[Openid-specs-fapi] [Bitbucket] Issue #127: CIBA: security issues (openid/fapi)
thomasclinganjones at gmail.com
Tue Nov 28 16:12:31 UTC 2017
To be really clear then. Only the telco can support CIBA, correct?
Note that i voted against the MODRNA specs because, IMO, they do not uphold
the user consent requirements in OpenID Connect. For FAPI to endorse the
telco involvement in a financial transaction would exacerbate this failing.
On Tue, Nov 28, 2017 at 7:16 AM, Gonzalo Fernández <
issues-reply at bitbucket.org> wrote:
> [image: xixon2002]
> *Gonzalo Fernández* commented on issue #127:
> CIBA: security issues
> Hi Nat,
> Telcos companies do know the device associated with a user, in fact they
> use such information to improve customer care when he calls for something
> related with the device. As far as I know, when the terminal has been
> registered in the network, it sends the IMEI and thanks to that the
> operator is able to know the device and associated it to the MSISDN and
> IMSI because at this time it also has that information.
> View this issue
> <https://bitbucket.org/openid/fapi/issues/127/ciba-security-issues> or
> add a comment by replying to this email.
> Unsubscribe from issue emails
> for this repository. [image: Bitbucket] <https://bitbucket.org>
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Openid-specs-fapi