[Openid-specs-mobile-profile] CIBA is there ONE notification endpoint or a list

Axel.Nennker at telekom.de Axel.Nennker at telekom.de
Fri Nov 25 14:32:06 UTC 2016


Removed client notification endpoint from authentication request
https://bitbucket.org/openid/mobile/commits/b7d82d738e21f7e2ddb92b07095f6e1611183fdd

New HTML version is as always here:
https://xml2rfc.tools.ietf.org/cgi-bin/xml2rfc.cgi?Submit=Submit&format=ascii&mode=html&type=ascii&url=https://bitbucket.org/openid/mobile/raw/tip/draft-mobile-client-initiated-backchannel-authentication-01.xml?at=default

//Axel

From: Lodderstedt, Torsten
Sent: Friday, November 25, 2016 12:52 PM
To: Nennker, Axel; openid-specs-mobile-profile at lists.openid.net
Cc: Walter, Florian
Subject: AW: [Openid-specs-mobile-profile] CIBA is there ONE notification endpoint or a list

Hi all,

the consensus in Paris was (1).

Best regards,
Torsten.

Von: Openid-specs-mobile-profile [mailto:openid-specs-mobile-profile-bounces at lists.openid.net] Im Auftrag von Nennker, Axel
Gesendet: Freitag, 25. November 2016 11:47
An: openid-specs-mobile-profile at lists.openid.net
Cc: Walter, Florian
Betreff: [Openid-specs-mobile-profile] CIBA is there ONE notification endpoint or a list

Hi all,

Is there consensus that


1)      ONE client notification endpoint is specified at registration time and that client_notification_endpoint is never part of the Authorization Request?
https://xml2rfc.tools.ietf.org/cgi-bin/xml2rfc.cgi?Submit=Submit&format=ascii&mode=html&type=ascii&url=https://bitbucket.org/openid/mobile/raw/tip/draft-mobile-client-initiated-backchannel-authentication-01.xml?at=default#auth_request

2)      there a list of client notification endpoints specified at registration time and the Authentication Request can pick one from this list?

Or are there other options? There was discussion at the Paris meeting it seems…


Cheers
Axel


From: Openid-specs-mobile-profile [mailto:openid-specs-mobile-profile-bounces at lists.openid.net] On Behalf Of Nennker, Axel
Sent: Friday, November 25, 2016 9:57 AM
To: openid-specs-mobile-profile at lists.openid.net<mailto:openid-specs-mobile-profile at lists.openid.net>; charles.marais at orange.com<mailto:charles.marais at orange.com>
Subject: Re: [Openid-specs-mobile-profile] CIBA Review

I did the easy changes after your review this morning. Thanks for the review.
https://bitbucket.org/openid/mobile/commits/3c13e82017891b9a4d76a016a9c5b78a5ceb67ef

I am going to discuss the rest with Gonza at 14:00 today Berlin-time  in a WebEx.
If somebody wants to join please see the details below.

//Axel

Please join the webex first then call in and use your id to connect web and telephone


https://t-systems.webex.com/t-systems/j.php?MTID=m59e4a0684064efcd15a78f413c4b8118
Meeting ID: 708 957 697

Meeting Password: a9n76weJ



Austria: 0043-57057-8910

Belgium: 0032-24019155

Brazil: 0055-11-2184-2423

Croatia: 00385-1491-8888

Czech-Republic: 00420-236-040-405

France: 0033-1851-48187

Greece: 0030-21-0-611-2600

Hungary-mobile: 0036-30-745-8493

Hungary-landline: 0036-1-381-8493

India: 0091-1800-2002772

Macedonia: 00389-2324-2047

Malaysia: 00603-8313-3232

Mexico: 0052-222-223-4567

Montenegro: 00382-2043-3796

Netherlands: 0031-45-7111001

Poland: 0048-22-413-7777

Romania: 0040-21-400-6230

Singapore: 0065-65106288

Slovakia-mobile: 00421-55-785-5555

South-Africa: 0027-10-5009260

Spain: 0034-93-4456000

UK: 0044-20-71086254

USA-Downers-Grove: 001-630-4936788

USA-New-York: 001-212-3016028

USA-Tempe: 001-480-4777017
USA-Troy: 001-248-2763424

From: Openid-specs-mobile-profile [mailto:openid-specs-mobile-profile-bounces at lists.openid.net] On Behalf Of charles.marais at orange.com<mailto:charles.marais at orange.com>
Sent: Friday, November 25, 2016 12:31 AM
To: openid-specs-mobile-profile at lists.openid.net<mailto:openid-specs-mobile-profile at lists.openid.net>
Cc: Lodderstedt, Torsten
Subject: [Openid-specs-mobile-profile] CIBA Review

Hi All,

I reviewed the current CIBA specification. Attached are my detailed comments.

The main points I'd like to highlight are the following :

- It would be very useful to get a dedicated chapter detailing explicitely the Use Cases for which CIBA specification should be used. We did this in UQ spec and I think it is important to have the same thing in CIBA in order to be able to identify clearly the similarities and differences between UQ and CIBA. These chapter would be useful for RP to choose which spec they need for their Use Cases !

- The (re)introduction of the "context" parameter is ambiguous for me and furthermore with a "required" flag . Why (or in which Use Case - see previous remark) do you need to introduce this parameter ? Do You have examples in mind as "context" value ?

- There are a lot of references to OAuth 2.0 or OpenID Connect Core specs but in several context, nothing similar exist in both specs. For example (but it is just one example), the way to push notification in case of error is completely new so it seems to be difficult to refer to OAuth and OpenID Connect specs.

- In my understanding, we agreed in Paris that the client_notification_endpoint would be preregistered and consequently not transmitted as a parameter in the first request.

Looking forward to having your comments on these remarks,

BR,
Charles.
--
[cid:image001.gif at 01D24731.13503980]

MARAIS Charles
Orange Labs Lannion
Tel : +33 (0)2 96 07 24 18
charles.marais at orange.com<mailto:charles.marais at orange.com>
Orange Labs Lannion
2, avenue Pierre Marzin
22307 LANNION Cedex - France

_________________________________________________________________________________________________________________________



Ce message et ses pieces jointes peuvent contenir des informations confidentielles ou privilegiees et ne doivent donc

pas etre diffuses, exploites ou copies sans autorisation. Si vous avez recu ce message par erreur, veuillez le signaler

a l'expediteur et le detruire ainsi que les pieces jointes. Les messages electroniques etant susceptibles d'alteration,

Orange decline toute responsabilite si ce message a ete altere, deforme ou falsifie. Merci.



This message and its attachments may contain confidential or privileged information that may be protected by law;

they should not be distributed, used or copied without authorisation.

If you have received this email in error, please notify the sender and delete this message and its attachments.

As emails may be altered, Orange is not liable for messages that have been modified, changed or falsified.

Thank you.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-mobile-profile/attachments/20161125/927b3470/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.gif
Type: image/gif
Size: 1264 bytes
Desc: image001.gif
URL: <http://lists.openid.net/pipermail/openid-specs-mobile-profile/attachments/20161125/927b3470/attachment-0001.gif>


More information about the Openid-specs-mobile-profile mailing list