<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<meta name="Generator" content="Microsoft Exchange Server">
<!-- converted from rtf -->
<style><!-- .EmailQuote { margin-left: 1pt; padding-left: 4pt; border-left: #800000 2px solid; } --></style>
</head>
<body>
<font face="Arial" size="2"><span style="font-size:10pt;">
<div>Please find below the preliminary minutes of our last MODRNA call on June 28<font size="1"><span style="font-size:6.65pt;"><sup>th</sup></span></font> 2017.</div>
<div>It was a dense discussion on issues tracker, so don’t hesitate to correct me in case of misunderstandings.</div>
<div><font face="Calibri" size="2"><span style="font-size:11pt;"> </span></font></div>
<a name="BM_BEGIN"></a>
<div style="text-indent:-18pt;padding-left:18pt;"><font face="Calibri" size="2"><span style="font-size:11pt;"><u>Participants:</u> Axel, Nicolas, Hubert, Bjorn, Dave Tonge, John, Gonzalo, Siva</span></font></div>
<div><font face="Calibri" size="2" color="#1F497D"><span style="font-size:11pt;"> </span></font></div>
<div><font face="Calibri" size="2" color="#1F497D"><span style="font-size:11pt;"><u>Agenda</u></span></font></div>
<ol style="margin:0;">
<font face="Calibri" size="2" color="#1F497D"><span style="font-size:11pt;">
<li>1- Roll Call and Adoption of the Agenda [Bjorn/John]</li></span></font>
</ol>
<ol start="2" style="margin:0;">
<font face="Calibri" size="2" color="#1F497D"><span style="font-size:11pt;">
<li>2- Liaisons</li></span></font>
</ol>
<ul style="margin:0;padding-left:90pt;">
<font face="Calibri" size="2" color="#1F497D"><span style="font-size:11pt;">
<li>GSMA</li></span></font>
</ul>
<ol start="3" style="margin:0;">
<font face="Calibri" size="2" color="#1F497D"><span style="font-size:11pt;">
<li>3- Events</li></span></font>
</ol>
<ul style="margin:0;padding-left:90pt;">
<font face="Calibri" size="2" color="#1F497D"><span style="font-size:11pt;">
<li>Cloud Identity Summit feedback [Bjorn]</li></span></font>
</ul>
<ol start="4" style="margin:0;">
<font face="Calibri" size="2" color="#1F497D"><span style="font-size:11pt;">
<li>4- Issue Tracker [All]</li></span></font>
</ol>
<ul style="margin:0;">
<font face="Calibri" size="2"><span style="font-size:11pt;">
<li><a href="https://bitbucket.org/openid/mobile/issues/1/context-service-provider-wants-to"><font color="blue"><u>#1</u></font></a><font color="#1F497D"> [Jörg]</font></li><li><a href="https://bitbucket.org/openid/mobile/issues/31/how-to-react-if-login_hint-and"><font color="blue"><u>#31</u></font></a><font color="#1F497D"> [Jörg]</font></li><li><a href="https://bitbucket.org/openid/mobile/issues/52/ciba-pairwise-identifiers-structuring-text"><font color="blue"><u>#52</u></font></a></li><li><a href="https://bitbucket.org/openid/mobile/issues/54/ciba-client-notification-endpoint"><font color="blue"><u>#54</u></font></a></li><li><a href="https://bitbucket.org/openid/mobile/issues/55/ciba-signed-result-objects"><font color="blue"><u>#55</u></font></a></li><li><a href="https://bitbucket.org/openid/mobile/issues/56/signed-request-object-authentication"><font color="blue"><u>#56</u></font></a></li><li><a href="https://bitbucket.org/openid/mobile/issues/57/client-initiated-backend-authentication"><font color="blue"><u>#57</u></font></a></li></span></font>
</ul>
<div><font size="2"><span style="font-size:11pt;">5- CPAS-MODRNA Alignment Call next Monday (July 3)</span></font></div>
<ol start="5" style="margin:0;">
<font face="Calibri" size="2" color="#1F497D"><span style="font-size:11pt;">
<li>6- AOB</li></span></font>
</ol>
<div style="margin-top:5pt;margin-bottom:5pt;"><u>Discussion</u></div>
<ol style="margin:0;">
<font face="Calibri" size="2"><span style="font-size:11pt;">
<li style="margin-top:5pt;margin-bottom:5pt;"><b>1-</b> <font color="#1F497D"><b>Roll Call and Adoption of the Agenda [Bjorn/John]</b></font></li><li style="margin-top:5pt;margin-bottom:5pt;">checked</li></span></font>
</ol>
<ol start="3" style="margin:0;">
<font face="Calibri" size="2" color="#1F497D"><span style="font-size:11pt;">
<li> </li><li><font color="black"><b>2- </b></font><b>Liaisons</b></li></span></font>
</ol>
<ul style="margin:0;padding-left:90pt;">
<font face="Calibri" size="2" color="#1F497D"><span style="font-size:11pt;">
<li><i>GSMA</i></li></span></font>
</ul>
<ul style="margin:0;">
<font face="Calibri" size="2"><span style="font-size:11pt;">
<li>In <font color="#1F497D">CPAS</font>,<font color="#1F497D"> present</font>ation of<font color="#1F497D"> discovery. </font>q<font color="#1F497D">uestion </font>raised <font color="#1F497D">about discovery in different countries</font></li></span></font>
</ul>
<ul style="margin:0;">
<font face="Calibri" size="2"><span style="font-size:11pt;">
