<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=us-ascii">
<meta name="Generator" content="Microsoft Exchange Server">
<!-- converted from rtf -->
<style><!-- .EmailQuote { margin-left: 1pt; padding-left: 4pt; border-left: #800000 2px solid; } --></style>
</head>
<body>
<font face="Times New Roman" size="3"><span style="font-size:12pt;"><a name="BM_BEGIN"></a>
<div><font face="Arial" size="2"><span style="font-size:10pt;">Dear all,</span></font></div>
<div><font face="Arial" size="2"><span style="font-size:10pt;">Please find below the preliminary minutes of our call on Oct 16th 2018. Please let me know of any error or misunderstanding.</span></font></div>
<div style="margin-top:24pt;"><font face="Cambria" size="4" color="#365F91"><span style="font-size:14pt;"><b>Roll Call</b><font color="black"><b> </b></font><font face="Arial" size="2" color="black"><span style="font-size:10pt;">(extract from Goto Meeting)</span></font></span></font></div>
<div><font face="Arial" size="2"><span style="font-size:10pt;">Dave Tonge (Moneyhub), John Bradley, Nat Sakimura, Philippe Clement (Orange), Bjorn Hjelm (Verizon), Brian Campbell (Ping), Geoffrey Graham, Gonza, Petteri (Ubisecure), Siva(GSMA)</span></font></div>
<div style="margin-top:24pt;"><font face="Cambria" size="4" color="#365F91"><span style="font-size:14pt;"><b>Adoption of the Agenda [Bjorn/John]</b></span></font></div>
<div><font face="Arial" size="2"><span style="font-size:10pt;">agreed</span></font></div>
<div style="margin-top:24pt;"><font face="Cambria" size="4" color="#365F91"><span style="font-size:14pt;"><b>External Organizations</b></span></font></div>
<div style="margin-top:10pt;"><font face="Cambria" size="3" color="#4F81BD"><span style="font-size:13pt;"><b>GSMA [Siva]</b></span></font></div>
<div><font face="Arial" size="2"><span style="font-size:10pt;">Work around PKI is temporary on hold.</span></font></div>
<div><font face="Arial" size="2"><span style="font-size:10pt;">Discussion continues in CPAS around token binding, SP implementations, TLS handshake usage and possibilities for servers to support.</span></font></div>
<div><font face="Calibri" size="2"><span style="font-size:11pt;"> </span></font></div>
<div><font face="Arial" size="2"><span style="font-size:10pt;">The discussion settles on implementation for browsers and OS: Microsoft, Chrome, Apache.</span></font></div>
<div><font face="Calibri" size="2"><span style="font-size:11pt;"> </span></font></div>
<div><font face="Arial" size="2"><span style="font-size:10pt;">Brian mentions his work in open source modules on token binding extension made by using java, for java based applications like tomcat.</span></font></div>
<div><font face="Arial" size="2"><span style="font-size:10pt;">Siva mentions the difficulty if complex to implement to get adoption.</span></font></div>
<div><font face="Arial" size="2"><span style="font-size:10pt;">John mentions a necessary support on the server before the client supports it. Bearer tokens work too.</span></font></div>
<div><font face="Arial" size="2"><span style="font-size:10pt;">Information to be shared in the CPAS.</span></font></div>
<div><font face="Arial" size="2"><span style="font-size:10pt;"> </span></font></div>
<div><font face="Arial" size="2"><span style="font-size:10pt;">Polling mechanism to be implemented on MC side.</span></font></div>
<div style="margin-top:24pt;"><font face="Cambria" size="4" color="#365F91"><span style="font-size:14pt;"><b>Working Group Updates</b></span></font></div>
<div style="margin-top:10pt;"><font face="Cambria" size="3" color="#4F81BD"><span style="font-size:13pt;"><b>FAPI WG [Dave]</b></span></font></div>
<div><font face="Arial" size="2"><span style="font-size:10pt;">Nat mentions implementer’s draft to vote on.</span></font></div>
<div style="margin-top:24pt;"><font face="Cambria" size="4" color="#365F91"><span style="font-size:14pt;"><b>Spec. Status</b></span></font></div>
<div style="margin-top:10pt;"><font face="Cambria" size="3" color="#4F81BD"><span style="font-size:13pt;"><b>CIBA Core/MODRNA [Dave/Brian/Gonzalo/Axel]</b></span></font></div>
<div><font face="Arial" size="2"><span style="font-size:10pt;">Still issues on CIBA, and questions remaining on normative changes in MODRNA profile or not are discussed.</span></font></div>
<div><font face="Arial" size="2"><span style="font-size:10pt;">An Introductory text could avoid normative changes.</span></font></div>
<div><font face="Arial" size="2"><span style="font-size:10pt;">Discussion settles on launching separately OIDC and CIBA, and reusing parameters and names (claims, metadata) from one to the other. Error codes to be looked at too.</span></font></div>
<div><font face="Calibri" size="2"><span style="font-size:11pt;"> </span></font></div>
<div><font face="Arial" size="2"><span style="font-size:10pt;">this next week will be dedicated to close up the issues, no normative change seems required for mobile profile. </span></font></div>
<div><font face="Calibri" size="2"><span style="font-size:11pt;"> </span></font></div>
<ul style="margin:0;padding-left:36pt;">
<font face="Arial" size="2"><span style="font-size:10pt;">
<li>Brian Pull request to start on the split.</li></span></font>
</ul>
<div style="margin-top:10pt;"><font face="Cambria" size="3" color="#4F81BD"><span style="font-size:13pt;"><b>Discovery [John/Torsten]</b></span></font></div>
<div><font face="Arial" size="2"><span style="font-size:10pt;">Not addressed</span></font></div>
