[Openid-specs-mobile-profile] Mobile Profile WG Call on June 14th preliminary minutes

philippe.clement at orange.com philippe.clement at orange.com
Thu Jun 15 14:46:35 UTC 2017


Thanks to feedback from the list, here is an updated (in red) version of meeting notes :

Participants :
Bjorn, Axel, Philippe, Charles, Gonzalo

Agenda :
1.      CPAS feedback post-Workshop meeting [Siva]
2.      Issue Tracker [All] #52 to #56
3.
Discussion:
1.      CPAS feedback post-Workshop meeting [Siva]
Not addressed

2.      Issue Tracker [All]
*       #52<https://bitbucket.org/openid/mobile/issues/52/ciba-pairwise-identifiers-structuring-text>
signed request object: it seems to not be enough, keep 52 open until John comment.
==>     John to comment
*       #53<https://bitbucket.org/openid/mobile/issues/53/ciba-terminology-consumption-device>
*       CIBA terminology of consumption device on front channel. Axel changed it. Nobody disagrees, change approved.
Issue closed
*       #54<https://bitbucket.org/openid/mobile/issues/54/ciba-client-notification-endpoint>
CIBA BackChannel endpoint authentication.
The client sending an auth request with a bearer token, used to authenticate the ID Provider. Client endpoint must be able to authenticate the OP. This feature is in CIBA from the beginning. John mentioned that banks wouldn't use bearer tokens.
Could be interesting to allow other kinds of mechanism to authenticate the OP. One possibility is a bearer token, but other means could work too.
==>     Axel to ask to FAPI team what they think
*       #55<https://bitbucket.org/openid/mobile/issues/55/ciba-signed-result-objects>
*       CIBA sends the result object, in S2S communication. FAPI team wants non repudiation. Id Token must be signed, is it enough ? do we need and is there a way to sign the whole response ?
==>     Axel to ask to FAPI team what they think
*       #56<https://bitbucket.org/openid/mobile/issues/56/signed-request-object-authentication>
*       How to choose between OIDC spec or the JWT spec, as they seem to not be totally consistent ?
*       Email occurred on the list.
*       The signed request object should be OK, because we are in S2S exchanges. in the JWT, only the expiration param is mandatory.
*       --> Question for John.
3.      Closing old issues in Issue Tracker [Axel]
4.      Go through the old issues on the next call.
4.      AOB
   Axel: how to make categories on Bitbucket.
Bjorn took an action to reach out to John and Mike (Jones) again to get this resolved.

Best regards,
Philippe


_________________________________________________________________________________________________________________________

Ce message et ses pieces jointes peuvent contenir des informations confidentielles ou privilegiees et ne doivent donc
pas etre diffuses, exploites ou copies sans autorisation. Si vous avez recu ce message par erreur, veuillez le signaler
a l'expediteur et le detruire ainsi que les pieces jointes. Les messages electroniques etant susceptibles d'alteration,
Orange decline toute responsabilite si ce message a ete altere, deforme ou falsifie. Merci.

This message and its attachments may contain confidential or privileged information that may be protected by law;
they should not be distributed, used or copied without authorisation.
If you have received this email in error, please notify the sender and delete this message and its attachments.
As emails may be altered, Orange is not liable for messages that have been modified, changed or falsified.
Thank you.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-mobile-profile/attachments/20170615/ff2bb272/attachment.html>


More information about the Openid-specs-mobile-profile mailing list