<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<meta name="Generator" content="Microsoft Exchange Server">
<!-- converted from rtf -->
<style><!-- .EmailQuote { margin-left: 1pt; padding-left: 4pt; border-left: #800000 2px solid; } --></style>
</head>
<body>
<font face="Arial" size="2"><span style="font-size:10pt;">
<div>Dear all,</div>
<div><font face="Calibri" size="2"><span style="font-size:11pt;"> </span></font></div>
<div>Please find below the preliminary minutes of the MODRNA call on May 29<font size="1"><span style="font-size:6.65pt;"><sup>th</sup></span></font><font size="1"><span style="font-size:6.65pt;"><sup> 2018</sup></span></font></div>
<div>In any case of error or misunderstanding, please let me know</div>
<ol style="margin:0;">
<font face="Cambria" size="4" color="#365F91"><span style="font-size:14pt;">
<li style="margin-top:5pt;margin-bottom:5pt;"><b>1- Roll Call</b></li><li style="margin-top:5pt;margin-bottom:5pt;"><font face="Arial" size="2" color="black"><span style="font-size:10pt;">from GotoMeeting participants</span></font><font face="Arial" size="2" color="black"><span style="font-size:10pt;"> list</span></font><font face="Arial" size="2" color="black"><span style="font-size:10pt;">:</span></font></li><li style="margin-top:5pt;margin-bottom:5pt;"><font face="Arial" size="2" color="black"><span style="font-size:10pt;">Bjorn Hjelm (Verizon), </span></font><font face="Arial" size="2" color="black"><span style="font-size:10pt;"> </span></font><font face="Arial" size="2" color="black"><span style="font-size:10pt;">Gonza,
</span></font><font face="Arial" size="2" color="black"><span style="font-size:10pt;"> </span></font><font face="Arial" size="2" color="black"><span style="font-size:10pt;">Hubert Mariotte, Jrg (DT), Philippe Clement (Orange), </span></font><font face="Arial" size="2" color="black"><span style="font-size:10pt;"> </span></font><font face="Arial" size="2" color="black"><span style="font-size:10pt;">John
Bradley</span></font></li></span></font>
</ol>
<div style="margin-top:24pt;"><font face="Cambria" size="4" color="#365F91"><span style="font-size:14pt;"><b>2- Adoption of the Agenda [Bjorn/John]</b></span></font></div>
<ol start="4" style="margin:0;">
<li style="margin-top:5pt;margin-bottom:5pt;">Agreed</li></ol>
<div style="margin-top:24pt;"><font face="Cambria" size="4" color="#365F91"><span style="font-size:14pt;"><b>3- Liaisons Updates</b></span></font></div>
<ol start="5" style="margin:0;">
<li style="margin-top:5pt;margin-bottom:5pt;">- GSMA [Siva]</li><li style="margin-top:5pt;margin-bottom:5pt;">Not addressed</li></ol>
<div style="margin-top:24pt;"><font face="Cambria" size="4" color="#365F91"><span style="font-size:14pt;"><b>4- Working Group Updates</b></span></font></div>
<ol start="4" style="margin:0;">
<li style="margin-top:5pt;margin-bottom:5pt;">- FAPI WG [John/Dave]</li><li style="margin-top:5pt;margin-bottom:5pt;">No update </li></ol>
<div style="margin-top:24pt;"><font face="Cambria" size="4" color="#365F91"><span style="font-size:14pt;"><b>5- Issue Tracker</b></span></font></div>
<div style="margin-top:10pt;"><font face="Cambria" size="3" color="#4F81BD"><span style="font-size:13pt;"><b>- CIBA [Gonzalo]</b></span></font></div>
<ol start="5" style="margin:0;">
<font face="Calibri" size="2"><span style="font-size:11pt;">
<li style="margin-top:5pt;margin-bottom:5pt;"><a href="https://bitbucket.org/openid/mobile/issues/52/ciba-pairwise-identifiers-structuring-text"><font face="Arial" size="2"><span style="font-size:10pt;"><u>Issue 52 </u></span></font></a><font face="Arial" size="2"><span style="font-size:10pt;">:
