<html>
<head>
<meta content="text/html; charset=UTF-8" http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<p>Hi Axel,<br>
<br>
My comments on the difference Use Cases you evoked:<br>
===========<br>
"1) the call center agents trigger the CIBA request using the
MSISDN they see on their telephone. Their Backend is then using
client_id/client_secret to authenticate to the OP and CIBA
delivers the id_token to the RP with further user claims."<br>
<br>
=> OK, I understand your point which can be extended to "get an
accessToken" to access User Resources. But some question should be
raised in this context, if a consent is needed (which is generally
not described in OpenID Connect specifications) to share user
infos, the user would probably be sollicited on his mobile Hanset
already used for the current communication with the call center...<br>
===========<br>
"2) The Bank clerk might know some account number of their
costumer which the bank backend translates into a iss/sub data
(whatever) because there is an account number to iss/sub
relationship that the bank has learned from another interaction of
the customer with the Bank’s system. There might be an access
token from that earlier interaction that the RP (Bank) uses to
authentication the CIBA request."<br>
<br>
=> I don't understand the last part of your example "There
might be an access token from that earlier interaction that the RP
(Bank) uses to authentication the CIBA request.", What do you mean
by this ? In my understanding CIBA does not describe a resource
server protected by an access token.<br>
===========<br>
"- Polish policeman (PP) wants to check driver’s license
which the driver has not present<br>
- PP logs into government website (RP) and enters drivers
mobile number<br>
- RP sends CIBA to OP which sends request to AD
binding_message=”PP Szydło wants to check your driver’s license”<br>
- OP sends binding_message to RP which is shown to PP
too.<br>
- User sees message “PP Szydło wants to check your
driver’s license”, checks Name PP’s device and consents<br>
- OP notifies RP of consent<br>
- RP retrieves driver’s picture and validity data of
licence from its DB<br>
- RP sends data to PP who compares the picture and now
knows the validity of the driver’s license without giving away too
much data"<br>
<br>
=> In my understanding, binding_message is not designed for
that king of purpose. binding_message has been described to
provide a way to interlock (pair) two screens (or 2 channels) the
authentiation device and the consumption device or channel
(binding_message could be revealed by an RP operator on phone for
example).<br>
<br>
The use case you proposed is a typical Use case for which User
Questioning has been written :<br>
- One RP wants to ask a question to a user ("PP Szydło wants
to check your driver’s license <do you agree ?>") and to get
the user's answer in order to take a decision ("RP retrieves
driver’s picture and validity data of licence from its DB" and "RP
sends data to PP").<br>
<br>
In my understanding, CIBA is not intented to be used : <br>
- to question the user <br>
- to get the user's answer to a specific question<br>
===========</p>
<p>BR,</p>
<p>Charles.<br>
</p>
<br>
<div class="moz-cite-prefix">Le 30/11/2016 à 14:53,
<a class="moz-txt-link-abbreviated" href="mailto:Axel.Nennker@telekom.de">Axel.Nennker@telekom.de</a> a écrit :<br>
</div>
<blockquote
cite="mid:a6de81d0fc1046269223e98751ac6c32@HE101654.emea1.cds.t-internal.com"
type="cite">
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<meta name="Generator" content="Microsoft Word 14 (filtered
medium)">
<style><!--
/* Font Definitions */
@font-face
{font-family:Wingdings;
panose-1:5 0 0 0 0 0 0 0 0 0;}
@font-face
{font-family:Wingdings;
panose-1:5 0 0 0 0 0 0 0 0 0;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Tahoma;
panose-1:2 11 6 4 3 5 4 4 2 4;}
@font-face
{font-family:Consolas;
panose-1:2 11 6 9 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0cm;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Times New Roman","serif";
color:black;}
p.MsoList, li.MsoList, div.MsoList
{mso-style-priority:99;
margin-top:0cm;
margin-right:0cm;
margin-bottom:0cm;
margin-left:14.15pt;
margin-bottom:.0001pt;
text-indent:-14.15pt;
font-size:11.0pt;
