[Openid-specs-mobile-profile] MODRNA WG @ Tue Jun 22, 2021 preliminary minutes

philippe.clement at orange.com philippe.clement at orange.com
Tue Jun 22 16:27:39 UTC 2021

Dear all,
Please find below the preliminary minutes of our call on Tue Jun 22nd, 2021. Please let me know of any error or misunderstanding.

Roll Call
Bjorn Hjelm (Verizon), Philippe Clement, John Bradley (OIDF/Yubico), Filip Skokan (Auth0), Hubert Mariotte (Orange)

Adoption of the Agenda [Bjorn/John]

External Organizations
No update from GSMA.  No workshop to envision before September

Specification Status
CIBA core is open for public comment.

OpenID Certification<https://openid.net/certification/> for MODRNA
Exchanges by mail started.

Issue Tracker<https://bitbucket.org/openid/mobile/issues?status=new&status=open>
•       Authentication profile
      #181: Update Copyright year<https://bitbucket.org/openid/mobile/issues/181/update-copyright-year>
      Bjorn to close the issue after a pull request
      #182: Support for NIST SP 800-63B AAL<https://bitbucket.org/openid/mobile/issues/182/support-for-nist-sp-800-63b-aal>
      MODRNA doesn’t do authentication.  How to show the FAL level in the assertion? Is any proof of possession of the browser good enough? Is a TLS connection sufficient to the proof of possession? And what if the authentication is done from a different channel of the federation?
==>     Bjorn to add text to the issue and contact Mickael E
      #177: Using lower case msisdn<https://bitbucket.org/openid/mobile/issues/177/using-lower-case-msisdn>
      #174: Confusing amr value examples<https://bitbucket.org/openid/mobile/issues/174/confusing-amr-value-examples>
      Related to section 5, 5.1 and GSMA
      #29: MODRNA Authentication: amr values<https://bitbucket.org/openid/mobile/issues/29/modrna-authentication-amr-values>
==>     Bjorn to re-assign the issue
      #61: Please provide more examples, potentially with Swagger representation<https://bitbucket.org/openid/mobile/issues/61/please-provide-more-examples-potentially>
==>     Bjorn to re-assign the issue to John
      #43: Additional security considerations/mitigations regarding phishing of OOB authentication<https://bitbucket.org/openid/mobile/issues/43/additional-security-considerations>
      Maybe correlated to CIBA core section. Differences exist between MODRNA and CIBA.
==>     John to investigate correlations with CIBA

Best regards,


Ce message et ses pieces jointes peuvent contenir des informations confidentielles ou privilegiees et ne doivent donc
pas etre diffuses, exploites ou copies sans autorisation. Si vous avez recu ce message par erreur, veuillez le signaler
a l'expediteur et le detruire ainsi que les pieces jointes. Les messages electroniques etant susceptibles d'alteration,
Orange decline toute responsabilite si ce message a ete altere, deforme ou falsifie. Merci.

This message and its attachments may contain confidential or privileged information that may be protected by law;
they should not be distributed, used or copied without authorisation.
If you have received this email in error, please notify the sender and delete this message and its attachments.
As emails may be altered, Orange is not liable for messages that have been modified, changed or falsified.
Thank you.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-mobile-profile/attachments/20210622/2a70df45/attachment.html>

More information about the Openid-specs-mobile-profile mailing list