[Openid-specs-mobile-profile] MODRNA WG minutes Call on dec 14th 2016
nicolas.aillery at orange.com
nicolas.aillery at orange.com
Wed Dec 21 16:41:28 UTC 2016
Hello Jörg and John,
There will be a GSMA workshop in London on January 10th.
We'll discuss about "MC Authorise" product, CIBA and User Questioning, and we'll need a clear position from the OIDF on how should "MC Authorise" be handled by OIDF standards.
Do you think you can provide us with first results of your study (i.e. "Jörg and John will work on writing down the CIBA use case, and sort out the binding message and context parameters situation, and describe whether UQ or CIBA are concerned") before this workshop?
De : CLEMENT Philippe IMT TECHNO
Envoyé : mercredi 14 décembre 2016 18:17
À : Torsten.Lodderstedt at telekom.de<mailto:Torsten.Lodderstedt at telekom.de>; openid-specs-mobile-profile at lists.openid.net<mailto:openid-specs-mobile-profile at lists.openid.net>
Objet : MODRNA WG minutes Call on dec 14th 2016
Please find below the preliminary minutes of our call. Any error, misunderstanding, please let me know.
Torsten, Petteri, Philippe, Nicolas, Jörg, Siva, Bjorn, Gonzalo
1- Move draft specs UQ, CIBA, account portability and Authentication to implementers draft
2- Asynchronous notification mode, Petteri proposal
Torsten first announces his leaving of DT and of Chairman position of the MODRNA OIF WG. Makes a proposal for Bjorn to handover the position (to be held by a MNO representative). No objection is heard on the call and Bjorn is consensually agreed to chair the MODRNA WG.
Many thanks to Torsten for having chaired this MODRNA WG and best wishes for his next future in the startup agile environment !
1- Implementers draft
Torsten proposal to move UQ, CIBA, account porting and Authentication in the Implementers draft status.
Remarks done on the lack of Use Cases in CIBA specs that could have helped to better understand the document, and avoid ambiguities and misinterpretations on the objectives of the specs.
Gonzalo mentions his working on the topic.
Torsten proposal is to write into the document that CIBA is specified for backchannel server authentication, being the same as OIDF core 1.0, but for backchannel authentication.
Some cases are show during the call. Questions arise about the Use Cases that could influence the text displayed on the user authentication device, especially from SP.
It is important to separate backchannel authentication from transaction acknowledgement.
==> Jörg and John will work on writing down the CIBA use case, and sort out the binding message and context parameters situation, and describe whether UQ or CIBA are concerned.
2- Petteri proposal
Two proposals were made to the list for asynchronous notifications:
1- HTTP level polling generalizing.
2- Callback mechanism, defined in Paris meeting where push turned into pull method
Question is raised about John's proposal to "generalize" notification (pull or push) across the OIF global specifications. We will first try to sort out the question for MODRNA specs.
Someone with good knowledge of HTTP mechanisms would be appropriate to take over the work.
Having this question solved in a generic manner in MODRNA WG will help then to adapt UQ and CIBA specs.
==> Petteri volunteers for describing precisely and document his proposal, mentioning the pros and cons of each method.
Ce message et ses pieces jointes peuvent contenir des informations confidentielles ou privilegiees et ne doivent donc
pas etre diffuses, exploites ou copies sans autorisation. Si vous avez recu ce message par erreur, veuillez le signaler
a l'expediteur et le detruire ainsi que les pieces jointes. Les messages electroniques etant susceptibles d'alteration,
Orange decline toute responsabilite si ce message a ete altere, deforme ou falsifie. Merci.
This message and its attachments may contain confidential or privileged information that may be protected by law;
they should not be distributed, used or copied without authorisation.
If you have received this email in error, please notify the sender and delete this message and its attachments.
As emails may be altered, Orange is not liable for messages that have been modified, changed or falsified.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Openid-specs-mobile-profile