[Openid-specs-mobile-profile] MODRNA WG final minutes Call on dec 14th 2016

philippe.clement at orange.com philippe.clement at orange.com
Wed Jan 25 08:15:50 UTC 2017


Dear all,

Please find below the final minutes of our call.

Participants:
Torsten, Petteri, Philippe, Nicolas, Jörg, Siva, Bjorn, Gonzalo

Agenda:
1-      Move draft specs UQ, CIBA, account portability and Authentication to implementers draft
2-      Asynchronous notification mode, Petteri proposal

Torsten first announces his leaving of DT and of Chairman position of the MODRNA OIF WG. Makes a proposal for Bjorn to handover the position (to be held by a MNO representative). No objection is heard on the call and Bjorn is consensually agreed to chair the MODRNA WG.
Many thanks to Torsten for having chaired this MODRNA WG and best wishes for his next future in the startup agile environment !

Discussion
1-      Implementers draft

Torsten proposes to move Authentication, Account Porting, CIBA, and User Questioning API to Implementers Draft status, no objections are noted.

Remarks done on the lack of Use Cases in CIBA specs that could have helped to better understand the document, and avoid ambiguities and misinterpretations on the objectives of the specs.
Gonzalo mentions his working on the topic.
Torsten proposal is to write into the document that CIBA is specified for backchannel server authentication, being the same as OIDF core 1.0, but for backchannel authentication.

Some cases are shown during the call. Questions arise about the Use Cases that could influence the text displayed on the user authentication device, especially from SP.
It is important to separate backchannel authentication from transaction acknowledgement.

==>     Jörg and John will work on writing down the CIBA use case, and sort out the binding message and context parameters situation, and describe whether UQ or CIBA are concerned.

2-      Petteri proposal

Two proposals were made to the list for asynchronous notifications:
1-      HTTP level polling generalizing.
2-      Callback mechanism, defined in Paris meeting where push turned into pull method

Question is raised about John's proposal to "generalize" notification (pull or push) across the OIF global specifications. We will first try to sort out the question for MODRNA specs.
Someone with good knowledge of HTTP mechanisms would be appropriate to take over the work.
Having this question solved in a generic manner in MODRNA WG will help then to adapt UQ and CIBA specs.

==>     Petteri  volunteers for describing precisely and document his proposal, mentioning the pros and cons of each method.

Best regards,
Philippe


_________________________________________________________________________________________________________________________

Ce message et ses pieces jointes peuvent contenir des informations confidentielles ou privilegiees et ne doivent donc
pas etre diffuses, exploites ou copies sans autorisation. Si vous avez recu ce message par erreur, veuillez le signaler
a l'expediteur et le detruire ainsi que les pieces jointes. Les messages electroniques etant susceptibles d'alteration,
Orange decline toute responsabilite si ce message a ete altere, deforme ou falsifie. Merci.

This message and its attachments may contain confidential or privileged information that may be protected by law;
they should not be distributed, used or copied without authorisation.
If you have received this email in error, please notify the sender and delete this message and its attachments.
As emails may be altered, Orange is not liable for messages that have been modified, changed or falsified.
Thank you.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-mobile-profile/attachments/20170125/4b15fffe/attachment-0001.html>


More information about the Openid-specs-mobile-profile mailing list