font-family:"Calibri","sans-serif";}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
p.MsoPlainText, li.MsoPlainText, div.MsoPlainText
{mso-style-priority:99;
mso-style-link:"Plain Text Char";
margin:0cm;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri","sans-serif";}
pre
{mso-style-priority:99;
mso-style-link:"HTML Preformatted Char";
margin:0cm;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Times New Roman","serif";
color:black;}
p.MsoAcetate, li.MsoAcetate, div.MsoAcetate
{mso-style-priority:99;
mso-style-link:"Balloon Text Char";
margin:0cm;
margin-bottom:.0001pt;
font-size:8.0pt;
font-family:"Tahoma","sans-serif";
color:black;}
p.MsoListParagraph, li.MsoListParagraph, div.MsoListParagraph
{mso-style-priority:34;
margin-top:0cm;
margin-right:0cm;
margin-bottom:0cm;
margin-left:36.0pt;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Times New Roman","serif";
color:black;}
span.HTMLPreformattedChar
{mso-style-name:"HTML Preformatted Char";
mso-style-priority:99;
mso-style-link:"HTML Preformatted";
font-family:Consolas;
color:black;}
span.BalloonTextChar
{mso-style-name:"Balloon Text Char";
mso-style-priority:99;
mso-style-link:"Balloon Text";
font-family:"Tahoma","sans-serif";
color:black;}
span.HTMLVorformatiertZchn
{mso-style-name:"HTML Vorformatiert Zchn";
mso-style-priority:99;
mso-style-link:"HTML Vorformatiert";
font-family:Consolas;
color:black;}
p.HTMLVorformatiert, li.HTMLVorformatiert, div.HTMLVorformatiert
{mso-style-name:"HTML Vorformatiert";
mso-style-link:"HTML Vorformatiert Zchn";
margin:0cm;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Times New Roman","serif";
color:black;}
span.SprechblasentextZchn
{mso-style-name:"Sprechblasentext Zchn";
mso-style-priority:99;
mso-style-link:Sprechblasentext;
font-family:"Tahoma","sans-serif";
color:black;}
p.Sprechblasentext, li.Sprechblasentext, div.Sprechblasentext
{mso-style-name:Sprechblasentext;
mso-style-link:"Sprechblasentext Zchn";
margin:0cm;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Times New Roman","serif";
color:black;}
span.EmailStyle27
{mso-style-type:personal;
font-family:"Calibri","sans-serif";
color:#1F497D;}
span.EmailStyle28
{mso-style-type:personal;
font-family:"Calibri","sans-serif";
color:#1F497D;}
span.EmailStyle29
{mso-style-type:personal;
font-family:"Calibri","sans-serif";
color:#1F497D;}
span.EmailStyle30
{mso-style-type:personal;
font-family:"Calibri","sans-serif";
color:#1F497D;}
span.EmailStyle31
{mso-style-type:personal;
font-family:"Calibri","sans-serif";
color:#1F497D;}
span.PlainTextChar
{mso-style-name:"Plain Text Char";
mso-style-priority:99;
mso-style-link:"Plain Text";
font-family:"Calibri","sans-serif";}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page WordSection1
{size:612.0pt 792.0pt;
margin:70.85pt 70.85pt 2.0cm 70.85pt;}
div.WordSection1
{page:WordSection1;}
/* List Definitions */
@list l0
{mso-list-id:694885109;
mso-list-type:hybrid;
mso-list-template-ids:-1565853576 -1168225884 67698691 67698693 67698689 67698691 67698693 67698689 67698691 67698693;}
@list l0:level1
{mso-level-start-at:0;
mso-level-number-format:bullet;
mso-level-text:-;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;
font-family:"Calibri","sans-serif";
mso-fareast-font-family:Calibri;
mso-bidi-font-family:"Times New Roman";}
@list l0:level2
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;
font-family:"Courier New";}
@list l0:level3
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;
font-family:Wingdings;}
@list l0:level4
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;
font-family:Symbol;}
@list l0:level5
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;
font-family:"Courier New";}
@list l0:level6
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;
font-family:Wingdings;}
@list l0:level7
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;
font-family:Symbol;}
@list l0:level8
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;
font-family:"Courier New";}
@list l0:level9
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;
font-family:Wingdings;}
@list l1
{mso-list-id:898173967;
mso-list-type:hybrid;
mso-list-template-ids:-1618818422 67698689 67698691 67698693 67698689 67698691 67698693 67698689 67698691 67698693;}
@list l1:level1
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;
font-family:Symbol;}
@list l1:level2
