[Openid-specs-mobile-profile] MODRNA WG call on Nov 13th 2018 preliminary minutes
torsten at lodderstedt.net
Wed Nov 14 15:21:34 UTC 2018
Re issue 87: I finally managed to get my changes pushed to the repository. So you might want to take a look at the pull request https://bitbucket.org/openid/mobile/pull-requests/44/cleaned-up-discovery-draft/diff
> Am 14.11.2018 um 14:58 schrieb <philippe.clement at orange.com> <philippe.clement at orange.com>:
> Dear all,
> Please find below the preliminary minutes of our call pn Nov 13th 2018.
> In case of any error or misunderstanding, please let me know.
> Roll Call
> John Bradley
> Philippe Clement (Orange)
> Bjorn Hjelm (Verizon)
> Brian Campbell (Ping Identity)
> Geoffrey Graham
> Joseph Heenan
> Petteri (Ubisecure)
> Charles Marais (Orange)
> Adoption of the Agenda [Bjorn/John]
> Agenda agreed
> External Organizations
> IETF 103 [John]
> No specific things addressing actual work in MODRNA. The Security guidance document is under discussions, subjects like protection of the token from injection replay are discussed.
> GSMA [Siva]
> Not addressed
> Working Group Updates
> FAPI WG [Dave]
> No particular activity to mention
> Spec. Status
> CIBA Core/MODRNA [Dave/Brian/Gonzalo/Axel]
> Pull requests under progression
> Discovery [John/Torsten]
> All à have a look at issue 87 to access the specs.
> Issue Tracker
> CIBA [Dave/Brian/Gonzalo/Axel]
> #114: CIBA: slow_down
> Consensus appears on not updating text but rely instead on device flow.
> #112: CIBA: Require presence of jwks_uri conditionally
> Related to 72 as well. Update needed to the text.
> #115: CIBA: How about backchannel_notification_endpoint?
> Dave proposes the term backchannel_client_notification_endpoint , consensus on the proposal
> #116: CIBA: How about backchannel_notification_token?
> The term client_notification_token is kept
> #117: CIBA: other request parameters when "request" is present
> Autentication request parameters MUST be inserted solely into the JWT
> #109: Update CIBA examples
> Feel free to comment or propose examples
> #113: CIBA: the behavior when the "openid" scope value is not present
> • Brian to update the text to mention why the behavior is unspecified and it could be defined elsewhere
> #111: CIBA: rt_hash
> Make public names would avoid collisions.
> Consensus to keep the public claim name.
> #62: CIBA - Support for Spam Prevention code in Authentication Request
> Bunch of conflicts. Needs to be resolved
> • Petteri to work on it.
> • All to re read the pull request.
> #106: CIBA: Means to request claims to be embedded in the issued ID token
> No obvious real Use Case. No specific to the MODRNA profile.
> Double check the text. (additional parameters ignored)
> • Brian: to double check the text, and close it.
> #103: CIBA: Means to require "acr" as "essential"
> Must the acr be included in the id_token ?
> What is “essential” ?
> • Brian to update the text.
> Discovery [John/Torsten]
> Meeting at same times nov 20th for CIBA, And on 27th for usual call
> Ce message et ses pieces jointes peuvent contenir des informations confidentielles ou privilegiees et ne doivent donc
> pas etre diffuses, exploites ou copies sans autorisation. Si vous avez recu ce message par erreur, veuillez le signaler
> a l'expediteur et le detruire ainsi que les pieces jointes. Les messages electroniques etant susceptibles d'alteration,
> Orange decline toute responsabilite si ce message a ete altere, deforme ou falsifie. Merci.
> This message and its attachments may contain confidential or privileged information that may be protected by law;
> they should not be distributed, used or copied without authorisation.
> If you have received this email in error, please notify the sender and delete this message and its attachments.
> As emails may be altered, Orange is not liable for messages that have been modified, changed or falsified.
> Thank you.
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 3892 bytes
Desc: not available
More information about the Openid-specs-mobile-profile