[Openid-specs-mobile-profile] MODRNA WG Call on Jan 9th 2018 preliminary minutes

Venkatsivakumar Boyalakuntla vboyalakuntla at gsma.com
Tue Jan 9 16:56:00 UTC 2018

Dear all,
Apologies for not attending, but was busy with other priorities and catching up the backlog due to holidays.

Regarding PCR : Pcr as login_hint will stay in MC, there is no removal.  Login_hint_token will be used to replace encrypted MSISDN in the login_hint.

Currently login_hint supports  : plain MSISDN, encrypted MSISDN and PCR
login_hint_token  : replacement to encrypted MSISDN.

Best regards,

Venkatasivakumar Boyalakuntla | Technical Expert |Mobile Connect Architecture | Identity| GSM Association |
@: vboyalakuntla at gsma.com<mailto:vboyalakuntla at gsma.com> | @Mob : 00447710020425 | @skype: sivaboyalakuntla |
2nd Floor, The Wallbrook Building, 25 Wallbrook, London EC4N 8AF, United Kingdom |
Quotes to remember : Where the mind is without fear and the head is held high; Where Knowledge is Free …….
Arise Awake and stop not till the goal is reached…..!!
[id:image001.png at 01D38957.6E624390]

From: "philippe.clement at orange.com" <philippe.clement at orange.com>
Date: Tuesday, 9 January 2018 at 16:29
To: Bjorn Helm <Bjorn.Hjelm at VerizonWireless.com>, "openid-specs-mobile-profile at lists.openid.net" <openid-specs-mobile-profile at lists.openid.net>, Venkatasivakumar Boyalakuntla <vboyalakuntla at gsma.com>, Gautam Hazari <GHazari at gsma.com>
Subject: MODRNA WG Call on Jan 9th 2018 preliminary minutes

Dear all,
Please find below the preliminary notes of our call today. Any error or misunderstanding, please let me know.
Roll Call
Adoption of the Agenda [Bjorn/John]
Liaisons Updates
GSMA [Siva]
Working Group Updates
Issue Tracker
Authentication profile

Roll Call
John, Gonzalo, Hubert, Jörg, MG, Petteri, Philippe, Bjorn,
Adoption of the Agenda [Bjorn/John]
Agreed, no addition.
Liaisons Updates
GSMA [Siva]
Siva not on the call.
Hubert mentions Orange, Telefonica and Telstra paper for usage of UQ api.
UQ paper pushed to FAPI group, one brief discussion with Dave T before end of year.
·         Bjorn to question Nat for the progress on it.
Working Group Updates
FAPI & OB workshop 2 weeks ago in London
Issue Tracker (Jörg)
·         #33: modrna – claim: I would vote to not put this into the basic authentication spec. In my opinion the topic here is about authorization of a transaction not about authenticating a user.
·         #22: is actually about the same thing. So I would vote to merge #32 and #22 an consider an additional document to handle those transactional authorizations.
·         #38: amr values. Those are not really specific to mobile connect so they should be addressed in RFC 8176.
·         Changing an RFC is not possible, but adding a doc is, maybe external.
·         --> To collect possible amr first
·         #39: error handling: We really should reserve some time to discuss this during a WG call
·         Some people think the RP has to check if the returned info are acceptable and that it should be up to the RP to decide according the returned info. Other ones think that error handling has a benefit.
·         A case is discussed regarding the request of a certain acr by the RP.
· of the OIDC spec specifies how to deal with requested acr claim from the RP, should it be essential or requested by acr_values for the id_token.
--> Discussion to be continued on the next call and mailing list.
·         #40: loa4 handling: We could take the approach from the current mobile connect profile here. (And pull it down to the MODRNA spec)
·         No possible implementation of mobile connect to make that. Try to be more specific on what is behind LOA4.
·         Wait for IGov WG conclusions, according to a LOA4 profile. IGov document covering highest level assurance.
·         --> Keep it open for now
·         #42: pcr as login hint: I would vote to close this issue. In the next version Mobile Connect Profile will support MODRNA login_hint_token.
·         Pcr, a concept of MC (personal customer reference). No more needed since MC supports the LHT.
·         --> To be closed
·         #43: phishing: I am really no expert on phishing. John should take a look at it.
·         Session highjacking is more appropriate.
·         --> Issue assigned to John for comment
·         #61: OpenAPI respresentation: Still waiting for Nat’s reply here.
·         --> Bjorn to ping Nat on this.
Authentication Profile
For the next call

Best regards,


Ce message et ses pieces jointes peuvent contenir des informations confidentielles ou privilegiees et ne doivent donc

pas etre diffuses, exploites ou copies sans autorisation. Si vous avez recu ce message par erreur, veuillez le signaler

a l'expediteur et le detruire ainsi que les pieces jointes. Les messages electroniques etant susceptibles d'alteration,

Orange decline toute responsabilite si ce message a ete altere, deforme ou falsifie. Merci.

This message and its attachments may contain confidential or privileged information that may be protected by law;

they should not be distributed, used or copied without authorisation.

If you have received this email in error, please notify the sender and delete this message and its attachments.

As emails may be altered, Orange is not liable for messages that have been modified, changed or falsified.

Thank you.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-mobile-profile/attachments/20180109/8cc015b1/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.png
Type: image/png
Size: 86376 bytes
Desc: image001.png
URL: <http://lists.openid.net/pipermail/openid-specs-mobile-profile/attachments/20180109/8cc015b1/attachment-0001.png>

More information about the Openid-specs-mobile-profile mailing list