[Openid-specs-mobile-profile] MODRNA WG @ Tue Jul 7, 2020 preliminary minutes

philippe.clement at orange.com philippe.clement at orange.com
Tue Jul 7 15:24:01 UTC 2020

Dear all,
Please find below the preliminary minutes of our MODRNA call on Jul 7th 2020. Let me know of any error or misunderstanding

Roll Call
Bjorn Hjelm (Verizon), Charles Marais (Orange), Gautam Hazari (GSMA), Hubert Mariotte (Orange), Joseph Heenan (Authlete), Kosuke Koiwai (KDDI), Nicolas Aillery, Petteri Stenius (Ubisecure), Philippe Clément (Orange),

Adoption of the Agenda [Bjorn/John]


External Organizations
GSMA [Gautam]
==>     Bjorn to share the link for workshop registration
    Mobile Connect R3 Next Steps [Orange]

Hubert presentation, a reminder to specifications related to MC R3. They concern core functions, core products and resource products. The main principle is to make the implementation easier.
==>     Hubert to share the slides on the mailing list, poll for comments and suggestions about how modifications can happen.

Working Group Updates
Specification Status
o       Authentication Profile<https://openid.net/specs/openid-connect-modrna-authentication-1_0.html> [Jörg/John]
o       MODRNA CIBA Profile<https://openid.net/specs/openid-connect-modrna-client-initiated-backchannel-authentication-profile-1_0.html> [Bjorn]
o       Discovery Profile<https://openid.net/specs/openid-connect-modrna-discovery-1_0.html> [Bjorn]
o       Registration Profile<https://openid.net/wordpress-content/uploads/2014/04/draft-mobile-registration-01.html> [Bjorn]
o       Account Porting<https://openid.net/specs/openid-connect-account-porting-1_0.html>
o       User Questioning API<https://openid.net/specs/openid-connect-user-questioning-api-1_0.html> [Hubert]

Orange has proposed some changes to the UQ API after feedback from implementers (Telefonica). A pull request has been proposed, but no issue is open yet. Adiscussion has to be entered on the main topics of the proposal.
The subject encompasses typos, the way the sub will be provided in the response, and errors (for example when user is not reachable) that can be detectable along with the process.
==>     Charles to build an issue dedicated to that. Mention the possible correlation with authentication profile in the issue.

OpenID Certification for MODRNA

Joseph is consulted on the very first steps of building a certification program. Starting with a list of things to be tested is a good approach.

Issue Tracker
o       CIBA Core<https://bitbucket.org/openid/mobile/issues?status=new&status=open&component=CIBA> [Dave/Brian]
•       Issue #179<https://bitbucket.org/openid/mobile/issues/179/bearer-token-on-client-notification>
o       Authentication Profile<https://bitbucket.org/openid/mobile/issues?status=new&status=open&component=Authentication> [Jörg/John]
o       Registration Profile<https://openid.net/wordpress-content/uploads/2014/04/draft-mobile-registration-01.html> [Bjorn]
•       Issue #180<https://bitbucket.org/openid/mobile/issues/180/revocation-of-a-software-statment>

Charles explains the purpose of the issue, and mainly the registration based on software statement. What happens in case of revocation ? How the information is provided ?
Joseph describes how it is implemented in FAPI, with TLS certificates and PKI infrastructure. PSD2 mandates 3rd parties to register to the bank with their eIDAS credential, this process is documented.
==>     Joseph to provide additional information about this process
o       MODRNA CIBA Profile<https://bitbucket.org/openid/mobile/issues?status=new&status=open&component=MODRNA%20Profile%20CIBA> [Dave/Gonzalo/Axel]
o       Discovery Profile<https://bitbucket.org/openid/mobile/issues?status=new&status=open&component=Discovery> [Torsten/John]

Charles reviewed 2 open issues, one is very old. Discovery profile is close to an implementers draft.
Issue 119:
==>     Bjorn to reach out to Torsten for any additional comment

No other business

Best regards,


Ce message et ses pieces jointes peuvent contenir des informations confidentielles ou privilegiees et ne doivent donc
pas etre diffuses, exploites ou copies sans autorisation. Si vous avez recu ce message par erreur, veuillez le signaler
a l'expediteur et le detruire ainsi que les pieces jointes. Les messages electroniques etant susceptibles d'alteration,
Orange decline toute responsabilite si ce message a ete altere, deforme ou falsifie. Merci.

This message and its attachments may contain confidential or privileged information that may be protected by law;
they should not be distributed, used or copied without authorisation.
If you have received this email in error, please notify the sender and delete this message and its attachments.
As emails may be altered, Orange is not liable for messages that have been modified, changed or falsified.
Thank you.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-mobile-profile/attachments/20200707/4b643dc6/attachment.html>

More information about the Openid-specs-mobile-profile mailing list