[Openid-specs-mobile-profile] CIBA binding_message

charles.marais at orange.com charles.marais at orange.com
Wed Nov 30 11:51:39 UTC 2016 

Hi,

In my point of view, this parameter makes sense only on backchannel 
initiated sepcification (CIBA). For Uses Cases where a user-agent is 
involved, this functionality should be performed by the OP itself (and 
displayed by the OP on the consumption devide) and not transmitted by 
the SP.

So, for me, it should only be present in CIBA and would be used by the 
SP only if a consumtion device is involved (on which the binding_message 
could be displayed).

So clearly, OPTIONAL for me !

Br,

Charles.


Le 29/11/2016 à 11:00, Axel.Nennker at telekom.de a écrit :
> I removed context and put binding_message back in.
> https://bitbucket.org/openid/mobile/commits/7b27654d636a93324c3b556ebe21f2b4d66456b5
> Although the definition from MODRNA Authentication seems questionable in CIBA because CIBA does not really mention the consumption device.
>
> This is the text from MODRNA Authentication:
>
> "				<t hangText="binding_message">
> 				    OPTIONAL. This is a new parameter. An Interlock message to tie the consumption
> 				    device and the authentication device together.
> 				    How to ensure that the message is actually shown on all relevant
> 				    devices is out of the scope of this document.
> 				    Possible values and constraints are specified in
> 				    <xref target="binding_message_details" />.
> 				    Ways to protect the integrity of the binding_message are discussed
> 				    in <xref target="security_considerations" />.
> 				</t>
> "
>
> In the last version of CIBA "context" was REQUIRED while in the version I copied binding_message back from it was OPTIONAL.
> I resurrected binding_message as OPTIONAL.
>
> What do you think about OPTIONAL versus REQUIRED?
>
> // Axel
>
>
> _______________________________________________
> Openid-specs-mobile-profile mailing list
> Openid-specs-mobile-profile at lists.openid.net
> http://lists.openid.net/mailman/listinfo/openid-specs-mobile-profile
>

-- 

*MARAIS Charles *
*Orange Labs Lannion*
Tel : +33 (0)2 96 07 24 18
charles.marais at orange.com <mailto:charles.marais at orange.com>
Orange Labs Lannion
2, avenue Pierre Marzin
22307 LANNION Cedex - France



_________________________________________________________________________________________________________________________

Ce message et ses pieces jointes peuvent contenir des informations confidentielles ou privilegiees et ne doivent donc
pas etre diffuses, exploites ou copies sans autorisation. Si vous avez recu ce message par erreur, veuillez le signaler
a l'expediteur et le detruire ainsi que les pieces jointes. Les messages electroniques etant susceptibles d'alteration,
Orange decline toute responsabilite si ce message a ete altere, deforme ou falsifie. Merci.

This message and its attachments may contain confidential or privileged information that may be protected by law;
they should not be distributed, used or copied without authorisation.
If you have received this email in error, please notify the sender and delete this message and its attachments.
As emails may be altered, Orange is not liable for messages that have been modified, changed or falsified.
Thank you.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-mobile-profile/attachments/20161130/8498fbf0/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: orange_logo.gif
Type: image/gif
Size: 1264 bytes
Desc: not available
URL: <http://lists.openid.net/pipermail/openid-specs-mobile-profile/attachments/20161130/8498fbf0/attachment.gif>

More information about the Openid-specs-mobile-profile mailing list