[Openid-specs-mobile-profile] Issue #13: Encrypted login hint (openid/mobile)
Torsten Lodderstedt
issues-reply at bitbucket.org
Sun Jun 7 17:15:19 UTC 2015
New issue 13: Encrypted login hint
https://bitbucket.org/openid/mobile/issue/13/encrypted-login-hint
Torsten Lodderstedt:
The discovery service may ask the user for her MSISDN in order to determin the user's MNO. If available, this data shall be passed to the OP via the RP. In order to preserve privacy, this MSISDN shall not be shipped in the clear but as an encrypted parameter.
The MODRNA profile shall define an extension parameter to allow the RP to pass this data as additional hint to the OP.
Idea: disocvery service returns MSISDN in an encrypted JWT. This JWT is sent to the OP using a new parameter login_hint_jwt.
Responsible: Eisiphone
More information about the Openid-specs-mobile-profile
mailing list