[Openid-specs-mobile-profile] MODRNA WG call on Dec 11th 2018 preliminary minutes

philippe.clement at orange.com philippe.clement at orange.com
Tue Dec 11 17:20:13 UTC 2018

Dear all,

Please find below the preliminary minutes of our MODRNA call on Dec 11th 2018
Please let me know of errors or misunderstandings in the feedback

Roll Call
1.      Dave.Tonge (Moneyhub) ;
2.      Philippe Clement (Orange)
3.      Geoffrey Graham
4.      Jörg (DT
5.      Joseph Heenan
6.      Petteri (Ubisecure)
7.      Bjorn Hjelm (Verizon)
8.      Brian Campbell (Ping Identity)
9.      Takahiko Kawasaki
10.     John Bradley

Adoption of the Agenda [Bjorn/John]

External Organizations

GSMA [Siva]

Not addressed

Working Group Updates

FAPI WG [Dave]
Nothing to mention

Spec. Status

CIBA  Core/MODRNA [Dave/Brian/Gonzalo/Axel]

Core profile is closed to be ready for implementers draft

Authentication Profile [Joerg]
*       2 things to discuss in the issue tracking:
*       #39: Error/non-error handling in case OP cannot fulfill RP requirements<https://bitbucket.org/openid/mobile/issues/39/error-non-error-handling-in-case-op-cannot>
*       #43: Additional security considerations/mitigations regarding phishing of OOB authentication
*       need feedback before closing

Issue Tracker

CIBA [Dave/Brian/Gonzalo/Axel]
*       #124: Privacy Considerations and Identifiers<https://bitbucket.org/openid/mobile/issues/124/privacy-considerations-and-identifiers>
*       The 3 ways for a public identifier reach consensus.
*       Text about security has been inserted into the pull request.
*       Minor editorial changes to add.

#125: CIBA: Pragma: no-cache<https://bitbucket.org/openid/mobile/issues/125/ciba-pragma-no-cache>
No technical reasons to use it. We shouldn't propagate it.
No objection to close these issues. Let people have a review of the specs. If no further objection, we'll go for implementers draft.
The sequence of further operations is then:
==>     Issue 125 to close
==>     Issue 124 to merge into the pull request.
==>     Bjorn to see the proper wordings of the name of the spec with Mike and confirm to Dave.
==>     Dave to change the name of the spec.
==>     Bjorn to send a note "ready for review" to the list on Friday this week.

Authentication Profile [Joerg]
*       #39: Error/non-error handling in case OP cannot fulfill RP requirements<https://bitbucket.org/openid/mobile/issues/39/error-non-error-handling-in-case-op-cannot>
*       If the RP said acr is essential and the OP did not make it, Is it an error to feedback to the RP ? Do we rely on the OIDC core spec that could be sufficient in terms of error handling ?
*       It seems that it is up to the RP to make the appropriate decision.
*       Joerg recommends to reject the error handling and make reference to OpenID connect core.
*       -->  Issue to close.
*       #43: Additional security considerations/mitigations regarding phishing of OOB authentication<https://bitbucket.org/openid/mobile/issues/43/additional-security-considerations>
*       --> Joerg to reach out to Torsten and John for inputs and proper wording.
*       This issue is the last thing to resolve before going final, then the spec to be read by the WG.

Next meeting on January 8th.
==>     John to delete the last 2018 MODRNA meeting in the calendar

Best regards,


Ce message et ses pieces jointes peuvent contenir des informations confidentielles ou privilegiees et ne doivent donc
pas etre diffuses, exploites ou copies sans autorisation. Si vous avez recu ce message par erreur, veuillez le signaler
a l'expediteur et le detruire ainsi que les pieces jointes. Les messages electroniques etant susceptibles d'alteration,
Orange decline toute responsabilite si ce message a ete altere, deforme ou falsifie. Merci.

This message and its attachments may contain confidential or privileged information that may be protected by law;
they should not be distributed, used or copied without authorisation.
If you have received this email in error, please notify the sender and delete this message and its attachments.
As emails may be altered, Orange is not liable for messages that have been modified, changed or falsified.
Thank you.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-mobile-profile/attachments/20181211/17e4d6bb/attachment.html>

More information about the Openid-specs-mobile-profile mailing list