[Openid-specs-mobile-profile] [E] Mobile Profile WG Call on June 14th preliminary minutes

Hjelm, Bjorn Bjorn.Hjelm at VerizonWireless.com
Tue Jun 27 21:51:08 UTC 2017


Regarding changes to Bitbucket, 'Components' has been updated with "Account Porting," "CIBA,", and "UQAPI" for issues related to these specifications. I didn't add anything for Async JWT Profile at this time but can if there is a desire to move this specification forward.

For those filing issues against either of these specifications, please update issue tracker with the appropriate 'component' type.

BR,
Bjorn

From: Openid-specs-mobile-profile [mailto:openid-specs-mobile-profile-bounces at lists.openid.net] On Behalf Of philippe.clement at orange.com
Sent: Wednesday, June 14, 2017 8:22 AM
To: Hjelm, Bjorn; openid-specs-mobile-profile at lists.openid.net
Subject: [E] [Openid-specs-mobile-profile] Mobile Profile WG Call on June 14th preliminary minutes

Dear all,

Please find enclosed the preliminary minutes of our MODRNA call on June 14th 2017
Any error or misunderstanding, please let me know.

Participants :
Bjorn, Axel, Philippe, Charles, Gonzalo

Agenda :
1.     CPAS feedback post-Workshop meeting [Siva]
2.     Issue Tracker [All] #52 to #56
3.
Discussion:
1.     CPAS feedback post-Workshop meeting [Siva]
Not addressed

2.     Issue Tracker [All]
·         #52<https://urldefense.proofpoint.com/v2/url?u=https-3A__bitbucket.org_openid_mobile_issues_52_ciba-2Dpairwise-2Didentifiers-2Dstructuring-2Dtext&d=DwMFAg&c=udBTRvFvXC5Dhqg7UHpJlPps3mZ3LRxpb6__0PomBTQ&r=NMZJHCV8pjvGIH2fTx9z6l7g7-V-a2xW7ISf9uHdz0A&m=Q05fhT39vGTj5iEm6FpgC2BKpV6n81UWEL-YK2XclZQ&s=VRwwVthDz1wgxuiklA_fjMxMtpUNIXRYrlCLyrLaq0A&e=>
signed request object: it seems to not be enough, keep 52 open until John comment.
·         John to comment
·         #53<https://urldefense.proofpoint.com/v2/url?u=https-3A__bitbucket.org_openid_mobile_issues_53_ciba-2Dterminology-2Dconsumption-2Ddevice&d=DwMFAg&c=udBTRvFvXC5Dhqg7UHpJlPps3mZ3LRxpb6__0PomBTQ&r=NMZJHCV8pjvGIH2fTx9z6l7g7-V-a2xW7ISf9uHdz0A&m=Q05fhT39vGTj5iEm6FpgC2BKpV6n81UWEL-YK2XclZQ&s=Uc7WH9kcDvA3aTF3tY9Dee9OJ8PnSUFOWUEqcJW0G8c&e=>
·         CIBA terminology of consumption device on front channel. Axel changed it. Nobody disagrees, change approved.
·         #54<https://urldefense.proofpoint.com/v2/url?u=https-3A__bitbucket.org_openid_mobile_issues_54_ciba-2Dclient-2Dnotification-2Dendpoint&d=DwMFAg&c=udBTRvFvXC5Dhqg7UHpJlPps3mZ3LRxpb6__0PomBTQ&r=NMZJHCV8pjvGIH2fTx9z6l7g7-V-a2xW7ISf9uHdz0A&m=Q05fhT39vGTj5iEm6FpgC2BKpV6n81UWEL-YK2XclZQ&s=phuJZXhibLXCfy2S5kXxXLQ5p1hag4M4pUihMcP9uFo&e=>
CIBA BackChannel endpoint authentication.
The client sending an auth request with a bearer token, used to authenticate the ID Provider. Client endpoint must be able to authenticate the OP. This feature is in CIBA from the beginning. John mentioned that banks wouldn't use bearer tokens.
Could be interesting to allow other kinds of mechanism to authenticate the OP. One possibility is a bearer token, but other means could work too.
·         Axel to ask to FAPI team what they think
·         #55<https://urldefense.proofpoint.com/v2/url?u=https-3A__bitbucket.org_openid_mobile_issues_55_ciba-2Dsigned-2Dresult-2Dobjects&d=DwMFAg&c=udBTRvFvXC5Dhqg7UHpJlPps3mZ3LRxpb6__0PomBTQ&r=NMZJHCV8pjvGIH2fTx9z6l7g7-V-a2xW7ISf9uHdz0A&m=Q05fhT39vGTj5iEm6FpgC2BKpV6n81UWEL-YK2XclZQ&s=9g6Afsye83ct2-xQ1hxmgDQxkhDt2sjrJ2rKj8BJtjU&e=>
·         CIBA sends the result object, in S2S communication. FAPI team wants non repudiation. Id Token must be signed, is it enough ? do we need and is there a way to sign the whole response ?
·         Axel to ask to FAPI team what they think
·         #56<https://urldefense.proofpoint.com/v2/url?u=https-3A__bitbucket.org_openid_mobile_issues_56_signed-2Drequest-2Dobject-2Dauthentication&d=DwMFAg&c=udBTRvFvXC5Dhqg7UHpJlPps3mZ3LRxpb6__0PomBTQ&r=NMZJHCV8pjvGIH2fTx9z6l7g7-V-a2xW7ISf9uHdz0A&m=Q05fhT39vGTj5iEm6FpgC2BKpV6n81UWEL-YK2XclZQ&s=U19fhvT4LZiVf9RVKqgY072lxLsrgw3urdoT0v16paA&e=>
·         How to choose between OIDC spec or the JWT spec, as they seem to not be totally consistent ?
·         Email occurred on the list.
·         The signed request object should be OK, because we are in S2S exchanges. in the JWT, only the expiration param is mandatory.
·         --> Question for John.
3.     Closing old issues in Issue Tracker [Axel]
4.     Go through the old issues on the next call.
4.     AOB
Axel: how to make categories on Bitbucket.

Best regards,
Philippe


_________________________________________________________________________________________________________________________



Ce message et ses pieces jointes peuvent contenir des informations confidentielles ou privilegiees et ne doivent donc

pas etre diffuses, exploites ou copies sans autorisation. Si vous avez recu ce message par erreur, veuillez le signaler

a l'expediteur et le detruire ainsi que les pieces jointes. Les messages electroniques etant susceptibles d'alteration,

Orange decline toute responsabilite si ce message a ete altere, deforme ou falsifie. Merci.



This message and its attachments may contain confidential or privileged information that may be protected by law;

they should not be distributed, used or copied without authorisation.

If you have received this email in error, please notify the sender and delete this message and its attachments.

As emails may be altered, Orange is not liable for messages that have been modified, changed or falsified.

Thank you.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-mobile-profile/attachments/20170627/ee21949b/attachment-0001.html>


More information about the Openid-specs-mobile-profile mailing list