[Openid-specs-mobile-profile] MODRNA WG preliminary minutes of call on May 29th 2018

philippe.clement at orange.com philippe.clement at orange.com
Wed May 30 13:56:14 UTC 2018

Dear all,

Please find below the preliminary minutes of the MODRNA call on May 29th 2018
In any case of error or misunderstanding, please let me know
1.      1- Roll Call
2.      from GotoMeeting participants list:
3.      Bjorn Hjelm (Verizon),  Gonza,  Hubert Mariotte, Jörg (DT), Philippe Clement (Orange),  John Bradley

2- Adoption of the Agenda [Bjorn/John]
4.      Agreed

3- Liaisons Updates
5.      - GSMA [Siva]
6.      Not addressed

4- Working Group Updates
4.      - FAPI WG [John/Dave]
5.      No update

5- Issue Tracker

- CIBA [Gonzalo]
5.      Issue 52 <https://bitbucket.org/openid/mobile/issues/52/ciba-pairwise-identifiers-structuring-text> : CIBA pairwise identifiers structuring text.
6.      Mutual TLS authentication has been added as mandatory to the spec.
7.      --> Closing is agreed. Gonzalo to insert a comment describing the Mutual TLS authentication to the token endpoint and verification of sector identifier
8.      Issue 54<https://bitbucket.org/openid/mobile/issues/54/ciba-client-notification-endpoint>: client notification endpoint authentication
9.      Dave Tonge proposed to include the access token hash and the refresh token hash in the ID token. Has been included.
10.     --> Closing is agreed
11.     Issue 63<https://bitbucket.org/openid/mobile/issues/63/ciba-new-synchronous-flow>: CIBA new synchronous flow
12.     Discussion on the fact of delivering an ID token when no user authentication occurred. More than this, the term "back channel authentication" is maybe misunderstood.
13.     For GSMA, in some countries, different laws imply to return a token without authentication. The SP couldn't know if the user belongs to some countries. And when using CIBA, you don't know if the user has to consent.
14.     Discussion to follow by email.
15.     John is invited describe the alternatives. 2 issues: The authentication for the consent can be different of the authentication on the second channel.

- Authentication Profile [Joerg]
17.     Issue 42<https://bitbucket.org/openid/mobile/issues/42/pcr-as-login-hint>: PCR as login hint.
18.     Proposal to close it, Agreed
20.     Issue 43:<https://bitbucket.org/openid/mobile/issues/43/additional-security-considerations> additional security considerations
21.     --> John to take a look at the security considerations.
23.     Issue 38:<https://bitbucket.org/openid/mobile/issues/38/how-to-introduce-authentication-strength> AMR: how to introduce authentication strength.
24.     --> Björn to discuss it with mike in upcoming calls.
26.     Issue 33:<https://bitbucket.org/openid/mobile/issues/33/modrna-as-an-individual-claim-request> MODRNA as an individual claim request parameter
27.      Orange issued this request,
28.     --> Hubert to check persistence of needs and present the result for the next call
30.     Issue 22<https://bitbucket.org/openid/mobile/issues/22/service-provider-wants-to-get>: SP wants to get authorization for a transaction
31.     --> Hubert to check persistence of needs and present the result for the next call
33.     Issue 39:<https://bitbucket.org/openid/mobile/issues/39/error-non-error-handling-in-case-op-cannot> Error handling in case OP cannot fulfill RP requirements
34.     --> Joerg to keep in touch with GSMA guy to revisit this.
36.     Issue 61<https://bitbucket.org/openid/mobile/issues/61/please-provide-more-examples-potentially>: provide more examples, potentially with swagger representation
37.     still open. No feedback
38.     --> Bjorn to  get in touch with Nat.

Best regards,


Ce message et ses pieces jointes peuvent contenir des informations confidentielles ou privilegiees et ne doivent donc
pas etre diffuses, exploites ou copies sans autorisation. Si vous avez recu ce message par erreur, veuillez le signaler
a l'expediteur et le detruire ainsi que les pieces jointes. Les messages electroniques etant susceptibles d'alteration,
Orange decline toute responsabilite si ce message a ete altere, deforme ou falsifie. Merci.

This message and its attachments may contain confidential or privileged information that may be protected by law;
they should not be distributed, used or copied without authorisation.
If you have received this email in error, please notify the sender and delete this message and its attachments.
As emails may be altered, Orange is not liable for messages that have been modified, changed or falsified.
Thank you.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-mobile-profile/attachments/20180530/184945bb/attachment.html>

More information about the Openid-specs-mobile-profile mailing list