Agenda

Antitrust Policy

• PR #182 split - info.description template review (part 3 of 3) #214 Tanja de Groot review requested

• Create an Alpha Release #235

• Add VERSION.yaml file #339 commonalities and ICM

• Allow to use operator token for device authentication in OpenID Auth code flow #232

• Add Signed Request Object section to CAMARA Security and Interoperability Profile #233

• Consistent User Authentication and Consent Collection #229 and Controlling User Interaction #228
  Related to Authentication method in authorization code flow #215

• Should all login_hint formats be supported by an implementation? #227

• Other PRs

• Other Issues

Please comment on all our open issues and comment on the open PRs. Thank you.

Minutes

login_hint discussion

Elisabeth Mueller Example: visited network and ip addresses pointing to the wrong network/operator.

Elisabeth describes the benefits of operator token. Example NumberVerfification NumberVerfication in a visited network.

API providers should be allowed to use login_hint in OIDC authorization code flow.

Huub Appelboom KPN is using login_hint

Jorge Garcia Hospital and Elisabeth Mueller discuss operator token, numberverification and the relationship with networkbased-authentication.

Elisabeth Mueller TEF is spot-on, operator token solves the problem that networkbased-authentication does not work on WiFI.

Elisabeth Mueller If the API provider has a operator then do not do network-authentication but use the operator token which was created in a secure and proven way from the SIM.

Jorge Garcia Hospital TEF is doing a new internal review on authoritzation code flow and login_hint and operator token.

prompt=consent

GSMA …

Action items