CIBA pairwise identifiers structuring text. </span></font></li><li style="margin-top:5pt;margin-bottom:5pt;"><font face="Arial" size="2"><span style="font-size:10pt;">Mutual TLS authentication has been added as mandatory to the spec.</span></font></li><li style="margin-top:5pt;margin-bottom:5pt;"><font face="Wingdings" size="2"><span style="font-size:10pt;"></span></font><font face="Arial" size="2"><span style="font-size:10pt;"> Closing is agreed. Gonzalo to insert a comment describing the Mutual TLS authentication
to the token endpoint and verification of sector identifier</span></font></li><li style="margin-top:5pt;margin-bottom:5pt;"><a href="https://bitbucket.org/openid/mobile/issues/54/ciba-client-notification-endpoint"><font face="Arial" size="2"><span style="font-size:10pt;"><u>Issue 54</u></span></font></a><font face="Arial" size="2"><span style="font-size:10pt;">:
client notification endpoint authentication</span></font></li><li style="margin-top:5pt;margin-bottom:5pt;"><font face="Arial" size="2"><span style="font-size:10pt;">Dave Tonge proposed to include the access token hash and the refresh token hash in the ID token. Has been included.</span></font></li><li style="margin-top:5pt;margin-bottom:5pt;"><font face="Wingdings" size="2"><span style="font-size:10pt;"></span></font><font face="Arial" size="2"><span style="font-size:10pt;"> Closing is agreed</span></font></li><li style="margin-top:5pt;margin-bottom:5pt;"><a href="https://bitbucket.org/openid/mobile/issues/63/ciba-new-synchronous-flow"><font face="Arial" size="2"><span style="font-size:10pt;"><u>Issue 63</u></span></font></a><font face="Arial" size="2"><span style="font-size:10pt;">:
CIBA new synchronous flow</span></font></li><li style="margin-top:5pt;margin-bottom:5pt;"><font face="Arial" size="2"><span style="font-size:10pt;">Discussion on the fact of delivering an ID token when no user authentication occurred. More than this, the term “back channel authentication” is maybe misunderstood.</span></font></li><li style="margin-top:5pt;margin-bottom:5pt;"><font face="Arial" size="2"><span style="font-size:10pt;">For GSMA, in some countries, different laws imply to return a token without authentication. The SP couldn’t know if the user belongs to some countries. And
when using CIBA, you don’t know if the user has to consent.</span></font></li><li style="margin-top:5pt;margin-bottom:5pt;"><font face="Arial" size="2"><span style="font-size:10pt;">Discussion to follow by email.</span></font></li><li style="margin-top:5pt;margin-bottom:5pt;"><font face="Arial" size="2"><span style="font-size:10pt;">John is invited describe the alternatives. 2 issues: The authentication for the consent can be different of the authentication on the second channel.</span></font></li><li style="margin-top:5pt;margin-bottom:5pt;"> </li></span></font>
</ol>
<div style="margin-top:5pt;margin-bottom:5pt;padding-left:-18pt;">- <font face="Cambria" size="3" color="#4F81BD"><span style="font-size:13pt;"><b>Authentication Profile [Joerg]</b></span></font></div>
<ol start="17" style="margin:0;">
<font face="Calibri" size="2"><span style="font-size:11pt;">
<li style="margin-top:5pt;margin-bottom:5pt;"><a href="https://bitbucket.org/openid/mobile/issues/42/pcr-as-login-hint"><font face="Arial" size="2"><span style="font-size:10pt;"><u>Issue 42</u></span></font></a><font face="Arial" size="2"><span style="font-size:10pt;">:
PCR as login hint.</span></font></li><li style="margin-top:5pt;margin-bottom:5pt;"><font face="Arial" size="2"><span style="font-size:10pt;">Proposal to close it, Agreed</span></font></li><li style="margin-top:5pt;margin-bottom:5pt;"> </li><li style="margin-top:5pt;margin-bottom:5pt;"><a href="https://bitbucket.org/openid/mobile/issues/43/additional-security-considerations"><font face="Arial" size="2"><span style="font-size:10pt;"><u>Issue 43:</u></span></font></a><font face="Arial" size="2"><span style="font-size:10pt;">