<div style="margin-top:24pt;"><font face="Cambria" size="4" color="#365F91"><span style="font-size:14pt;"><b>Issue Tracker</b></span></font></div>
<div style="margin-top:10pt;"><font face="Cambria" size="3" color="#4F81BD"><span style="font-size:13pt;"><b>CIBA [Dave/Brian/Gonzalo/Axel]</b></span></font></div>
<div><font face="Calibri" size="2"><span style="font-size:11pt;"> </span></font></div>
<div><font face="Calibri" size="2"><span style="font-size:11pt;"> </span></font></div>
<div><font face="Arial" size="2"><span style="font-size:10pt;">New issue:</span></font></div>
<div><font face="Arial" size="2"><span style="font-size:10pt;"> <a href="https://bitbucket.org/openid/mobile/issues/97/ciba-clarify-privacy-issues-with"><font color="blue"><u>#97: CIBA - Clarify privacy issues with login_hint_token and discovery service</u></font></a></span></font></div>
<div><font face="Calibri" size="2"><span style="font-size:11pt;"> </span></font></div>
<div><font face="Arial" size="2"><span style="font-size:10pt;">Open issues:</span></font></div>
<div><font face="Calibri" size="2"><span style="font-size:11pt;"><a href="https://bitbucket.org/openid/mobile/issues/71/ciba-hint-validation-clarification"><font face="Arial" size="2" color="blue"><span style="font-size:10pt;"><u>#71: CIBA hint validation clarification</u></span></font></a></span></font></div>
<div><font face="Arial" size="2"><span style="font-size:10pt;">Deep discussion around privacy and legitimacy of the client to know at a moment the phone number. </span></font></div>
<ul style="margin:0;">
<font face="Arial" size="2"><span style="font-size:10pt;">
<li>Everyone to comment this issue.</li></span></font>
</ul>
<div><font face="Calibri" size="2"><span style="font-size:11pt;"> </span></font></div>
<div><font face="Arial" size="2"><span style="font-size:10pt;">Question about allowing the RP to crypt to be more secure.</span></font></div>
<div><font face="Arial" size="2"><span style="font-size:10pt;">Should we in CIBA have processing rules for login_hint_token or encryption ? likely in the modrna profile of CIBA it’s ok. </span></font></div>
<div><font face="Calibri" size="2"><span style="font-size:11pt;"> </span></font></div>
<div><font face="Arial" size="2"><span style="font-size:10pt;">Other open issues are addressed through pull requests:</span></font></div>
<div><font face="Calibri" size="2"><span style="font-size:11pt;"><a href="https://bitbucket.org/openid/mobile/issues/91/ciba-authentication-request-and-context"><font face="Arial" size="2" color="blue"><span style="font-size:10pt;"><u>#91: CIBA: Authentication
request and context parameters</u></span></font></a></span></font></div>
<div><font face="Calibri" size="2"><span style="font-size:11pt;"><a href="https://bitbucket.org/openid/mobile/issues/94/use-invalid_grant-rather-than"><font face="Arial" size="2" color="blue"><span style="font-size:10pt;"><u>#94: use invalid_grant rather than
unknown_auth_req_id in CIBA</u></span></font></a></span></font></div>
<div><font face="Calibri" size="2"><span style="font-size:11pt;"><a href="https://bitbucket.org/openid/mobile/issues/95/ciba-push-mode-definition-of-succesful"><font face="Arial" size="2" color="blue"><span style="font-size:10pt;"><u>#95: CIBA - Push Mode definition
of succesful token delivery</u></span></font></a></span></font></div>
<div style="padding-left:18pt;"><font face="Calibri" size="2"><span style="font-size:11pt;"> </span></font></div>
<ul style="margin:0;padding-left:36pt;">
<font face="Arial" size="2"><span style="font-size:10pt;">
<li>Please all look at open issues </li></span></font>
</ul>
<div><font face="Calibri" size="2"><span style="font-size:11pt;"> </span></font></div>
<div style="margin-top:10pt;"><font face="Cambria" size="3" color="#4F81BD"><span style="font-size:13pt;"><b>Discovery [John/Torsten]</b></span></font></div>
<div><font face="Arial" size="2"><span style="font-size:10pt;">Not addressed</span></font></div>
<div style="margin-top:24pt;"><font face="Cambria" size="4" color="#365F91"><span style="font-size:14pt;"><b>AOB</b></span></font></div>
<div><font face="Arial" size="2"><span style="font-size:10pt;">Next call on next week will be a CIBA only call</span></font></div>
<div><font face="Calibri" size="2"><span style="font-size:11pt;"> </span></font></div>
<div><font face="Arial" size="2"><span style="font-size:10pt;">Best regards,</span></font></div>
<div><font face="Arial" size="2"><span style="font-size:10pt;">Philippe</span></font></div>
<div><font face="Calibri" size="2"><span style="font-size:11pt;"> </span></font></div>
</span></font>
<PRE>_________________________________________________________________________________________________________________________
Ce message et ses pieces jointes peuvent contenir des informations confidentielles ou privilegiees et ne doivent donc
pas etre diffuses, exploites ou copies sans autorisation. Si vous avez recu ce message par erreur, veuillez le signaler
a l'expediteur et le detruire ainsi que les pieces jointes. Les messages electroniques etant susceptibles d'alteration,
Orange decline toute responsabilite si ce message a ete altere, deforme ou falsifie. Merci.
This message and its attachments may contain confidential or privileged information that may be protected by law;
they should not be distributed, used or copied without authorisation.
If you have received this email in error, please notify the sender and delete this message and its attachments.
As emails may be altered, Orange is not liable for messages that have been modified, changed or falsified.
Thank you.
</PRE></body>
</html>