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;
font-family:"Courier New";}
@list l1:level3
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;
font-family:Wingdings;}
@list l1:level4
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;
font-family:Symbol;}
@list l1:level5
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;
font-family:"Courier New";}
@list l1:level6
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;
font-family:Wingdings;}
@list l1:level7
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;
font-family:Symbol;}
@list l1:level8
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;
font-family:"Courier New";}
@list l1:level9
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;
font-family:Wingdings;}
@list l2
{mso-list-id:1043335699;
mso-list-type:hybrid;
mso-list-template-ids:1833570928 67698705 67698713 67698715 67698703 67698713 67698715 67698703 67698713 67698715;}
@list l2:level1
{mso-level-text:"%1\)";
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;}
@list l2:level2
{mso-level-number-format:alpha-lower;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;}
@list l2:level3
{mso-level-number-format:roman-lower;
mso-level-tab-stop:none;
mso-level-number-position:right;
text-indent:-9.0pt;}
@list l2:level4
{mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;}
@list l2:level5
{mso-level-number-format:alpha-lower;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;}
@list l2:level6
{mso-level-number-format:roman-lower;
mso-level-tab-stop:none;
mso-level-number-position:right;
text-indent:-9.0pt;}
@list l2:level7
{mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;}
@list l2:level8
{mso-level-number-format:alpha-lower;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;}
@list l2:level9
{mso-level-number-format:roman-lower;
mso-level-tab-stop:none;
mso-level-number-position:right;
text-indent:-9.0pt;}
@list l3
{mso-list-id:1838300227;
mso-list-type:hybrid;
mso-list-template-ids:1326248606 179480060 67698691 67698693 67698689 67698691 67698693 67698689 67698691 67698693;}
@list l3:level1
{mso-level-start-at:6;
mso-level-number-format:bullet;
mso-level-text:-;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;
font-family:"Calibri","sans-serif";
mso-fareast-font-family:Calibri;
mso-bidi-font-family:"Times New Roman";}
@list l3:level2
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;
font-family:"Courier New";}
@list l3:level3
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;
font-family:Wingdings;}
@list l3:level4
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;
font-family:Symbol;}
@list l3:level5
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;
font-family:"Courier New";}
@list l3:level6
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;
font-family:Wingdings;}
@list l3:level7
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;
font-family:Symbol;}
@list l3:level8
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;
font-family:"Courier New";}
@list l3:level9
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;
font-family:Wingdings;}
ol
{margin-bottom:0cm;}
ul
{margin-bottom:0cm;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
<div class="WordSection1">
<p class="MsoPlainText">I an email to GSMA I suggested to
discuss whether it is worthwhile reversing the direction of
binding_message.<o:p></o:p></p>
<p class="MsoPlainText"><o:p> </o:p></p>
<p class="MsoPlainText">The reasoning is:<o:p></o:p></p>
<p class="MsoPlainText"><o:p> </o:p></p>
<p class="MsoPlainText">I think that the OP knows better what
the AD can display.
<o:p></o:p></p>
<p class="MsoPlainText"><o:p> </o:p></p>
<p class="MsoPlainText">After receiving the CIBA request the OP
determines the channel and AD capabilities (like USSD and SIM
Toolkit) and sends the binding_message to the AD and the RP in
the CIBA Authentication Request Response.<o:p></o:p></p>
<p class="MsoPlainText"><o:p> </o:p></p>
<p class="MsoPlainText">The same suggestion was raised by Arne
during a GSMA CPAS call this morning.<o:p></o:p></p>
<p class="MsoPlainText"><o:p> </o:p></p>
<p class="MsoPlainText">// Axel<o:p></o:p></p>
<p class="MsoPlainText"><o:p> </o:p></p>
<p class="MsoPlainText">Here some use case describing this<o:p></o:p></p>
<p class="MsoPlainText"
style="margin-left:36.0pt;text-indent:-18.0pt;mso-list:l0
