[Openid-specs-mobile-profile] Mobile Profile WG Call on June 28th 2017 preliminary minutes

philippe.clement at orange.com philippe.clement at orange.com
Wed Jul 5 07:39:01 UTC 2017


Please find below the preliminary minutes of our last MODRNA call on June 28th 2017.
It was a dense discussion on issues tracker, so don't hesitate to correct me in case of misunderstandings.

   Participants: Axel,  Nicolas, Hubert, Bjorn, Dave Tonge, John, Gonzalo, Siva

Agenda
1.      1- Roll Call and Adoption of the Agenda [Bjorn/John]
2.      2- Liaisons
*       GSMA
3.      3- Events
*       Cloud Identity Summit feedback [Bjorn]
4.      4- Issue Tracker [All]
*       #1<https://bitbucket.org/openid/mobile/issues/1/context-service-provider-wants-to> [Jörg]
*       #31<https://bitbucket.org/openid/mobile/issues/31/how-to-react-if-login_hint-and> [Jörg]
*       #52<https://bitbucket.org/openid/mobile/issues/52/ciba-pairwise-identifiers-structuring-text>
*       #54<https://bitbucket.org/openid/mobile/issues/54/ciba-client-notification-endpoint>
*       #55<https://bitbucket.org/openid/mobile/issues/55/ciba-signed-result-objects>
*       #56<https://bitbucket.org/openid/mobile/issues/56/signed-request-object-authentication>
*       #57<https://bitbucket.org/openid/mobile/issues/57/client-initiated-backend-authentication>
5- CPAS-MODRNA Alignment Call next Monday (July 3)
5.      6- AOB

Discussion
1.      1- Roll Call and Adoption of the Agenda [Bjorn/John]
2.      checked
3.
4.      2- Liaisons
*       GSMA
*       In CPAS, presentation of discovery. question raised about discovery in different countries
*       For example, ISP in india don't resolve the host name, redirection of traffic is at stake.
*       --> All: to take a look at the minutes of this discussion.
*       During discussion, questions about how secrets of the SP are handled.
3.
4.      3- Events
*       Cloud Identity Summit feedback [Bjorn]
*       Presentation of the MODRNA WG. Questions about MC. Partly educational to people on the way how we do MODRNA.
*       Good topics and participation.
4.
5.      4- Issue Tracker [All]
*       #1<https://bitbucket.org/openid/mobile/issues/1/context-service-provider-wants-to> and #31<https://bitbucket.org/openid/mobile/issues/31/how-to-react-if-login_hint-and> [Jörg]
*       Way to solve offline ? people to write comments on the issues and to be closed in the next call
*       #52<https://bitbucket.org/openid/mobile/issues/52/ciba-pairwise-identifiers-structuring-text>
A lot of discussions on pairwise identifiers.
Axel: the concern is the impossibility to validate a client using CIBA when polling is used. One suggestion could be for a new client to use asymmetric keys, and in the case of CIBA, to have a notification URL, inside the URL area.
For that, a preference goes to change the MODRNA dynamic registration spec.
Gonzalo suggests that the information about this client going to use the CIBA spec should be established from the registration phase. If not having JWKs, this client should not be allowed to use polling. John mentions it's one way to do. Saying what kind of client you are could be another way. Modifying the dynamic registration spec is necessary to consider the new parameter, it's a new setting for CIBA UC. We don't have any way to support symmetric client secret for posting back. A possibility is to insert this information in CIBA description of an extension to dynamic  registration. OIDC dynamic registration could be updated in the future and until this, keep it in CIBA.
No client management exists, no possibility to change the SIU. For CIBA a client needs to register JWKs and SIU area.
==>     Axel to write some text on this. See https://xml2rfc.tools.ietf.org/cgi-bin/xml2rfc.cgi?Submit=Submit&format=ascii&mode=html&type=ascii&url=https://bitbucket.org/openid/mobile/raw/tip/draft-mobile-client-initiated-backchannel-authentication.xml?at=default#rfc.section.4
The only problem we have is with polling. GSMA doesn't support asymmetric keys. Precisions are requested from GSMA about identity for SPs. How GSMA validates a SP ? it's not automatically done.  If you move the identity verification at that level, you should check usage of SIU.
Do we really need the polling mechanism in CIBA ? one answer is to give support for IOT clients, use case to be confirmed. Poland wanted polling and CIBA, but work with the notification for the moment, and confirmed In CPAS it's ok if we cannot use polling.
John: the software statement has to be considered, we have problems with symmetrical credentials. We have to push the problem in different places.
*       #54<https://bitbucket.org/openid/mobile/issues/54/ciba-client-notification-endpoint>
*       Axel sent a mail to FAPI, a response is awaited. Dave: to check with FAPI and profile.
--> Feedback by Dave by the end of the week
*       #55<https://bitbucket.org/openid/mobile/issues/55/ciba-signed-result-objects>
*       #56<https://bitbucket.org/openid/mobile/issues/56/signed-request-object-authentication>
*       #57<https://bitbucket.org/openid/mobile/issues/57/client-initiated-backend-authentication>
*       Go through a dynamic registration . Keep it open until a solution is found on 52

5- CPAS-MODRNA Alignment Call next Monday (July 3)
5.      7AM pacific. To circulate through CPAS people.
6.
6- AOB
7.      FAPI has 2 different call times, subscribe to FAPI list to attend.
8.      FAPI WG meeting scheduled on MS offices on July 12th

   Best regards,
   Philippe


_________________________________________________________________________________________________________________________

Ce message et ses pieces jointes peuvent contenir des informations confidentielles ou privilegiees et ne doivent donc
pas etre diffuses, exploites ou copies sans autorisation. Si vous avez recu ce message par erreur, veuillez le signaler
a l'expediteur et le detruire ainsi que les pieces jointes. Les messages electroniques etant susceptibles d'alteration,
Orange decline toute responsabilite si ce message a ete altere, deforme ou falsifie. Merci.

This message and its attachments may contain confidential or privileged information that may be protected by law;
they should not be distributed, used or copied without authorisation.
If you have received this email in error, please notify the sender and delete this message and its attachments.
As emails may be altered, Orange is not liable for messages that have been modified, changed or falsified.
Thank you.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-mobile-profile/attachments/20170705/022320fa/attachment.html>


More information about the Openid-specs-mobile-profile mailing list