[Openid-specs-mobile-profile] Mobile Profile WG Call on Feb 8th 2017 final notes

philippe.clement at orange.com philippe.clement at orange.com
Mon Feb 13 15:27:48 UTC 2017


Dear all,
Please find below the final notes of our call on Feb 8th 2017

Participants: John, Charles, Nicolas, Bjorn, Siva, Philippe
1.      Agenda :
1.      Evidence of consent [Ref: Axel e-mail from Jan. 17]
2.      Account Porting updates/discussion [Siva]
3.      Mobile Connect Access Token retrieval in Back Channel invocation discussion status [Siva]
4.      Next MODRNA-CPAS workshop [Bjorn]

Discussion:
1.      Evidence of consent [Ref: Axel e-mail from Jan. 17]
No discussion on the list, this subject is considered as a less priority from CPAS. Topic deferred to another call when Axel can attend.
2.      Account Porting updates/discussion
For Mobile Connect, the last spec is sufficient. However, it's asked from editor (James Manger) to attend CPAS and make a brief presentation of the doc.
==>     Bjorn to start the implementers draft process,
some comments can be provided during the public review.
Bjorn to check with James the last spec status.

3.      Mobile Connect Access Token retrieval in Back Channel invocation discussion status

>From CPAS group, the collection of MNO opinions has started. It's wishable to gain progress in the discussions, topic still open in CPAS.
Charles started a discussion on the mailing list about Orange proposal, shared in CPAS.
The proposal is how to get an access token in Back Channel (BC) mode, taking into consideration that any MNO can enforce live user consent or not . When not, this means the consent has been collected Out of Band.

Discussion then leads to consider new grant type, asynchronous mode, signed JWT assertions. Response from the OP to the SP could be a refresh token or any artifact to poll with.
Other groups in OIDF can be interested in this work (and mentioned on the call) like FAPI WG, spec to be addressed in MODRNA.
==>     John to write a summary of his proposal and provide it to the list, describing new grant type based on signed JWT assertion

Discussion about security concerns in OAuth2.0 workgroup, published by blackHat last summer. First approach considers implementation methods rather than protocol adaptations, discussed in OAuth WorkGroup.
==>     SIVA to provide more information about Black Hat diffusion.
4.      Next MODRNA-CPAS workshop [Bjorn]
Placeholder to put on May 11th and 12th 2017. Bjorn asks to everyone  if the date is acceptable. Verizon can host  at these dates.

Kind regards,
Philippe





_________________________________________________________________________________________________________________________

Ce message et ses pieces jointes peuvent contenir des informations confidentielles ou privilegiees et ne doivent donc
pas etre diffuses, exploites ou copies sans autorisation. Si vous avez recu ce message par erreur, veuillez le signaler
a l'expediteur et le detruire ainsi que les pieces jointes. Les messages electroniques etant susceptibles d'alteration,
Orange decline toute responsabilite si ce message a ete altere, deforme ou falsifie. Merci.

This message and its attachments may contain confidential or privileged information that may be protected by law;
they should not be distributed, used or copied without authorisation.
If you have received this email in error, please notify the sender and delete this message and its attachments.
As emails may be altered, Orange is not liable for messages that have been modified, changed or falsified.
Thank you.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-mobile-profile/attachments/20170213/0732a107/attachment.html>


More information about the Openid-specs-mobile-profile mailing list