[Openid-specs-mobile-profile] MODRNA WG call on Oct 29th 2019 preliminary minutes

philippe.clement at orange.com philippe.clement at orange.com
Tue Oct 29 15:23:10 UTC 2019

Dear all,

Please find below the preliminary minutes of our MODRNA call on Oct 29th 2019.
In case or error or misunderstanding, please let me know.

Roll Call
Dave Tonge, Brian Campbell (ping), Joseph Heenan (fintechlabs), Bjorn Hjelm (Verizon), Philippe Clement (Orange)

Adoption of the Agenda [Bjorn/John]

Working Group Updates

FAPI WG [Dave]
No update

Issue Tracker
==>     CIBA Core<https://bitbucket.org/openid/mobile/issues?status=new&status=open&component=CIBA> (Post-Implementer's Draft) [Dave/Brian/Gonzalo/Axel]
==>     #169: Custom parameter for transaction details<https://bitbucket.org/openid/mobile/issues/169/custom-parameter-for-transaction-details>
==>     Discussed, but no action taken.
==>     to be closed.
#168: Specify Authentication Device<https://bitbucket.org/openid/mobile/issues/168/specify-authentication-device>
==>     Dave to add a comment, then to be closed.

#159: spec requires requested_expiry be a string in the signed request object<https://bitbucket.org/openid/mobile/issues/159/spec-requires-requested_expiry-be-a-string>
DO we have to define parameters ? Favor in JSON type ?
==>     Dave to work on additional text

#150: should auth_req_id have limits on allowable characters?<https://bitbucket.org/openid/mobile/issues/150/should-auth_req_id-have-limits-on>
==>     Dave to open a pull request including Joseph proposal of text.

#85: CIBA: Notifying the Client when a user fails to authenticate<https://bitbucket.org/openid/mobile/issues/85/ciba-notifying-the-client-when-a-user>
==>     To be closed

#135: token endpoint response when client polls quicker than 'interval' may be unclear<https://bitbucket.org/openid/mobile/issues/135/token-endpoint-response-when-client-polls>
"invalid_request" error to be sent back to the client when poll is quicker than the interval. In this case, client must not make any further request for the same auth_req_id

Linked with :

#136: "interval" and "slow_down" may not give the OP enough control<https://bitbucket.org/openid/mobile/issues/136/interval-and-slow_down-may-not-give-the-op>
Scenarios described by Dave.
==>     Dave to request Petteri for confirmation.

#156: Possible oddity in token endpoint http status code for 'access_denied' error<https://bitbucket.org/openid/mobile/issues/156/possible-oddity-in-token-endpoint-http>
If JSON is attached to a 4xx response, it must be used. Otherwise, the error code has to be used.

#162: Ambiguity in user_code parameter<https://bitbucket.org/openid/mobile/issues/162/ambiguity-in-user_code-parameter>
==>     Dave to make an answer as the user_code parameter must not be used as a password, and add text to the user_code section.
==>     MODRNA CIBA Profile<https://bitbucket.org/openid/mobile/issues?status=new&status=open&component=MODRNA%20Profile%20CIBA>  [Dave/Gonzalo/Axel]

Use the next 2 weeks before next call to progress to 2nd implementers draft.
Next call is intended to close other issues.

Best regards,


Ce message et ses pieces jointes peuvent contenir des informations confidentielles ou privilegiees et ne doivent donc
pas etre diffuses, exploites ou copies sans autorisation. Si vous avez recu ce message par erreur, veuillez le signaler
a l'expediteur et le detruire ainsi que les pieces jointes. Les messages electroniques etant susceptibles d'alteration,
Orange decline toute responsabilite si ce message a ete altere, deforme ou falsifie. Merci.

This message and its attachments may contain confidential or privileged information that may be protected by law;
they should not be distributed, used or copied without authorisation.
If you have received this email in error, please notify the sender and delete this message and its attachments.
As emails may be altered, Orange is not liable for messages that have been modified, changed or falsified.
Thank you.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-mobile-profile/attachments/20191029/5eac87db/attachment-0001.html>

More information about the Openid-specs-mobile-profile mailing list