[Openid-specs-mobile-profile] MODRNA WG on April 16th 2019 preliminary minutes

philippe.clement at orange.com philippe.clement at orange.com
Tue Apr 23 08:11:15 UTC 2019

Dear all,
Please find below the preliminary minutes of our MODRNA call on April 16th 2019.
In case of error or misunderstanding, please let me know.

Roll Call (extract from gotomeeting list)
Bjorn Hjelm (Verizon), Dave.Tonge (Moneyhub), Philippe Clement (Orange), Brian Campbell, Petteri (Ubisecure), Geoffrey Graham, Julie Maas

Adoption of the Agenda [Bjorn/John]
Agenda agreed

External Organizations

  GSMA [Siva]
Not addressed

Working Group Updates

  FAPI WG [Dave]
FAPI WG is unlocking issues for FAPI / CIBA.
Extra meetings or intermediate calls may happen

Spec. Status

  MODRNA CIBA Profile [Dave/Gonzalo/Axel]
Update from Dave

  Authentication Profile [Joerg]
Not addressed

Issue Tracker

  MODRNA CIBA Profile<https://bitbucket.org/openid/mobile/issues?status=new&status=open&component=MODRNA%20Profile%20CIBA>  [Dave/Gonzalo/Axel]
#97: CIBA - Clarify privacy issues with login_hint_token and discovery service<https://bitbucket.org/openid/mobile/issues/97/ciba-clarify-privacy-issues-with>
Dave to look at and make a proposal

  CIBA Core<https://bitbucket.org/openid/mobile/issues?status=new&status=open&component=CIBA> (Post-Implementer's Draft) [Dave/Brian/Gonzalo/Axel]
*       #136: "interval" and "slow_down" may not give the OP enough control<https://bitbucket.org/openid/mobile/issues/136/interval-and-slow_down-may-not-give-the-op>
*       Interval between the last response and the next request is at stake.
*       Petterri mentions several scenario, like short polling or long polling. And the client would have to know if the AS implemented short or long polling.
*       Petteri mentions existing implementations of these kinds of polling. Have a note that the client be prepared to short or long polling ?. We can add a note/clarification.
==>     Petteri to prepare a text for this issue.

#135: token endpoint response when client polls quicker than 'internal' may be unclear<https://bitbucket.org/openid/mobile/issues/135/token-endpoint-response-when-client-polls>
Do we need a special error code ? Brian thinks it's not necessary.
==>     Bjorn to reach out to Joseph for this issue.

#152: Guidance around verification of ownership of keys at jwks_uri for PPID<https://bitbucket.org/openid/mobile/issues/152/guidance-around-verification-of-ownership>
Discussion kept open

Best regards,


Ce message et ses pieces jointes peuvent contenir des informations confidentielles ou privilegiees et ne doivent donc
pas etre diffuses, exploites ou copies sans autorisation. Si vous avez recu ce message par erreur, veuillez le signaler
a l'expediteur et le detruire ainsi que les pieces jointes. Les messages electroniques etant susceptibles d'alteration,
Orange decline toute responsabilite si ce message a ete altere, deforme ou falsifie. Merci.

This message and its attachments may contain confidential or privileged information that may be protected by law;
they should not be distributed, used or copied without authorisation.
If you have received this email in error, please notify the sender and delete this message and its attachments.
As emails may be altered, Orange is not liable for messages that have been modified, changed or falsified.
Thank you.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-mobile-profile/attachments/20190423/b416da12/attachment.html>

More information about the Openid-specs-mobile-profile mailing list