</span></font><font face="Arial" size="2"><span style="font-size:10pt;">additional security considerations</span></font></li><li style="margin-top:5pt;margin-bottom:5pt;"><font face="Wingdings" size="2"><span style="font-size:10pt;"></span></font><font face="Arial" size="2"><span style="font-size:10pt;"> </span></font><font face="Arial" size="2"><span style="font-size:10pt;">John
to take a look at the security considerations.</span></font></li><li style="margin-top:5pt;margin-bottom:5pt;"> </li><li style="margin-top:5pt;margin-bottom:5pt;"><a href="https://bitbucket.org/openid/mobile/issues/38/how-to-introduce-authentication-strength"><font face="Arial" size="2"><span style="font-size:10pt;"><u>Issue 38:</u></span></font></a><font face="Arial" size="2"><span style="font-size:10pt;">
AMR: how to introduce authen</span></font><font face="Arial" size="2"><span style="font-size:10pt;">t</span></font><font face="Arial" size="2"><span style="font-size:10pt;">i</span></font><font face="Arial" size="2"><span style="font-size:10pt;">c</span></font><font face="Arial" size="2"><span style="font-size:10pt;">ation
strength.</span></font></li><li style="margin-top:5pt;margin-bottom:5pt;"><font face="Wingdings" size="2"><span style="font-size:10pt;"></span></font><font face="Arial" size="2"><span style="font-size:10pt;"> </span></font><font face="Arial" size="2"><span style="font-size:10pt;">Bjrn
to </span></font><font face="Arial" size="2"><span style="font-size:10pt;">discuss </span></font><font face="Arial" size="2"><span style="font-size:10pt;">it </span></font><font face="Arial" size="2"><span style="font-size:10pt;">with mike in upcoming calls.</span></font></li><li style="margin-top:5pt;margin-bottom:5pt;"> </li><li style="margin-top:5pt;margin-bottom:5pt;"><a href="https://bitbucket.org/openid/mobile/issues/33/modrna-as-an-individual-claim-request"><font face="Arial" size="2"><span style="font-size:10pt;"><u>Issue 33:</u></span></font></a><font face="Arial" size="2"><span style="font-size:10pt;">
MODRNA as an individual claim request parameter</span></font></li><li style="margin-top:5pt;margin-bottom:5pt;"><font face="Arial" size="2"><span style="font-size:10pt;"> </span></font><font face="Arial" size="2"><span style="font-size:10pt;">Orange issued this request, </span></font></li><li style="margin-top:5pt;margin-bottom:5pt;"><font face="Wingdings" size="2"><span style="font-size:10pt;"></span></font><font face="Arial" size="2"><span style="font-size:10pt;"> </span></font><font face="Arial" size="2"><span style="font-size:10pt;">Hubert
to check persistence </span></font><font face="Arial" size="2"><span style="font-size:10pt;">of </span></font><font face="Arial" size="2"><span style="font-size:10pt;">needs </span></font><font face="Arial" size="2"><span style="font-size:10pt;">and present
the result </span></font><font face="Arial" size="2"><span style="font-size:10pt;">for the next call</span></font></li><li style="margin-top:5pt;margin-bottom:5pt;"> </li><li style="margin-top:5pt;margin-bottom:5pt;"><a href="https://bitbucket.org/openid/mobile/issues/22/service-provider-wants-to-get"><font face="Arial" size="2"><span style="font-size:10pt;"><u>Issue 22</u></span></font></a><font face="Arial" size="2"><span style="font-size:10pt;">:
