[Openid-specs-mobile-profile] MODRNA WG call on Nov 13th 2018 preliminary minutes

philippe.clement at orange.com philippe.clement at orange.com
Wed Nov 14 13:58:03 UTC 2018

Dear all,
Please find below the preliminary minutes of our call pn Nov 13th 2018.
In case of any error or misunderstanding, please let me know.

Roll Call
John Bradley
Philippe Clement (Orange)
Bjorn Hjelm (Verizon)
Brian Campbell (Ping Identity)
Geoffrey Graham
Joseph Heenan
Petteri (Ubisecure)
Charles Marais (Orange)

Adoption of the Agenda [Bjorn/John]
Agenda agreed

External Organizations

IETF 103 [John]
No specific things addressing actual work in MODRNA. The Security guidance document is under discussions, subjects like protection of the token from injection replay are discussed.

GSMA [Siva]
Not addressed

Working Group Updates

FAPI WG [Dave]
No particular activity to mention

Spec. Status

CIBA  Core/MODRNA [Dave/Brian/Gonzalo/Axel]
Pull requests under progression

Discovery [John/Torsten]
All --> have a look at issue 87<https://bitbucket.org/openid/mobile/issues/87/discovery-clean-up-draft-for-implementors> to access the specs.

Issue Tracker

CIBA [Dave/Brian/Gonzalo/Axel]
#114: CIBA: slow_down<https://bitbucket.org/openid/mobile/issues/114/ciba-slow_down>
Consensus appears on not updating text but rely instead on device flow.

#112: CIBA: Require presence of jwks_uri conditionally<https://bitbucket.org/openid/mobile/issues/112/ciba-require-presence-of-jwks_uri>
Related to 72 as well.  Update needed to the text.

#115: CIBA: How about backchannel_notification_endpoint?<https://bitbucket.org/openid/mobile/issues/115/ciba-how-about>
Dave proposes the term backchannel_client_notification_endpoint , consensus on the proposal

#116: CIBA: How about backchannel_notification_token?<https://bitbucket.org/openid/mobile/issues/116/ciba-how-about>
The term client_notification_token is kept

#117: CIBA: other request parameters when "request" is present<https://bitbucket.org/openid/mobile/issues/117/ciba-other-request-parameters-when-request>
Autentication request parameters MUST be inserted solely into the JWT

#109: Update CIBA examples<https://bitbucket.org/openid/mobile/issues/109/update-ciba-examples>
Feel free to comment or propose examples

#113: CIBA: the behavior when the "openid" scope value is not present<https://bitbucket.org/openid/mobile/issues/113/ciba-the-behavior-when-the-openid-scope>
==>     Brian to update the text to mention why the behavior is unspecified and it could be defined elsewhere

#111: CIBA: rt_hash<https://bitbucket.org/openid/mobile/issues/111/ciba-rt_hash>
Make public names would avoid collisions.
Consensus to keep the public claim name.

#62: CIBA - Support for Spam Prevention code in Authentication Request<https://bitbucket.org/openid/mobile/issues/62/ciba-support-for-spam-prevention-code-in>
Bunch of conflicts. Needs to be resolved
==>     Petteri to work on it.
==>     All to re read the pull request.

#106: CIBA: Means to request claims to be embedded in the issued ID token<https://bitbucket.org/openid/mobile/issues/106/ciba-means-to-request-claims-to-be>
No obvious real Use Case. No specific to the MODRNA profile.
Double check the text. (additional parameters ignored)
==>     Brian: to double check the text, and close it.

#103: CIBA: Means to require "acr" as "essential"<https://bitbucket.org/openid/mobile/issues/103/ciba-means-to-require-acr-as-essential>
Must the acr be included in the id_token ?
What is "essential" ?
==>     Brian to update the text.

Discovery [John/Torsten]

Meeting at same times nov 20th  for CIBA, And on 27th for usual call


Ce message et ses pieces jointes peuvent contenir des informations confidentielles ou privilegiees et ne doivent donc
pas etre diffuses, exploites ou copies sans autorisation. Si vous avez recu ce message par erreur, veuillez le signaler
a l'expediteur et le detruire ainsi que les pieces jointes. Les messages electroniques etant susceptibles d'alteration,
Orange decline toute responsabilite si ce message a ete altere, deforme ou falsifie. Merci.

This message and its attachments may contain confidential or privileged information that may be protected by law;
they should not be distributed, used or copied without authorisation.
If you have received this email in error, please notify the sender and delete this message and its attachments.
As emails may be altered, Orange is not liable for messages that have been modified, changed or falsified.
Thank you.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-mobile-profile/attachments/20181114/31aa46e9/attachment.html>

More information about the Openid-specs-mobile-profile mailing list