[Openid-specs-mobile-profile] CIBA Review

charles.marais at orange.com charles.marais at orange.com
Thu Nov 24 23:30:34 UTC 2016

Hi All,

I reviewed the current CIBA specification. Attached are my detailed 

The main points I'd like to highlight are the following :

- It would be very useful to get a dedicated chapter detailing 
explicitely the Use Cases for which CIBA specification should be used. 
We did this in UQ spec and I think it is important to have the same 
thing in CIBA in order to be able to identify clearly the similarities 
and differences between UQ and CIBA. These chapter would be useful for 
RP to choose which spec they need for their Use Cases !

- The (re)introduction of the "context" parameter is ambiguous for me 
and furthermore with a "required" flag . Why (or in which Use Case - see 
previous remark) do you need to introduce this parameter ? Do You have 
examples in mind as "context" value ?

- There are a lot of references to OAuth 2.0 or OpenID Connect Core 
specs but in several context, nothing similar exist in both specs. For 
example (but it is just one example), the way to push notification in 
case of error is completely new so it seems to be difficult to refer to 
OAuth and OpenID Connect specs.

- In my understanding, we agreed in Paris that the 
client_notification_endpoint would be preregistered and consequently not 
transmitted as a parameter in the first request.

Looking forward to having your comments on these remarks,


*MARAIS Charles *
*Orange Labs Lannion*
Tel : +33 (0)2 96 07 24 18
charles.marais at orange.com <mailto:charles.marais at orange.com>
Orange Labs Lannion
2, avenue Pierre Marzin
22307 LANNION Cedex - France


Ce message et ses pieces jointes peuvent contenir des informations confidentielles ou privilegiees et ne doivent donc
pas etre diffuses, exploites ou copies sans autorisation. Si vous avez recu ce message par erreur, veuillez le signaler
a l'expediteur et le detruire ainsi que les pieces jointes. Les messages electroniques etant susceptibles d'alteration,
Orange decline toute responsabilite si ce message a ete altere, deforme ou falsifie. Merci.

This message and its attachments may contain confidential or privileged information that may be protected by law;
they should not be distributed, used or copied without authorisation.
If you have received this email in error, please notify the sender and delete this message and its attachments.
As emails may be altered, Orange is not liable for messages that have been modified, changed or falsified.
Thank you.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-mobile-profile/attachments/20161125/fa2c6be3/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: orange_logo.gif
Type: image/gif
Size: 1264 bytes
Desc: not available
URL: <http://lists.openid.net/pipermail/openid-specs-mobile-profile/attachments/20161125/fa2c6be3/attachment-0001.gif>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: CIBA.docx
Type: application/vnd.openxmlformats-officedocument.wordprocessingml.document
Size: 40567 bytes
Desc: not available
URL: <http://lists.openid.net/pipermail/openid-specs-mobile-profile/attachments/20161125/fa2c6be3/attachment-0001.docx>

More information about the Openid-specs-mobile-profile mailing list