[Openid-specs-mobile-profile] CIBA Issues Review: Feedback for #62

GONZALO FERNANDEZ RODRIGUEZ gonzalo.fernandezrodriguez at telefonica.com
Fri Mar 2 13:40:20 UTC 2018

Hi all,

I continue asking you for feedback about another CIBA issue, in that cases is the #62 https://bitbucket.org/openid/mobile/issues/62/ciba-support-for-spam-prevention-code-in

The spam-code belongs to the end-user, so it should be configured by the end-user in the OpenID Provider.
The CIBA flow doesn't have an interactive session with the end-user, but is the user who is contacted directly in his authentication device, what means that the end-user won't have the possibility to introduce the spam-code in his authentication, so, it only could be done by the Client.

We think that it would be possible to add support for that in CIBA as follow:
1.            A new OPTIONAL field "spam-code" in the CIBA authentication request.
2.            An specific error in case of the end-user had the anti-spam activatedin the OIDC and the Service Provider didn't include it in the authentication request.

It is worth it to highlight that this would be an optional feature implemented by the OIDC's and it should be "out of the scope" of CIBA to define how the end-user would share the spam-code with the Service Provider and how the end-user would configure the spam-code in the OIDC.

I would like to know again your point of view on that in order to resolve this issue.



Este mensaje y sus adjuntos se dirigen exclusivamente a su destinatario, puede contener información privilegiada o confidencial y es para uso exclusivo de la persona o entidad de destino. Si no es usted. el destinatario indicado, queda notificado de que la lectura, utilización, divulgación y/o copia sin autorización puede estar prohibida en virtud de la legislación vigente. Si ha recibido este mensaje por error, le rogamos que nos lo comunique inmediatamente por esta misma vía y proceda a su destrucción.

The information contained in this transmission is privileged and confidential information intended only for the use of the individual or entity named above. If the reader of this message is not the intended recipient, you are hereby notified that any dissemination, distribution or copying of this communication is strictly prohibited. If you have received this transmission in error, do not read it. Please immediately reply to the sender that you have received this communication in error and then delete it.

Esta mensagem e seus anexos se dirigem exclusivamente ao seu destinatário, pode conter informação privilegiada ou confidencial e é para uso exclusivo da pessoa ou entidade de destino. Se não é vossa senhoria o destinatário indicado, fica notificado de que a leitura, utilização, divulgação e/ou cópia sem autorização pode estar proibida em virtude da legislação vigente. Se recebeu esta mensagem por erro, rogamos-lhe que nos o comunique imediatamente por esta mesma via e proceda a sua destruição
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-mobile-profile/attachments/20180302/a99f3612/attachment-0001.html>

More information about the Openid-specs-mobile-profile mailing list