[Openid-specs-mobile-profile] Mobile Profile WG Call on July 12th 2017 preliminary notes

philippe.clement at orange.com philippe.clement at orange.com
Wed Jul 12 16:17:55 UTC 2017


Dear all,

Please find below the preliminary notes of our MODRNA meeting on July 12th 2017.
In case of error or misunderstanding, let me know.

Participants:
Nicolas, Keith, Bjorn, Siva, Dave Tonge, Jörg

Agenda
1.      Roll Call and Adoption of the Agenda [Bjorn/John]
2.      Liaisons Updates
GSMA CIBA input [Siva]
3.      FAPI Profile for CIBA<https://bitbucket.org/openid/fapi/src/7d428a93d30d14848d5b10de73a95243cd88260b/Financial_API_WD_CIBA.md?fileviewer=file-view-default>
4.      Issue Tracker [All]
*       #1<https://bitbucket.org/openid/mobile/issues/1/context-service-provider-wants-to> [Jörg]
*       #31<https://bitbucket.org/openid/mobile/issues/31/how-to-react-if-login_hint-and> [Jörg]
*       #54<https://bitbucket.org/openid/mobile/issues/54/ciba-client-notification-endpoint> Status on feedback from FAPI? [Axel]
*       #55<https://bitbucket.org/openid/mobile/issues/55/ciba-signed-result-objects> Status on feedback from FAPI? [Axel]
*       #56<https://bitbucket.org/openid/mobile/issues/56/signed-request-object-authentication>
*       #52<https://bitbucket.org/openid/mobile/issues/52/ciba-pairwise-identifiers-structuring-text>
*       #57<https://bitbucket.org/openid/mobile/issues/57/client-initiated-backend-authentication>
5.      CPAS-MODRNA Alignment Call
6.      AOB

Discussion
1.      Roll Call and Adoption of the Agenda [Bjorn/John]

Adopted
2.      Liaisons Updates, GSMA CIBA input [Siva]

CPAS has approved BC CIBA profile, with some particularities:
-       The support of several notification URIs at registration
-       A response_type value is introduced for BC.
-       Some FC parameters are removed
-       ID Token is completed with a new field concerning the recipient
-       A notification for acknowledgement is added
-       Error handling at IDGW and SP sides
-       Usage of Context, client_name and binding message
-       Future Signature of request object
-       FC parameters to be removed
-       Polling is removed

3.      FAPI Profile for CIBA<https://bitbucket.org/openid/fapi/src/7d428a93d30d14848d5b10de73a95243cd88260b/Financial_API_WD_CIBA.md?fileviewer=file-view-default> (dave tonge)
Status update made by Dave, with the wish to avoid adherences between different specs.
The FAPI profile is under construction, one for BC and one for FC.
Question about security: bot mutual TLS and Token binding are possible, and signature of messages is requested.

4.      Issue Tracker [All]
*       #1<https://bitbucket.org/openid/mobile/issues/1/context-service-provider-wants-to> [Jörg]
o       Discussions with Gonzalo about UQ API. Fixed the binding message parameter in the authentication spec, Jörg proposes to close this after moving remaining into UQ spec.
o       --> Nicolas: to post a comment in issue 1 to say it's resolved in UQ API.
*       #31<https://bitbucket.org/openid/mobile/issues/31/how-to-react-if-login_hint-and> [Jörg]
-       How to react with authentication spec service when login hint and login hint token are both provided ? Ignore the login hint, or throw an error ? The SP can start with a login_hint, and the discovery service can add a login_hint_token.
-->     Consensus in the group to throw an error if both are present, comments are awaited on the list. To be closed at the next call.
*       #54<https://bitbucket.org/openid/mobile/issues/54/ciba-client-notification-endpoint> Status on feedback from FAPI? [Axel]
*       Still open
*       #55<https://bitbucket.org/openid/mobile/issues/55/ciba-signed-result-objects> Status on feedback from FAPI? [Axel]
Still open
*       #56<https://bitbucket.org/openid/mobile/issues/56/signed-request-object-authentication>
Still open
*       #52<https://bitbucket.org/openid/mobile/issues/52/ciba-pairwise-identifiers-structuring-text>
Still open
*       #57<https://bitbucket.org/openid/mobile/issues/57/client-initiated-backend-authentication>
Tight to #52, Still open
#58 added
Include the issuer response during registration, to be discussed off-line

5.      CPAS-MODRNA Alignment Call
Scheduled on July 24th
==>     Bjorn to send a note to the group to see whether another time slot to choose due to agenda conflicts.

6.      AOB
3.

Kind regards,
Philippe


_________________________________________________________________________________________________________________________

Ce message et ses pieces jointes peuvent contenir des informations confidentielles ou privilegiees et ne doivent donc
pas etre diffuses, exploites ou copies sans autorisation. Si vous avez recu ce message par erreur, veuillez le signaler
a l'expediteur et le detruire ainsi que les pieces jointes. Les messages electroniques etant susceptibles d'alteration,
Orange decline toute responsabilite si ce message a ete altere, deforme ou falsifie. Merci.

This message and its attachments may contain confidential or privileged information that may be protected by law;
they should not be distributed, used or copied without authorisation.
If you have received this email in error, please notify the sender and delete this message and its attachments.
As emails may be altered, Orange is not liable for messages that have been modified, changed or falsified.
Thank you.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-mobile-profile/attachments/20170712/29edb282/attachment.html>


More information about the Openid-specs-mobile-profile mailing list