<li style="margin-top:5pt;margin-bottom:5pt;">For example, <font color="#1F497D">ISP in india don’t resolve the host name, redirection of traffic is at stake.</font></li><li style="margin-top:5pt;margin-bottom:5pt;"><font face="Wingdings">ā</font> <font color="#1F497D">All: to take a look at the minutes </font>of this discussion<font color="#1F497D">.</font></li></span></font>
</ul>
<ul style="margin:0;">
<font face="Calibri" size="2"><span style="font-size:11pt;">
<li>During discussion, questions about <font color="#1F497D">h</font><font color="#1F497D">ow </font>s<font color="#1F497D">ecrets of the SP are handled</font>.</li></span></font>
</ul>
<ol start="3" style="margin:0;">
<font face="Calibri" size="2"><span style="font-size:11pt;">
<li> </li><li><b>3- </b><font color="#1F497D"><b>Events</b></font></li></span></font>
</ol>
<ul style="margin:0;padding-left:90pt;">
<font face="Calibri" size="2"><span style="font-size:11pt;">
<li><i>C</i><font color="#1F497D"><i>loud Identity Summit feedback [Bjorn]</i></font></li></span></font>
</ul>
<ul style="margin:0;">
<font face="Calibri" size="2" color="#1F497D"><span style="font-size:11pt;">
<li>Presentation of the MODRNA WG. Questions about MC. Partly educational to people <font color="black">on the way </font>how we do MODRNA.</li><li>Good topics and participation.</li></span></font>
</ul>
<ol start="4" style="margin:0;">
<font face="Calibri" size="2" color="#1F497D"><span style="font-size:11pt;">
<li> </li><li><font color="black"><b>4- </b></font><b>Issue Tracker [All]</b></li></span></font>
</ol>
<ul style="margin:0;">
<font face="Calibri" size="2"><span style="font-size:11pt;">
<li><a href="https://bitbucket.org/openid/mobile/issues/1/context-service-provider-wants-to"><font color="blue"><u>#1</u></font></a><font color="#1F497D"> </font><font color="#1F497D">and </font><a href="https://bitbucket.org/openid/mobile/issues/31/how-to-react-if-login_hint-and"><font color="blue"><u>#31</u></font></a><font color="#1F497D">
</font><font color="#1F497D">[Jörg]</font></li><li><font color="#1F497D">Way to solve offline ? people to write comments on the issues and </font><font color="#1F497D">to be </font><font color="#1F497D">close</font><font color="#1F497D">d</font><font color="#1F497D"> in the next call</font></li><li><a href="https://bitbucket.org/openid/mobile/issues/52/ciba-pairwise-identifiers-structuring-text"><font color="blue"><u>#52</u></font></a></li></span></font>
</ul>
<div><font face="Calibri" size="2"><span style="font-size:11pt;">A lot of discussions on pairwise identifiers.</span></font></div>
<div><font face="Calibri" size="2"><span style="font-size:11pt;">Axel: the concern is the impossibility to validate a client using CIBA when polling is used. One suggestion could be for a new client to use asymmetric keys, and in the case of CIBA, to have a
notification URL, inside the URL area.</span></font></div>
<div><font face="Calibri" size="2"><span style="font-size:11pt;">For that, a preference goes to change the MODRNA dynamic registration spec. </span></font></div>
<div><font face="Calibri" size="2"><span style="font-size:11pt;">Gonzalo suggests that the information about this client going to use the CIBA spec should be established from the registration phase. If not having JWKs, this client should not be allowed to use
polling. John mentions it’s one way to do. Saying what kind of client you are could be another way. Modifying the dynamic registration spec is necessary to consider the new parameter, it’s a new setting for CIBA UC. We don’t have any way to support symmetric
client secret for posting back. A possibility is to insert this information in CIBA description of an extension to dynamic registration. OIDC dynamic registration could be updated in the future and until this, keep it in CIBA. </span></font></div>
<div><font face="Calibri" size="2"><span style="font-size:11pt;">No client management exists, no possibility to change the SIU. For CIBA a client needs to register JWKs and SIU area.</span></font></div>
<ul style="margin:0;padding-left:72pt;">
<font face="Calibri" size="2"><span style="font-size:11pt;">
<li>Axel to write some text on this. See <a href="https://xml2rfc.tools.ietf.org/cgi-bin/xml2rfc.cgi?Submit=Submit&format=ascii&mode=html&type=ascii&url=https://bitbucket.org/openid/mobile/raw/tip/draft-mobile-client-initiated-backchannel-authentication.xml?at=default#rfc.section.4"><font color="blue"><u>https://xml2rfc.tools.ietf.org/cgi-bin/xml2rfc.cgi?Submit=Submit&format=ascii&mode=html&type=ascii&url=https://bitbucket.org/openid/mobile/raw/tip/draft-mobile-client-initiated-backchannel-authentication.xml?at=default#rfc.section.4</u></font></a>
</li></span></font>
</ul>
<div><font face="Calibri" size="2"><span style="font-size:11pt;">The only problem we have is with polling. GSMA doesn’t support asymmetric keys. Precisions are requested from GSMA about identity for SPs. How GSMA validates a SP ? it’s not automatically done.
