[Openid-specs-mobile-profile] MODRNA WG Call on Feb 6th 2018 preliminary notes

philippe.clement at orange.com philippe.clement at orange.com
Tue Feb 6 16:53:34 UTC 2018


Dear all,

Please find below the preliminary notes of our call on Feb 6th 2018.
Due to bad conditions, some parts of the conversation were noisy or extremely low level. So please don't hesitate to correct these notes and send me suggestions in case of misunderstandings.

Agenda
*       Roll Call
*       Adoption of the Agenda [Bjorn/John]
*       Liaisons Updates
o       GSMA
o       CPAS Update [Siva]
*       UQ API Discussion [Orange]
*       Working Group Updates
*       FAPI WG [John]
*       Specification Status
*       UQ API [Orange]
*       Issue Tracker
*       Authentication Profile
*       CIBA
*       Other
*       AOB

Discussion
*       Roll Call
      Participants :   John Bradley,  Bjorn Hjelm (Verizon),  J Burgess, Marianne,  MOHAJERI, SHAHRAM (at&t), Nicolas AILLERY (Orange),  Petteri Stenius (Ubisecure), Philippe, Jörg (DT),  Celestin Bayard,  Siva(GSMA),  Charles Marais (Orange)
*       Adoption of the Agenda [Bjorn/John]

     Agreed.
*       Liaisons Updates
o       GSMA
o       CPAS Update [Siva]

CPAS is working on PSD2 and LOA4 to find the best approaches. Some discussions appeared concerning SE mode to know which topic should be treated in CPAS or not. Not much demand for discovery and registration from operators, could be addressed in the future.  Orange mentions its request on that for security reasons and a lack of security in actual process of exchanging SP credentials.

John mentions that banks consider the GSMA is positioning uniquely through redirect CIBA. But an interpretation of the EU text prevent to redirect the user from the TPP to the bank. Could impact MODRNA as FAPI too. The TPP authenticates the user to what ? The TPP could use CIBA for auth, but how any 3rd party can trust it ? The TPP in this case could be the IDP (?)The TPP has to provide the interface, cannot redirect the user to the bank.
==>     Discussion necessary into the OIF.
*       UQ API Discussion [Orange]

Orange: had to close the different issues. Done. No more open issue on UQ, how to progress ? question to Nat whether FAPI has taken position for UQ. Nat: the priority was rather on authentication, not UQ. The point was to maintain UQ and CIBA open to accommodate FAPI requests...
A vote in the WG is appropriate. Is Orange doing implementations of UQ ? must have 2 different implementations from independent bodies. In Spain Orange experiments with different partners, this feeds the process. In case of issue for these people, let's consider it in OIF.
*       Working Group Updates
*       FAPI WG [John]

In the last Workshop on Monday, discussion on different interpretations about specs, and requests concerning client ID and parameters. The interpretation of the European Commission didn't make the banks very happy. Talks on removing redirection from the profile, considered as an impediment. This position could block CIBA and UQ.
Open Issues for part 1 and part 2 for CIBA. Profile issues . some of them seem to concern CIBA core spec. Should be brought back to MODRNA WG.
What is the FAPI profile for CIBA ?
==>     Bjorn to send a link on this doc.
*       Issue Tracker

To be addressed next call
*       Authentication Profile

To be addressed next call

Best regards,
Philippe


_________________________________________________________________________________________________________________________

Ce message et ses pieces jointes peuvent contenir des informations confidentielles ou privilegiees et ne doivent donc
pas etre diffuses, exploites ou copies sans autorisation. Si vous avez recu ce message par erreur, veuillez le signaler
a l'expediteur et le detruire ainsi que les pieces jointes. Les messages electroniques etant susceptibles d'alteration,
Orange decline toute responsabilite si ce message a ete altere, deforme ou falsifie. Merci.

This message and its attachments may contain confidential or privileged information that may be protected by law;
they should not be distributed, used or copied without authorisation.
If you have received this email in error, please notify the sender and delete this message and its attachments.
As emails may be altered, Orange is not liable for messages that have been modified, changed or falsified.
Thank you.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-mobile-profile/attachments/20180206/569910ba/attachment.html>


More information about the Openid-specs-mobile-profile mailing list