<html>
<head>
<meta content="text/html; charset=windows-1252"
http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<p>Hi,</p>
<p>In my point of view, this parameter makes sense only on
backchannel initiated sepcification (CIBA). For Uses Cases where a
user-agent is involved, this functionality should be performed by
the OP itself (and displayed by the OP on the consumption devide)
and not transmitted by the SP.<br>
</p>
<p>So, for me, it should only be present in CIBA and would be used
by the SP only if a consumtion device is involved (on which the
binding_message could be displayed). <br>
</p>
<p>So clearly, OPTIONAL for me !</p>
<p>Br,<br>
</p>
<p>Charles.<br>
</p>
<br>
<div class="moz-cite-prefix">Le 29/11/2016 à 11:00,
<a class="moz-txt-link-abbreviated" href="mailto:Axel.Nennker@telekom.de">Axel.Nennker@telekom.de</a> a écrit :<br>
</div>
<blockquote
cite="mid:02f7c2b5a46e40b68b3bb729ae04526d@HE101654.emea1.cds.t-internal.com"
type="cite">
<pre wrap="">I removed context and put binding_message back in.
<a class="moz-txt-link-freetext" href="https://bitbucket.org/openid/mobile/commits/7b27654d636a93324c3b556ebe21f2b4d66456b5">https://bitbucket.org/openid/mobile/commits/7b27654d636a93324c3b556ebe21f2b4d66456b5</a>
Although the definition from MODRNA Authentication seems questionable in CIBA because CIBA does not really mention the consumption device.
This is the text from MODRNA Authentication:
" <t hangText="binding_message">
OPTIONAL. This is a new parameter. An Interlock message to tie the consumption
device and the authentication device together.
How to ensure that the message is actually shown on all relevant
devices is out of the scope of this document.
Possible values and constraints are specified in
<xref target="binding_message_details" />.
Ways to protect the integrity of the binding_message are discussed
in <xref target="security_considerations" />.
</t>
"
In the last version of CIBA "context" was REQUIRED while in the version I copied binding_message back from it was OPTIONAL.
I resurrected binding_message as OPTIONAL.
What do you think about OPTIONAL versus REQUIRED?
// Axel
_______________________________________________
Openid-specs-mobile-profile mailing list
<a class="moz-txt-link-abbreviated" href="mailto:Openid-specs-mobile-profile@lists.openid.net">Openid-specs-mobile-profile@lists.openid.net</a>
<a class="moz-txt-link-freetext" href="http://lists.openid.net/mailman/listinfo/openid-specs-mobile-profile">http://lists.openid.net/mailman/listinfo/openid-specs-mobile-profile</a>
</pre>
</blockquote>
<br>
<div class="moz-signature">-- <br>
<font face="TIMES"><font size="2">
<img src="cid:part1.1F09AB4C.3FA8C91E@orange.com" <br="">
<font color="BLACK">
<br>
<b> MARAIS Charles </b><br>
<b> Orange Labs Lannion</b></font><br>
Tel : +33 (0)2 96 07 24 18 <br>
<a href="mailto:charles.marais@orange.com">charles.marais@orange.com</a><br>
Orange Labs Lannion <br>
2, avenue Pierre Marzin <br>
22307 LANNION Cedex - France
<br>
<br>
<br>
</font></font></div>
<PRE>_________________________________________________________________________________________________________________________
Ce message et ses pieces jointes peuvent contenir des informations confidentielles ou privilegiees et ne doivent donc
pas etre diffuses, exploites ou copies sans autorisation. Si vous avez recu ce message par erreur, veuillez le signaler
a l'expediteur et le detruire ainsi que les pieces jointes. Les messages electroniques etant susceptibles d'alteration,
Orange decline toute responsabilite si ce message a ete altere, deforme ou falsifie. Merci.
This message and its attachments may contain confidential or privileged information that may be protected by law;
they should not be distributed, used or copied without authorisation.
If you have received this email in error, please notify the sender and delete this message and its attachments.
As emails may be altered, Orange is not liable for messages that have been modified, changed or falsified.
Thank you.
</PRE></body>
</html>