If you move the identity verification at that level, you should check usage of SIU. </span></font></div>
<div><font face="Calibri" size="2"><span style="font-size:11pt;">Do we really need the polling mechanism in CIBA ? one answer is to give support for IOT clients, use case to be confirmed. Poland wanted polling and CIBA, but work with the notification for the
moment, and confirmed In CPAS it’s ok if we cannot use polling.</span></font></div>
<div><font face="Calibri" size="2"><span style="font-size:11pt;">John: the software statement has to be considered, we have problems with symmetrical credentials. We have to push the problem in different places.</span></font></div>
<ul style="margin:0;">
<font face="Calibri" size="2"><span style="font-size:11pt;">
<li><a href="https://bitbucket.org/openid/mobile/issues/54/ciba-client-notification-endpoint"><font color="blue"><u>#54</u></font></a></li><li>Axel sent a mail to FAPI, a response is awaited. Dave: to check with FAPI and profile. </li></span></font>
</ul>
<div style="text-indent:35.4pt;"><font face="Calibri" size="2"><span style="font-size:11pt;"><font face="Wingdings">ā</font> Feedback by Dave by the end of the week</span></font></div>
<ul style="margin:0;">
<font face="Calibri" size="2"><span style="font-size:11pt;">
<li><a href="https://bitbucket.org/openid/mobile/issues/55/ciba-signed-result-objects"><font color="blue"><u>#55</u></font></a></li><li><a href="https://bitbucket.org/openid/mobile/issues/56/signed-request-object-authentication"><font color="blue"><u>#56</u></font></a></li><li><a href="https://bitbucket.org/openid/mobile/issues/57/client-initiated-backend-authentication"><font color="blue"><u>#57</u></font></a></li><li>Go through a dynamic registration . Keep it open until a solution is found on 52</li></span></font>
</ul>
<div><font face="Calibri" size="2" color="#1F497D"><span style="font-size:11pt;"> </span></font></div>
<div><font face="Calibri" size="2" color="#1F497D"><span style="font-size:11pt;"><b>5- CPAS-MODRNA Alignment Call next Monday (July 3)</b></span></font></div>
<ol start="5" style="margin:0;">
<font face="Calibri" size="2" color="#1F497D"><span style="font-size:11pt;">
<li>7AM pacific. To circulate through CPAS people.</li><li> </li></span></font>
</ol>
<div><font face="Calibri" size="2" color="#1F497D"><span style="font-size:11pt;"><b>6- </b><b>AOB</b></span></font></div>
<ol start="7" style="margin:0;">
<font face="Calibri" size="2" color="#1F497D"><span style="font-size:11pt;">
<li>FAPI has 2 different call times, subscribe to FAPI list to attend.</li><li>FAPI WG meeting scheduled on MS offices on July 12th</li></span></font>
</ol>
<div style="text-indent:-18pt;padding-left:18pt;"><font face="Calibri" size="2"><span style="font-size:11pt;"> </span></font></div>
<div style="text-indent:-18pt;padding-left:18pt;"><font face="Calibri" size="2"><span style="font-size:11pt;">Best regards,</span></font></div>
<div style="text-indent:-18pt;padding-left:18pt;"><font face="Calibri" size="2"><span style="font-size:11pt;">Philippe</span></font></div>
<div style="text-indent:-18pt;padding-left:18pt;"><font face="Calibri" size="2"><span style="font-size:11pt;"> </span></font></div>
</span></font>
<PRE>_________________________________________________________________________________________________________________________
Ce message et ses pieces jointes peuvent contenir des informations confidentielles ou privilegiees et ne doivent donc
pas etre diffuses, exploites ou copies sans autorisation. Si vous avez recu ce message par erreur, veuillez le signaler
a l'expediteur et le detruire ainsi que les pieces jointes. Les messages electroniques etant susceptibles d'alteration,
Orange decline toute responsabilite si ce message a ete altere, deforme ou falsifie. Merci.
This message and its attachments may contain confidential or privileged information that may be protected by law;
they should not be distributed, used or copied without authorisation.
If you have received this email in error, please notify the sender and delete this message and its attachments.
As emails may be altered, Orange is not liable for messages that have been modified, changed or falsified.
Thank you.
</PRE></body>
</html>