level1 lfo6">
<!--[if !supportLists]--><span style="mso-list:Ignore">-<span
style="font:7.0pt "Times New Roman"">
</span></span><!--[endif]-->Polish policeman (PP) wants to
check driver’s license which the driver has not present<o:p></o:p></p>
<p class="MsoPlainText"
style="margin-left:36.0pt;text-indent:-18.0pt;mso-list:l0
level1 lfo6">
<!--[if !supportLists]--><span style="mso-list:Ignore">-<span
style="font:7.0pt "Times New Roman"">
</span></span><!--[endif]-->PP logs into government website
(RP) and enters drivers mobile number<o:p></o:p></p>
<p class="MsoPlainText"
style="margin-left:36.0pt;text-indent:-18.0pt;mso-list:l0
level1 lfo6">
<!--[if !supportLists]--><span style="mso-list:Ignore">-<span
style="font:7.0pt "Times New Roman"">
</span></span><!--[endif]-->RP sends CIBA to OP which sends
request to AD binding_message=”PP Szydło wants to check your
driver’s license”<o:p></o:p></p>
<p class="MsoPlainText" style="margin-left:36.0pt">OP sends
binding_message to RP which is shown to PP too.<o:p></o:p></p>
<p class="MsoPlainText"
style="margin-left:36.0pt;text-indent:-18.0pt;mso-list:l0
level1 lfo6">
<!--[if !supportLists]--><span style="mso-list:Ignore">-<span
style="font:7.0pt "Times New Roman"">
</span></span><!--[endif]-->User sees message “PP Szydło
wants to check your driver’s license”, checks Name PP’s device
and consents
<o:p></o:p></p>
<p class="MsoPlainText"
style="margin-left:36.0pt;text-indent:-18.0pt;mso-list:l0
level1 lfo6">
<!--[if !supportLists]--><span style="mso-list:Ignore">-<span
style="font:7.0pt "Times New Roman"">
</span></span><!--[endif]-->OP notifies RP of consent<o:p></o:p></p>
<p class="MsoPlainText"
style="margin-left:36.0pt;text-indent:-18.0pt;mso-list:l0
level1 lfo6">
<!--[if !supportLists]--><span style="mso-list:Ignore">-<span
style="font:7.0pt "Times New Roman"">
</span></span><!--[endif]-->RP retrieves driver’s picture
and validity data of licence from its DB<o:p></o:p></p>
<p class="MsoPlainText"
style="margin-left:36.0pt;text-indent:-18.0pt;mso-list:l0
level1 lfo6">
<!--[if !supportLists]--><span style="mso-list:Ignore">-<span
style="font:7.0pt "Times New Roman"">
</span></span><!--[endif]-->RP sends data to PP who compares
the picture and now knows the validity of the driver’s license
without giving away too much data<o:p></o:p></p>
<p class="MsoPlainText"><o:p> </o:p></p>
<p class="MsoPlainText"><o:p> </o:p></p>
</div>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
Openid-specs-mobile-profile mailing list
<a class="moz-txt-link-abbreviated" href="mailto:Openid-specs-mobile-profile@lists.openid.net">Openid-specs-mobile-profile@lists.openid.net</a>
<a class="moz-txt-link-freetext" href="http://lists.openid.net/mailman/listinfo/openid-specs-mobile-profile">http://lists.openid.net/mailman/listinfo/openid-specs-mobile-profile</a>
</pre>
</blockquote>
<br>
<div class="moz-signature">-- <br>
<font face="TIMES"><font size="2">
<img src="cid:part1.2AC3D911.B8A3D7DC@orange.com" <br="">
<font color="BLACK">
<br>
<b> MARAIS Charles </b><br>
<b> Orange Labs Lannion</b></font><br>
Tel : +33 (0)2 96 07 24 18 <br>
<a href="mailto:charles.marais@orange.com">charles.marais@orange.com</a><br>
Orange Labs Lannion <br>
2, avenue Pierre Marzin <br>
22307 LANNION Cedex - France
<br>
<br>
<br>
</font></font></div>
<PRE>_________________________________________________________________________________________________________________________
Ce message et ses pieces jointes peuvent contenir des informations confidentielles ou privilegiees et ne doivent donc
pas etre diffuses, exploites ou copies sans autorisation. Si vous avez recu ce message par erreur, veuillez le signaler
a l'expediteur et le detruire ainsi que les pieces jointes. Les messages electroniques etant susceptibles d'alteration,
Orange decline toute responsabilite si ce message a ete altere, deforme ou falsifie. Merci.
This message and its attachments may contain confidential or privileged information that may be protected by law;
they should not be distributed, used or copied without authorisation.
If you have received this email in error, please notify the sender and delete this message and its attachments.
As emails may be altered, Orange is not liable for messages that have been modified, changed or falsified.
Thank you.
</PRE></body>
</html>