[Openid-specs-mobile-profile] MODRNA WG call on Aug 20th 2019 preliminary minutes

philippe.clement at orange.com philippe.clement at orange.com
Tue Aug 20 15:07:54 UTC 2019 

Dear All,

Please find below the preliminary minutes on our MODRNA call on Aug 20th 2019.
In case of any error or misunderstanding, please let me know of modifications.

Roll Call  (extract from GotoMeeting)
John Bradley, Philippe Clement (Orange), Petteri Stenius (Ubisecure), Bjorn Hjelm (Verizon), Dave.Tonge (Moneyhub),

Adoption of the Agenda [Bjorn/John]
Agreed

Working Group Updates

  FAPI WG [Dave]
FAPI profile CIBA review period. feedback appreciated.

Spec. Status

  MODRNA CIBA Profile [Dave/Gonzalo/Axel]
No update received on the CIBA MODRNA profile.

Issue Tracker
*       CIBA Core<https://bitbucket.org/openid/mobile/issues?status=new&status=open&component=CIBA> (Post-Implementer's Draft) [Dave/Brian/Gonzalo/Axel]
   #156: Possible oddity in token endpoint http status code for 'access_denied' error<https://bitbucket.org/openid/mobile/issues/156/possible-oddity-in-token-endpoint-http>
  Discussions occured. Pull request to update according Joseph suggestion.

   #154: CIBA - Long Polling<https://bitbucket.org/openid/mobile/issues/154/ciba-long-polling>
  To be closed after completion of text by Dave.

   #162: Ambiguity in user_code parameter<https://bitbucket.org/openid/mobile/issues/162/ambiguity-in-user_code-parameter>
  Open by person who hasn't attended this call. Brian recommend to get more info before any action.
==>     Bjorn to request for more information

   #158: (te) 7.3 para 1 states "OpenID Provider will return"<https://bitbucket.org/openid/mobile/issues/158/te-73-para-1-states-openid-provider-will>
  Already proposed for closing --> to close today.

  #159: spec requires requested_expiry be a string in the signed request object<https://bitbucket.org/openid/mobile/issues/159/spec-requires-requested_expiry-be-a-string>
==>     Joseph requested to update text according to July 9th discussion.

  #152: Guidance around verification of ownership of keys at jwks_uri for PPID<https://bitbucket.org/openid/mobile/issues/152/guidance-around-verification-of-ownership>
  Dave to propose text but feedback awaited. Torsten awaited on next call for that.
==>     Bjorn to ping Torsten for the next call

  #151: Define authentication device before first use<https://bitbucket.org/openid/mobile/issues/151/define-authentication-device-before-first>
  Text proposed.
==>     Bjorn to close the issue.

  #91: CIBA: Authentication request and context parameters<https://bitbucket.org/openid/mobile/issues/91/ciba-authentication-request-and-context>
  Pull request exists. Dave to fix the typo, then issue to be closed.
  To fix with Joseph at next call.
*       MODRNA CIBA Profile<https://bitbucket.org/openid/mobile/issues?status=new&status=open&component=MODRNA%20Profile%20CIBA>  [Dave/Gonzalo/Axel]
  #97: CIBA - Clarify privacy issues with login_hint_token and discovery service<https://bitbucket.org/openid/mobile/issues/97/ciba-clarify-privacy-issues-with>
==>     Dave to update text.

*       Others :
#43: Additional security considerations/mitigations regarding phishing of OOB authentication<https://bitbucket.org/openid/mobile/issues/43/additional-security-considerations>
  John to have a look at it.

Best regards,
Philippe


_________________________________________________________________________________________________________________________

Ce message et ses pieces jointes peuvent contenir des informations confidentielles ou privilegiees et ne doivent donc
pas etre diffuses, exploites ou copies sans autorisation. Si vous avez recu ce message par erreur, veuillez le signaler
a l'expediteur et le detruire ainsi que les pieces jointes. Les messages electroniques etant susceptibles d'alteration,
Orange decline toute responsabilite si ce message a ete altere, deforme ou falsifie. Merci.

This message and its attachments may contain confidential or privileged information that may be protected by law;
they should not be distributed, used or copied without authorisation.
If you have received this email in error, please notify the sender and delete this message and its attachments.
As emails may be altered, Orange is not liable for messages that have been modified, changed or falsified.
Thank you.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-mobile-profile/attachments/20190820/3ddfcb36/attachment.html>

More information about the Openid-specs-mobile-profile mailing list