SP wants to get authorization for a transaction</span></font></li><li style="margin-top:5pt;margin-bottom:5pt;"><font face="Wingdings" size="2"><span style="font-size:10pt;"></span></font><font face="Arial" size="2"><span style="font-size:10pt;"> </span></font><font face="Arial" size="2"><span style="font-size:10pt;">Hubert
to check persistence </span></font><font face="Arial" size="2"><span style="font-size:10pt;">of </span></font><font face="Arial" size="2"><span style="font-size:10pt;">needs </span></font><font face="Arial" size="2"><span style="font-size:10pt;">and present
the result </span></font><font face="Arial" size="2"><span style="font-size:10pt;">for the next call</span></font></li><li style="margin-top:5pt;margin-bottom:5pt;"> </li><li style="margin-top:5pt;margin-bottom:5pt;"><a href="https://bitbucket.org/openid/mobile/issues/39/error-non-error-handling-in-case-op-cannot"><font face="Arial" size="2"><span style="font-size:10pt;"><u>Issue 39:</u></span></font></a><font face="Arial" size="2"><span style="font-size:10pt;">
Error handling in case OP cannot fulfill RP requirements</span></font></li><li style="margin-top:5pt;margin-bottom:5pt;"><font face="Wingdings" size="2"><span style="font-size:10pt;"></span></font><font face="Arial" size="2"><span style="font-size:10pt;"> </span></font><font face="Arial" size="2"><span style="font-size:10pt;">Joerg
to keep in touch with GSMA guy to revisit this.</span></font></li><li style="margin-top:5pt;margin-bottom:5pt;"> </li><li style="margin-top:5pt;margin-bottom:5pt;"><a href="https://bitbucket.org/openid/mobile/issues/61/please-provide-more-examples-potentially"><font face="Arial" size="2"><span style="font-size:10pt;"><u>Issue 61</u></span></font></a><font face="Arial" size="2"><span style="font-size:10pt;">:
provide more examples, potentially with swagger representation</span></font></li><li style="margin-top:5pt;margin-bottom:5pt;"><font face="Arial" size="2"><span style="font-size:10pt;">still open. No feedback</span></font></li><li style="margin-top:5pt;margin-bottom:5pt;"><font face="Wingdings" size="2"><span style="font-size:10pt;"></span></font><font face="Arial" size="2"><span style="font-size:10pt;"> Bjorn to </span></font><font face="Arial" size="2"><span style="font-size:10pt;">
</span></font><font face="Arial" size="2"><span style="font-size:10pt;">get in touch with</span></font><font face="Arial" size="2"><span style="font-size:10pt;"> Nat. </span></font></li></span></font>
</ol>
<div style="margin-top:5pt;margin-bottom:5pt;"><font color="#1F497D">Best regards,</font></div>
<div style="margin-top:5pt;margin-bottom:5pt;"><font color="#1F497D">Philippe</font></div>
<div style="margin-top:5pt;margin-bottom:5pt;"><font face="Calibri" size="2"><span style="font-size:11pt;"> </span></font></div>
</span></font>
<PRE>_________________________________________________________________________________________________________________________

Ce message et ses pieces jointes peuvent contenir des informations confidentielles ou privilegiees et ne doivent donc
pas etre diffuses, exploites ou copies sans autorisation. Si vous avez recu ce message par erreur, veuillez le signaler
a l'expediteur et le detruire ainsi que les pieces jointes. Les messages electroniques etant susceptibles d'alteration,
Orange decline toute responsabilite si ce message a ete altere, deforme ou falsifie. Merci.

This message and its attachments may contain confidential or privileged information that may be protected by law;
they should not be distributed, used or copied without authorisation.
If you have received this email in error, please notify the sender and delete this message and its attachments.
As emails may be altered, Orange is not liable for messages that have been modified, changed or falsified.
Thank you.
</PRE></body>
</html>