[Openid-specs-mobile-profile] Issue #62: CIBA - Support for Spam Prevention code in Authentication Request (openid/mobile)
Petteri Stenius
issues-reply at bitbucket.org
Tue Oct 31 15:22:45 UTC 2017
New issue 62: CIBA - Support for Spam Prevention code in Authentication Request
https://bitbucket.org/openid/mobile/issues/62/ciba-support-for-spam-prevention-code-in
Petteri Stenius:
In the Finnish Mobile PKI service end users may opt-in for a Spam Prevention code [1]. The code must be delivered with the user's Phone Number to the Mobile PKI operator to initiate mobile authentication process.
The Estonian and Lithuanian Mobile PKI service requires as input the end user's Phone Number and Personal Identification Code [2].
Should there be support for these kinds of fields in the CIBA Authentication Request?
It may be possible to encode these fields as service specific claims in login_hint_token, unless the login_hint_token is received from the discovery service.
[1] http://mobiilivarmenne.fi/wp-content/uploads/2017/05/MSS_FiCom_Implementation_guideline.pdf, chapter 6.2.3.2
[2] http://sk-eid.github.io/dds-documentation/#starting-mobile-id-operations
More information about the Openid-specs-mobile-profile
mailing list