[Openid-specs-mobile-profile] MODRNA WG Call on Nov 2nd 2016 preliminary notes

Tue Nov 8 15:45:21 UTC 2016

Yes that was what we discussed re authenticating the AS to the client for the callback.

John B.
> On Nov 8, 2016, at 11:01 AM, GONZALO FERNANDEZ RODRIGUEZ <gonzalo.fernandezrodriguez at telefonica.com> wrote:
> 
> Hi guys,
> 
> Find below the link of the last version uploaded in the bitbucket with the requested changes in the Paris Workshop.
> 
> https://bitbucket.org/openid/mobile/src/c9c8669a143de215c1f2a6eedd8f743e7e229917/draft-mobile-client-initiated-backchannel-authentication-01.xml?at=default&fileviewer=file-view-default <https://bitbucket.org/openid/mobile/src/c9c8669a143de215c1f2a6eedd8f743e7e229917/draft-mobile-client-initiated-backchannel-authentication-01.xml?at=default&fileviewer=file-view-default>
> 
> I have a doubt in one of the points about how to authenticate the callback, as far as I remember we agreed to generate a bearer token in the RP that would be sent in the authentication request and it would be used to authenticate the callback POST request when using the client_notification_endpoint. Please let me know if you agree.
> 
> Best,
> Gonza.
> 
> From: Openid-specs-mobile-profile <openid-specs-mobile-profile-bounces at lists.openid.net <mailto:openid-specs-mobile-profile-bounces at lists.openid.net>> on behalf of "philippe.clement at orange.com <mailto:philippe.clement at orange.com>" <philippe.clement at orange.com <mailto:philippe.clement at orange.com>>
> Date: miércoles, 2 de noviembre de 2016, 17:34
> To: "Torsten.Lodderstedt at telekom.de <mailto:Torsten.Lodderstedt at telekom.de>" <Torsten.Lodderstedt at telekom.de <mailto:Torsten.Lodderstedt at telekom.de>>, "openid-specs-mobile-profile at lists.openid.net <mailto:openid-specs-mobile-profile at lists.openid.net>" <openid-specs-mobile-profile at lists.openid.net <mailto:openid-specs-mobile-profile at lists.openid.net>>
> Subject: [Openid-specs-mobile-profile] MODRNA WG Call on Nov 2nd 2016 preliminary notes
> 
> Dear all, 
>  
> Please find below the preliminary notes of our call this Wednesday Nov 2nd, 2016.
> In case of any error or misunderstanding, please let me know.
>  
> Participants: <>
> Axxel, Torsten, Siva, John, Nicolas, 
>  
> Agenda:
> OIDC workshop
> Status of current drafts
> Next workshop
>  
> OIDC Workshop before IIW
> John: update of the presentation around MODRNA, presented at OIDF workshop
> Well received, with Interest.
>  
> Status of current drafts
> Server authentication
> Following a side conversation with Gonzalo, Torsten made a quick read of the draft.
> Doesn’t seem to cover all remarks that was discussed in Paris.
> To all: give a read to the draft document.
>  
> User Questionning
> One people (Torsten) has made a feedback to UQ.
> A new draft (version 4) is ready to be pushed to github, including security remarks.
> Nicolas to push it once the concern regarding links to URLs is fixed. 
>  
> account migration 
> waiting for an update from James. 
> Torsten: AM is a complex task to be stabilized and get mature. Complex on the security aspects.
> Torsten to check with James the status of the draft, and to evaluate impact of security concerns.
>  
> Feddback required from the group on the 3 drafts before the next call (Nov 16th) to make actual drafts turn into implementer’s draft. Remarks regarding security aspects are welcome too.
>  
> Next workshop
> Has a group member the intention to host the next one ? Globalsign had mentioned this possibility in Paris.
> Next workshop could happen in feb/march 2017
>  
>  
>  
> Zeit: Mittwoch, 2. November 2016 16:00-17:00 (UTC+01:00) Amsterdam, Berlin, Bern, Rom, Stockholm, Wien.
> Ort: https://global.gotomeeting.com/join/927253461 <https://global.gotomeeting.com/join/927253461>
>  
> Hinweis: Die oben angegebene Abweichung von GMT berücksichtigt keine Anpassungen für Sommerzeit.
>  
> *~*~*~*~*~*~*~*~*~*
>  
>  
>   << Fichier: ATT00001.txt >> 
>  
> _________________________________________________________________________________________________________________________
> 
> Ce message et ses pieces jointes peuvent contenir des informations confidentielles ou privilegiees et ne doivent donc
> pas etre diffuses, exploites ou copies sans autorisation. Si vous avez recu ce message par erreur, veuillez le signaler
> a l'expediteur et le detruire ainsi que les pieces jointes. Les messages electroniques etant susceptibles d'alteration,
> Orange decline toute responsabilite si ce message a ete altere, deforme ou falsifie. Merci.
> 
> This message and its attachments may contain confidential or privileged information that may be protected by law;
> they should not be distributed, used or copied without authorisation.
> If you have received this email in error, please notify the sender and delete this message and its attachments.
> As emails may be altered, Orange is not liable for messages that have been modified, changed or falsified.
> Thank you.
> _______________________________________________
> Openid-specs-mobile-profile mailing list
> Openid-specs-mobile-profile at lists.openid.net
> http://lists.openid.net/mailman/listinfo/openid-specs-mobile-profile

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-mobile-profile/attachments/20161108/1329c2f7/attachment-0001.html>