[Openid-specs-mobile-profile] MODRNA WG call on Jan 8th 2019 preliminary minutes

philippe.clement at orange.com philippe.clement at orange.com
Wed Jan 9 09:48:31 UTC 2019


Dear all,

Please find below the preliminary minutes of our call on Jan 8th 2019. In case of errors or misunderstandings, please let me know.

1.      Roll Call (extract from gotomeeting list of participants)

John Bradley, Nat Sakimura, Philippe Clement (Orange), Bjorn Hjelm (Verizon), Brian Campbell (Ping Identity), Petteri (Ubisecure), Dave.Tonge (Moneyhub), Joseph
2.      Adoption of the Agenda [Bjorn/John]
3.      Agreed
4.
5.      External Organizations
*       GSMA [Siva]

N/A
4.      Working Group Updates
*       FAPI WG [Dave]
*       FAPI CIBA profile being processed. Could have impacts on the MODRNA profile.
5.      Spec. Status
*       CIBA  Core/MODRNA Profile [Dave/Brian/Gonzalo/Axel]
*
*       CIBA Core relevant dates:
*       Implementer's Draft public review period: Friday, December 14, 2018 - Monday, January 28, 2019
*       Implementer's Draft vote announcement: Monday, January 14, 2019
*       Implementer's Draft voting period: Monday, January 21, 2019 - Monday, February 4, 2019
*       Discussion on the process for addressing new issues received during the public review period
*       Few of the issues represent braking changes. Updates will be incorporated in the stable version of the CIBA doc.
*       Nat: after reread the process document, seems not wishable to start another review period after the first one.
*       Implementers draft is aimed mostly at providing IPR protection. In case of not normative change, no IPR impacts are forecasted.
*       Rationale: every change has to be approved by the working group.
*       The group decides that changes must be written and sent to the group for acknowledgment. If we need more time, the voting period could be delayed. (today this period is supposed to begin on Jan 21s).
*       The agreed method is to exchange by mail to have a clear view for next Monday and be sure to be confortable for Jan 21st.
*       Authentication Profile [Joerg]
6.      Issue Tracker
*       CIBA Core<https://bitbucket.org/openid/mobile/issues?status=new&status=open&component=CIBA> [Dave/Brian/Gonzalo/Axel]

#146: client_notification_token seem redundant<https://bitbucket.org/openid/mobile/issues/146/client_notification_token-seem-redundant>
Brian: 1st Suggestion to remove. Could it be still useful for some architecture ? leaning towards simplifying the spec by removing it. Removing has implementation benefit. John suggests to not make a change until security review. After that, a simplification could occur. Not a great pressure to change it now.
General consensus: not make the change. Need more indeep review to find the marginal benefits of simplification.
==>     Brian to close it.

#147: CIBA Grant Type namespace<https://bitbucket.org/openid/mobile/issues/147/ciba-grant-type-namespace>
Brian has a proposal and a change to make it more generic --> OK for the group
#148: CIBA - OpenID Provider Metadata<https://bitbucket.org/openid/mobile/issues/148/ciba-openid-provider-metadata>
==>     Brian to propose text, editorial change

#145: 7.3 expires_in and interval should be required to be integers<https://bitbucket.org/openid/mobile/issues/145/73-expires_in-and-interval-should-be>
==>     Brian: Text will explicitely mention that. OK before the voting period

#149: CIBA: login_hint_token_signing_algorithms_supported<https://bitbucket.org/openid/mobile/issues/149/ciba>
==>     Issue to be closed

#144: clients may want to influence lifetime of auth_req_id<https://bitbucket.org/openid/mobile/issues/144/clients-may-want-to-influence-lifetime-of>

Some disagreements in seeing the client modify the lifetime. Adding a timeout ? maximum time to live ?
==>     Joseph to propose the text: parameter definition and how to use it, to the list. Before end of week

#135: token endpoint response when client polls quicker than 'internal' may be unclear<https://bitbucket.org/openid/mobile/issues/135/token-endpoint-response-when-client-polls>
We should avoid on the server side to track the auth_request_id, that could be a burden. New error code ? Invalid grant ? Client is misbehaving. Is an explicit error better ?
==>     Joseph to propose text to solve the issue.

 #85: CIBA: Notifying the Client when a user fails to authenticate<https://bitbucket.org/openid/mobile/issues/85/ciba-notifying-the-client-when-a-user>
#143: CIBA: error=expired_token in the push mode<https://bitbucket.org/openid/mobile/issues/143/ciba-error-expired_token-in-the-push-mode>
==>     Bjorn to resume issues and see with Brian and Dave to solve before next week

#133: binding_message uses possibly undefined "plain text" term<https://bitbucket.org/openid/mobile/issues/133/binding_message-uses-possibly-undefined>
==>     Dave and Brian To propose some text before the end of the week
*       MODRNA CIBA Profile<https://bitbucket.org/openid/mobile/issues?status=new&status=open&component=MODRNA%20Profile%20CIBA>  [Dave/Brian/Gonzalo/Axel]
*       Authentication Profile<https://bitbucket.org/openid/mobile/issues?status=new&status=open&component=Authentication> [Joerg]
7.      AOB
We shouldn't need a call next week, unless further mention on the list

Best regards,
Philippe


_________________________________________________________________________________________________________________________

Ce message et ses pieces jointes peuvent contenir des informations confidentielles ou privilegiees et ne doivent donc
pas etre diffuses, exploites ou copies sans autorisation. Si vous avez recu ce message par erreur, veuillez le signaler
a l'expediteur et le detruire ainsi que les pieces jointes. Les messages electroniques etant susceptibles d'alteration,
Orange decline toute responsabilite si ce message a ete altere, deforme ou falsifie. Merci.

This message and its attachments may contain confidential or privileged information that may be protected by law;
they should not be distributed, used or copied without authorisation.
If you have received this email in error, please notify the sender and delete this message and its attachments.
As emails may be altered, Orange is not liable for messages that have been modified, changed or falsified.
Thank you.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-mobile-profile/attachments/20190109/3f47b783/attachment.html>


More information about the Openid-specs-mobile-profile mailing list