[Openid-specs-mobile-profile] MODRNA WG Call preliminary notes Sept 23rd 2015

Wed Sep 23 18:16:43 UTC 2015

No problem - just add your examples (my ears are getting worse :()

Von: philippe.clement at orange.com [mailto:philippe.clement at orange.com]
Gesendet: Mittwoch, 23. September 2015 18:16
An: Lodderstedt, Torsten
Cc: openid-specs-mobile-profile at lists.openid.net
Betreff: RE: MODRNA WG Call preliminary notes Sept 23rd 2015

Hi Torsten,

I mentioned specific acr/amr combinations for RP using Mobile Connect features when reformulating #27
If it's not the case, sorry for the misunderstanding, feel free to provide the right terms. Otherwise we can discard this additional text.

Kind regards,
Philippe

De : Lodderstedt, Torsten [mailto:t.lodderstedt at telekom.de]
Envoyé : mercredi 23 septembre 2015 18:05
À : CLEMENT Philippe IMT TECHNO
Cc : openid-specs-mobile-profile at lists.openid.net<mailto:openid-specs-mobile-profile at lists.openid.net>
Objet : AW: MODRNA WG Call preliminary notes Sept 23rd 2015

Hi Philippe,

thanks for compiling the minutes.

One remark: I can't remember us discussing about acr/amr combinations.

best regards,
Torsten.

Von: philippe.clement at orange.com<mailto:philippe.clement at orange.com> [mailto:philippe.clement at orange.com]
Gesendet: Mittwoch, 23. September 2015 17:53
An: Lodderstedt, Torsten; openid-specs-mobile-profile at lists.openid.net<mailto:openid-specs-mobile-profile at lists.openid.net>
Betreff: MODRNA WG Call preliminary notes Sept 23rd 2015

Dear all,

Please find below the preliminary notes or our today's call
Any error please let me know

Participants: Torsten, Philippe, Joerg, John, Matthieu

Agenda:  Authentication specs (Joerg)

·         #15 Amr request parameter: no actual requirement

·         #16 max_age:  Difficult topic in the way of Risk analysis, multi factor authentication
Second factor use case is better addressed using PROMPT=login (in combination w/ ACR), ACR is generally better suited

·         #26 nonce as recommended
Is used specially (and mandatory) for implicit and hybrid flows , required when id-token returned through the front channel, to prevent id-token swap.
·         Check text and to get arguments from  GSMA

·         #27 acr_values request parameter : recommended with default
Some combinations (amr + acr) will be proper to MODRNA profile

·         #28 id_token signature mandatory
Not addressed, to be treated in next call

·         #29 amr response values according to specs
·         Not addressed, to be treated in next call

#30 amr response value MANDATORY
Not addressed, to be treated in next call

#31 What happens if login_hint and login_hint_token are both provided
·         token takes precedence

best regards,
Philippe

_________________________________________________________________________________________________________________________

Ce message et ses pieces jointes peuvent contenir des informations confidentielles ou privilegiees et ne doivent donc

pas etre diffuses, exploites ou copies sans autorisation. Si vous avez recu ce message par erreur, veuillez le signaler

a l'expediteur et le detruire ainsi que les pieces jointes. Les messages electroniques etant susceptibles d'alteration,

Orange decline toute responsabilite si ce message a ete altere, deforme ou falsifie. Merci.

This message and its attachments may contain confidential or privileged information that may be protected by law;

they should not be distributed, used or copied without authorisation.

If you have received this email in error, please notify the sender and delete this message and its attachments.

As emails may be altered, Orange is not liable for messages that have been modified, changed or falsified.

Thank you.

_________________________________________________________________________________________________________________________

Ce message et ses pieces jointes peuvent contenir des informations confidentielles ou privilegiees et ne doivent donc