[Openid-specs-mobile-profile] MODRNA WG call on July 9th 2019 preliminary minutes

philippe.clement at orange.com philippe.clement at orange.com
Tue Jul 9 15:15:08 UTC 2019

Dear all,

Please find below the preliminary minutes of our MODRNA call on July 9th 2019. Please let me know of any error or misunderstanding.

Roll Call
Bjorn Hjelm (Verizon), Philippe Clement (Orange), Brian Campbell, Joseph Heenan, Petteri Stenius (Ubisecure), Dave Tonge, Geoffrey Graham, John Bradley, Donald F. Coffin (GBA), George Fletcher, Siva(GSMA)

Adoption of the Agenda [Bjorn/John]

External Organizations

  GSMA [Siva]
Not addressed

Working Group Updates

  FAPI WG [Dave]
FAPI profile of CIBA is in the implementers draft process

Spec. Status

  MODRNA CIBA Profile [Dave/Gonzalo/Axel]
Dave welcomes any feedback on it.

Issue Tracker
*       A- CIBA Core<https://bitbucket.org/openid/mobile/issues?status=new&status=open&component=CIBA> (Post-Implementer's Draft) [Dave/Brian/Gonzalo/Axel]

#159: spec requires requested_expiry be a string in the signed request object<https://bitbucket.org/openid/mobile/issues/159/spec-requires-requested_expiry-be-a-string>
Writing an example would be good.
==>     Joseph to edit the text

#158: (te) 7.3 para 1 states "OpenID Provider will return"<https://bitbucket.org/openid/mobile/issues/158/te-73-para-1-states-openid-provider-will>
« MUST » to replace « will »
#157: 7.1 The length limitation of 1024 characters sounds like allowing muti-byte characters that actually is not<https://bitbucket.org/openid/mobile/issues/157/71-the-length-limitation-of-1024>
==>     Bjorn to close the issue after clarification

#136: "interval" and "slow_down" may not give the OP enough control<https://bitbucket.org/openid/mobile/issues/136/interval-and-slow_down-may-not-give-the-op>
Petterri's proposal is to clarify the definition of the interval.
==>     Petterri to write a definition of interval and edit text according option 1 and wait for feedback.

#135: token endpoint response when client polls quicker than 'interval' may be unclear<https://bitbucket.org/openid/mobile/issues/135/token-endpoint-response-when-client-polls>
==>     Joseph to propose text

#152: Guidance around verification of ownership of keys at jwks_uri for PPID<https://bitbucket.org/openid/mobile/issues/152/guidance-around-verification-of-ownership>
Torsten proposed an improvement in the wording.
#155: aud to use in client_assertion passed to Backchannel Authentication Endpoint is murky?<https://bitbucket.org/openid/mobile/issues/155/aud-to-use-in-client_assertion-passed-to>
==>     Dave to post text on what was recommended

#154: CIBA - Long Polling<https://bitbucket.org/openid/mobile/issues/154/ciba-long-polling>
==>     Petterri to propose text about long polling, in accordance to issue #136

#156: Possible oddity in token endpoint http status code for 'access_denied' error<https://bitbucket.org/openid/mobile/issues/156/possible-oddity-in-token-endpoint-http>
Do we need clarification on the 2 different error codes "access denied" from  the token endpoint and from the back channel authentication endpoint ? Joseph proposed to have 403 error in both cases
==>     Joseph to propose some  text.
*       B- MODRNA CIBA Profile<https://bitbucket.org/openid/mobile/issues?status=new&status=open&component=MODRNA%20Profile%20CIBA>  [Dave/Gonzalo/Axel]
*       Not addressed
*       C- Authentication Profile<https://bitbucket.org/openid/mobile/issues?status=new&status=open&component=Authentication> [Jörg]
*       Not addressed
*       D- Discovery Profile<https://bitbucket.org/openid/mobile/issues?status=new&status=open&component=Discovery> [Torsten/John]
*       Not addressed

Question from Siva about inconsistencies in Apple implementation. Discussion is to be opened in Open ID Connect workgroup.
Next call will be during IETF meeting, Bjorn not available. Joseph to drive the next call on 23rd.

Best regards,
Philippe Clement


Ce message et ses pieces jointes peuvent contenir des informations confidentielles ou privilegiees et ne doivent donc
pas etre diffuses, exploites ou copies sans autorisation. Si vous avez recu ce message par erreur, veuillez le signaler
a l'expediteur et le detruire ainsi que les pieces jointes. Les messages electroniques etant susceptibles d'alteration,
Orange decline toute responsabilite si ce message a ete altere, deforme ou falsifie. Merci.

This message and its attachments may contain confidential or privileged information that may be protected by law;
they should not be distributed, used or copied without authorisation.
If you have received this email in error, please notify the sender and delete this message and its attachments.
As emails may be altered, Orange is not liable for messages that have been modified, changed or falsified.
Thank you.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-mobile-profile/attachments/20190709/4852238b/attachment.html>

More information about the Openid-specs-mobile-profile mailing list