[Openid-specs-mobile-profile] MODRNA WG call on Sept 25th 2018 preliminary minutes

philippe.clement at orange.com philippe.clement at orange.com
Wed Sep 26 14:00:19 UTC 2018

Dear all,

Please find below the preliminary minutes of our call on Sept 25th 2018
In case of any error or misunderstanding, please let me know.

Roll Call [John] names extracted from gotomeeting app
John Bradley
Philippe Clement (Orange)
Brian Campbell (Ping Identity)
Dave.Tonge (Moneyhub)
Hubert Mariotte
Petteri Stenius (Ubisecure)
Nat Sakimura
Geoff Graham

Adoption of Agenda [John]
Agenda agreed


GSMA [Siva]
         Not addressed

Issue Tracker
*       CIBA [Dave/Brian/Gonzalo/Axel]

#73: CIBA client authentication to the Backchannel Authentication Endpoint inconsistent/contradictory<https://bitbucket.org/openid/mobile/issues/73/ciba-client-authentication-to-the>
And #67: Clarify CIBA Authentication Request format<https://bitbucket.org/openid/mobile/issues/67/clarify-ciba-authentication-request-format>
A Pull request #18<https://bitbucket.org/openid/mobile/pull-requests/18/authentication-request-format-and-client> is done to address these 2 issues at the same time.
==>     All to look at this and comment for editorial fixes or other updates.

#89: "Delivery Callback" to push<https://bitbucket.org/openid/mobile/issues/89/delivery-callback-to-push>
==>     Dave to replace "delivery callback" with "push delivery mode"

#88: follow convention to use "_supported" suffix on AS metadata<https://bitbucket.org/openid/mobile/issues/88/follow-convention-to-use-_supported-suffix>
Use the conventional approach of  "_supported" suffix.
==>     Dave takes the point to update

#85: CIBA: Notifying the Client when a user fails to authenticate<https://bitbucket.org/openid/mobile/issues/85/ciba-notifying-the-client-when-a-user>

The question is to allow (or not) additional information with a diversity of error codes.
It seems like a separate issue from returning simple error codes.
==>     Dave took the point for a pull request

#86: CIBA needs IANA Considerations<https://bitbucket.org/openid/mobile/issues/86/ciba-needs-iana-considerations>
CIBA needs IANA Considerations
==>     Brian takes the point

#78: CIBA: Expiration Time<https://bitbucket.org/openid/mobile/issues/78/ciba-expiration-time>
Agreement to update the text
==>     Dave takes the point

#71: CIBA hint validation clarification<https://bitbucket.org/openid/mobile/issues/71/ciba-hint-validation-clarification>
==>     Brian takes the point

#77: CIBA: Terminology - "authentication result"<https://bitbucket.org/openid/mobile/issues/77/ciba-terminology-authentication-result>
To leave open

#83: CIBA: Split into 2 drafts<https://bitbucket.org/openid/mobile/issues/83/ciba-split-into-2-drafts>
To leave open

#79: CIBA: Client requirements for verifying id token<https://bitbucket.org/openid/mobile/issues/79/ciba-client-requirements-for-verifying-id>
Client requirements for verifying id token
==>     Dave to look it

#62: CIBA - Support for Spam Prevention code in Authentication Request<https://bitbucket.org/openid/mobile/issues/62/ciba-support-for-spam-prevention-code-in>
Some users will do use the spam prevention code. If the user has not register a code, the auth starts without knowing the existence.
The group agrees it's worth adding in. not broadly implemented, but useful in certain cases
==>     Petterri to open a pull request on this.

Petterri suggests to add context parameters to the authentication request, like IP address, geolocation... In the Bank, could be ATM machine.
==>     Petterri to open an issue on that.

Best regards,


Ce message et ses pieces jointes peuvent contenir des informations confidentielles ou privilegiees et ne doivent donc
pas etre diffuses, exploites ou copies sans autorisation. Si vous avez recu ce message par erreur, veuillez le signaler
a l'expediteur et le detruire ainsi que les pieces jointes. Les messages electroniques etant susceptibles d'alteration,
Orange decline toute responsabilite si ce message a ete altere, deforme ou falsifie. Merci.

This message and its attachments may contain confidential or privileged information that may be protected by law;
they should not be distributed, used or copied without authorisation.
If you have received this email in error, please notify the sender and delete this message and its attachments.
As emails may be altered, Orange is not liable for messages that have been modified, changed or falsified.
Thank you.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-mobile-profile/attachments/20180926/4fd88194/attachment.html>

More information about the Openid-specs-mobile-profile mailing list