may contain confidential or privileged information that may be protected by law;
they should not be distributed, used or copied without authorisation.
If you have received this email in error, please notify the sender and delete this message and its attachments.
As emails may be altered, Orange is not liable for messages that have been modified, changed or falsified.
Thank you.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-mobile-profile/attachments/20170510/a20d09b3/attachment.html>


More information about the Openid-specs-mobile-profile mailing list