[Openid-specs-mobile-profile] OIDC Mobile profile call Nov 5th: notes

[Lodderstedt, Torsten]

Participants:
Philippe Clement, Orange
Bjorn Hjelm, Verizon Wireless
John Bradley, Ping Identity
Torsten Lodderstedt, Deutsche Telekom

Discovery - Discussion about way forward and content of discovery spec - results:
- explanation of assumptions
  - discovery service across MNOs needed
  - different deployment options shall be supported (e.g. global provided by GSMA OneAPI Exchange, local per market or group of operators)
  - all deployments shall speak the same protocol (that's the scope of our WG)
- different needs/capabilities for different types of apps (native vs. web)
Topics:
- basic discovery options - mnc/mcc, IP, MSISDN
- add on 1 - account chooser (probably pre-populated)
  - allows user to directly select account with operator
  - RP is directly provided with MNOs issuer URL
  - no additional discovery step required, no need to enter further data (such as MSISDN) -> privacy and convenient
  - approach is best suited for Web Apps
  - account chooser could also offer an option to add MNO account to the list -> privacy (discovery data is only entered in account chooser)
- add on 2 - UI for entering MSISDN/selecting Operator
  - no real improvement as App can get access to the MSISDN anyway + entering an MSISDN is a user consent
- returning a privacy protected login hint (e.g. encrypted MSISDN) to improve user experience in the login flow
- authorization: not necessary (as long as there are no respective business requirements)
- discovery shall be independent of client credential management
- John will draft a first version next week

Dyn. Registration
Bjorn will outline options & questions and we will discuss it on the list (and/or in the next call)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-mobile-profile/attachments/20141112/8aaac3d1/attachment.html>