[Openid-specs-mobile-profile] MODRNA WG Call on nov 28th 2017 preliminary minutes

philippe.clement at orange.com philippe.clement at orange.com
Tue Nov 28 16:25:51 UTC 2017

Dear all,

Please find below the preliminary minutes of our call. In case of any error or misunderstanding, please let me know.

Participants : John, Petteri, Siva, Bjorn, Alex Chong, Dave Tonge, Gonzalo,

1.      Roll Call
2.      Adoption of the Agenda
3.      --> adopted.

One item added: update from IETF meeting 2 weeks ago: Security doc adopted, concerns token binding for ID token and Access token.
4.      Liaisons Updates
*       GSMA [Siva]
*       --> CPAS call:  One query regarding login_hint_token expiry time. CPAS proposes to include it into the LHT. Will be discussed in next CPAS call. We have to look also at error messages in this case. Do we have to create an error if the LHT is valid ? the objective would be to control how long the client can cache the LHT. (For information, the client credentials management process is supposed to evolve in MC). Error should be more specific than "invalid request". Or a sub type could be added to explain the real error case.
==>     questions about hashing claims with SHA256 for attribute services, to protect data. Probably outside the OIDC protocol. Discussion to continue on CPAS side. Use cases to mention to FAPI group.
*       Back channel and front channel are concerned. UK Open Banking flows use mostly front channel redirect. FAPI looks for CIBA in cases where redirects through front channel are not operating.
5.      Working Group Updates
6.      Feedback from FAPI meeting in London (Dave & John)
==>     Looking a way to add additional claims to ID token. Dave to post a proposal to the list.

7.      Issue Tracker [All]
8.      --> not addressed

Best regards,


Ce message et ses pieces jointes peuvent contenir des informations confidentielles ou privilegiees et ne doivent donc
pas etre diffuses, exploites ou copies sans autorisation. Si vous avez recu ce message par erreur, veuillez le signaler
a l'expediteur et le detruire ainsi que les pieces jointes. Les messages electroniques etant susceptibles d'alteration,
Orange decline toute responsabilite si ce message a ete altere, deforme ou falsifie. Merci.

This message and its attachments may contain confidential or privileged information that may be protected by law;
they should not be distributed, used or copied without authorisation.
If you have received this email in error, please notify the sender and delete this message and its attachments.
As emails may be altered, Orange is not liable for messages that have been modified, changed or falsified.
Thank you.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-mobile-profile/attachments/20171128/813bb129/attachment.html>

More information about the Openid-specs-mobile-profile mailing list