[Openid-specs-mobile-profile] CIBA Issues Review: Feedback for #52

GONZALO FERNANDEZ RODRIGUEZ gonzalo.fernandezrodriguez at telefonica.com
Mon Mar 19 18:39:51 UTC 2018


The commit: https://bitbucket.org/openid/mobile/commits/679a57132a244ce6bf1b4a2b0f86605e69daf2c4#chg-draft-mobile-client-initiated-backchannel-authentication.xml


From: GONZALO FERNANDEZ RODRIGUEZ <gonzalo.fernandezrodriguez at telefonica.com>
Date: Monday, 19 March 2018 at 19:38
To: "openid-specs-mobile-profile at lists.openid.net" <openid-specs-mobile-profile at lists.openid.net>
Cc: "Hjelm, Bjorn" <Bjorn.Hjelm at VerizonWireless.com>
Subject: Re: CIBA Issues Review: Feedback for #52

Hi all,

I uploaded a commit to add a new section “Registration” in CIBA in order to deal with this issue and to explain how could be possible to use Pairwise Pseudonymous Identifiers when using Polling Mode.

Best,
Gonza.

From: GONZALO FERNANDEZ RODRIGUEZ <gonzalo.fernandezrodriguez at telefonica.com>
Date: Thursday, 1 March 2018 at 13:52
To: "openid-specs-mobile-profile at lists.openid.net" <openid-specs-mobile-profile at lists.openid.net>
Cc: "Hjelm, Bjorn" <Bjorn.Hjelm at VerizonWireless.com>
Subject: CIBA Issues Review: Feedback for #52

Hi all,

I would like to know your thoughts about the issue #52 of the CIBA spec: https://bitbucket.org/openid/mobile/issues/52/ciba-pairwise-identifiers-structuring-text in order to resolve it:

As we know there is no way to use the sector_identifier if we cannot verify it and it seems that the only way to do it is to have a uri that belongs to the client. In order to resolve this issue that is blocked for a long time, I propose to add some text to the spec. advising that is not possible to use Pairwise Identifiers when using polling in CIBA flow unless the client has registered the jwks_uri to sign request objects and use it as sector_identifier. It must have another comment as well reminding that the jws_uri host should be the same as other used in other applications belonging to the same client where PPID’s are expected.

If this approach is agreed I would modify the spec to resolve this issue and the #57 https://bitbucket.org/openid/mobile/issues/57/client-initiated-backend-authentication.


Best,
Gonza.



________________________________

Este mensaje y sus adjuntos se dirigen exclusivamente a su destinatario, puede contener información privilegiada o confidencial y es para uso exclusivo de la persona o entidad de destino. Si no es usted. el destinatario indicado, queda notificado de que la lectura, utilización, divulgación y/o copia sin autorización puede estar prohibida en virtud de la legislación vigente. Si ha recibido este mensaje por error, le rogamos que nos lo comunique inmediatamente por esta misma vía y proceda a su destrucción.

The information contained in this transmission is privileged and confidential information intended only for the use of the individual or entity named above. If the reader of this message is not the intended recipient, you are hereby notified that any dissemination, distribution or copying of this communication is strictly prohibited. If you have received this transmission in error, do not read it. Please immediately reply to the sender that you have received this communication in error and then delete it.

Esta mensagem e seus anexos se dirigem exclusivamente ao seu destinatário, pode conter informação privilegiada ou confidencial e é para uso exclusivo da pessoa ou entidade de destino. Se não é vossa senhoria o destinatário indicado, fica notificado de que a leitura, utilização, divulgação e/ou cópia sem autorização pode estar proibida em virtude da legislação vigente. Se recebeu esta mensagem por erro, rogamos-lhe que nos o comunique imediatamente por esta mesma via e proceda a sua destruição
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-mobile-profile/attachments/20180319/3d541536/attachment-0001.html>


More information about the Openid-specs-mobile-profile mailing list