Community Attendees:
Toyeeb Rehman Pierre Close Mark Cornall Axel Nennker Shilpa Padgaonkar Ola Ajibola Jan Friman
Elisabeth Mueller Bjorn Hjelm
LF Staff:
Agenda
Antitrust Policy
PR #182 split - info.description template review (part 3 of 3) #214 Tanja de Groot review requested
Add VERSION.yaml file #339 commonalities and ICM
Allow to use operator token for device authentication in OpenID Auth code flow #232
Add Signed Request Object section to CAMARA Security and Interoperability Profile #233
Consistent User Authentication and Consent Collection #229 and Controlling User Interaction #228
Related to Authentication method in authorization code flow #215Should all login_hint formats be supported by an implementation? #227
Please comment on all our open issues and comment on the open PRs. Thank you.
Minutes
Topic 1
Commentslogin_hint discussion
Elisabeth Mueller Example: visited network and ip addresses pointing to the wrong network/operator.
Elisabeth describes the benefits of operator token. Example NumberVerfication in a visited network.
API providers should be allowed to use login_hint in OIDC authorization code flow.
Huub Appelboom KPN is using login_hint
Jorge Garcia Hospital and Elisabeth Mueller discuss operator token, numberverification and the relationship with networkbased-authentication.
Elisabeth Mueller TEF is spot-on, operator token solves the problem that networkbased-authentication does not work on WiFI.
Elisabeth Mueller If the API provider has a operator then do not do network-authentication but use the operator token which was created in a secure and proven way from the SIM.
Jorge Garcia Hospital TEF is doing a new internal review on authoritzation code flow and login_hint and operator token.
prompt=consent
Mark Cornall GSMA said that GSMA working group Operator Platform Group will be looking at consent in it’s next round of work. This will also involve the OGW TG subgroup as well. We will need to be careful to capture all our requirements and avoid overlap.