[Openid-specs-mobile-profile] MODRNA WG call on April 2nd 2019 preliminary minutes

Venkatasivakumar Boyalakuntla vboyalakuntla at gsma.com
Tue Apr 2 14:53:58 UTC 2019


Can you please also mention the reocmmendations about client credentials flow on client credentials flow, ‘on the verge of deprecation’ and OIDF does not recommend client credentials flow.  Since client credentials flow uses symmetric keys,  security loopsholes etc., and everybody is moving towards JWT assertion model.  Seems you have forgotten.


Best regards,
/Siva


******************************************************************
Venkatasivakumar Boyalakuntla | Technical Expert |Mobile Connect Architecture | Identity| GSM Association |
@: vboyalakuntla at gsma.com<mailto:vboyalakuntla at gsma.com> | @Mob : 00447710020425 | @skype: sivaboyalakuntla |
2nd Floor, The Wallbrook Building, 25 Wallbrook, London EC4N 8AF, United Kingdom |
Quotes to remember : Where the mind is without fear and the head is held high; Where Knowledge is Free …….
Arise Awake and stop not till the goal is reached…..!!
******************************************************************
[id:image001.png at 01D38957.6E624390]



From: "philippe.clement at orange.com" <philippe.clement at orange.com>
Date: Tuesday, 2 April 2019 at 15:51
To: Bjorn Helm <Bjorn.Hjelm at VerizonWireless.com>, "openid-specs-mobile-profile at lists.openid.net" <openid-specs-mobile-profile at lists.openid.net>, Venkatasivakumar Boyalakuntla <vboyalakuntla at gsma.com>, Gautam Hazari <GHazari at gsma.com>, "Dave Tonge (dave.tonge at momentumft.co.uk)" <dave.tonge at momentumft.co.uk>, Brian Campbell <bcampbell at pingidentity.com>, Torsten Lodderstedt <torsten at lodderstedt.net>
Subject: MODRNA WG call on April 2nd 2019 preliminary minutes

Dear all,
Please find below the preliminary minutes of our MODRNA call on April 2nd 2019.
In case of error or misunderstanding, please let me know.
Roll Call
Bjorn Hjelm (Verizon), John Bradley, Philippe Clément (Orange), Jörg, Petteri (Ubisecure), Siva(GSMA)
Adoption of the Agenda [Bjorn/John]
Agenda agreed
External Organizations
GSMA [Siva]
Update by Siva on different approved documents and specs. CIBA polling approved, User Questionning on its way to be approved.
Discussion/question about http error code when polling to the polling endpoint. Code 102 is concerned.
GSMA LOA4 capabilities, signature approved by CPAS.

Questions regarding evidence of SP has captured consent.
Working Group Updates
FAPI WG [Dave]
Spec. Status
MODRNA CIBA Profile [Dave/Gonzalo/Axel]
Issue Tracker
·         MODRNA CIBA Profile<https://eur03.safelinks.protection.outlook.com/?url=https%3A%2F%2Fbitbucket.org%2Fopenid%2Fmobile%2Fissues%3Fstatus%3Dnew%26status%3Dopen%26component%3DMODRNA%2520Profile%2520CIBA&data=02%7C01%7Cvboyalakuntla%40gsma.com%7C374a290251094fe7616e08d6b77aa2a8%7C72a4ff82fec3469daafbac8276216699%7C0%7C0%7C636898134692686082&sdata=SIIn8wgJ0HMQE%2FnlaTER89NnG9AQr88c%2F%2BOl7q4%2BbJg%3D&reserved=0>  [Dave/Gonzalo/Axel]
·         CIBA Core<https://eur03.safelinks.protection.outlook.com/?url=https%3A%2F%2Fbitbucket.org%2Fopenid%2Fmobile%2Fissues%3Fstatus%3Dnew%26status%3Dopen%26component%3DCIBA&data=02%7C01%7Cvboyalakuntla%40gsma.com%7C374a290251094fe7616e08d6b77aa2a8%7C72a4ff82fec3469daafbac8276216699%7C0%7C0%7C636898134692696082&sdata=5oL4fB6JOVxuq78DlODMv0m%2FLnadkdMtuvDoquAMrE0%3D&reserved=0> (Post-Implementer’s Draft) [Dave/Brian/Gonzalo/Axel]
Authentication profile (Jörg)
#61: Please provide more examples, potentially with Swagger representation<https://eur03.safelinks.protection.outlook.com/?url=https%3A%2F%2Fbitbucket.org%2Fopenid%2Fmobile%2Fissues%2F61%2Fplease-provide-more-examples-potentially&data=02%7C01%7Cvboyalakuntla%40gsma.com%7C374a290251094fe7616e08d6b77aa2a8%7C72a4ff82fec3469daafbac8276216699%7C0%7C0%7C636898134692706087&sdata=qBXrP7VFdIKJQQN80v%2Bknvek8qqEjIxfZem2Hr5GMYA%3D&reserved=0>
Swagger representation or OpenAPI document doesn’t appear to be useful.
·         Jörg to update the issue
#43: Additional security considerations/mitigations regarding phishing of OOB authentication<https://eur03.safelinks.protection.outlook.com/?url=https%3A%2F%2Fbitbucket.org%2Fopenid%2Fmobile%2Fissues%2F43%2Fadditional-security-considerations&data=02%7C01%7Cvboyalakuntla%40gsma.com%7C374a290251094fe7616e08d6b77aa2a8%7C72a4ff82fec3469daafbac8276216699%7C0%7C0%7C636898134692706087&sdata=oovWXs5j0QNPt97ElZkEstmysAZ6hBxkV9Rwn7eb8Mo%3D&reserved=0>
·         John to look after it in the following days.



Best regards,
Philippe


_________________________________________________________________________________________________________________________



Ce message et ses pieces jointes peuvent contenir des informations confidentielles ou privilegiees et ne doivent donc

pas etre diffuses, exploites ou copies sans autorisation. Si vous avez recu ce message par erreur, veuillez le signaler

a l'expediteur et le detruire ainsi que les pieces jointes. Les messages electroniques etant susceptibles d'alteration,

Orange decline toute responsabilite si ce message a ete altere, deforme ou falsifie. Merci.



This message and its attachments may contain confidential or privileged information that may be protected by law;

they should not be distributed, used or copied without authorisation.

If you have received this email in error, please notify the sender and delete this message and its attachments.

As emails may be altered, Orange is not liable for messages that have been modified, changed or falsified.

Thank you.

.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-mobile-profile/attachments/20190402/65ba7fec/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.png
Type: image/png
Size: 86376 bytes
Desc: image001.png
URL: <http://lists.openid.net/pipermail/openid-specs-mobile-profile/attachments/20190402/65ba7fec/attachment-0001.png>


More information about the Openid-specs-mobile-profile mailing list