Agenda

Antitrust Policy

• PR #182 split - info.description template review (part 3 of 3) #214 @Tanja de Groot review requested

• Create an Alpha Release #235

• Add VERSION.yaml file #339 commonalities and ICM

• Allow to use operator token for device authentication in OpenID Auth code flow #232

• Add Signed Request Object section to CAMARA Security and Interoperability Profile #233

• Consistent User Authentication and Consent Collection #229 and Controlling User Interaction #228
  Related to Authentication method in authorization code flow #215

• Should all login_hint formats be supported by an implementation? #227

• Other PRs

• Other Issues

Please comment on all our open issues and comment on the open PRs. Thank you.

Minutes

login_hint discussion

@Elisabeth Mueller Example: visited network and ip addresses pointing to the wrong network/operator.

Elisabeth describes the benefits of operator token. Example NumberVerfication in a visited network.

API providers should be allowed to use login_hint in OIDC authorization code flow.

@Huub Appelboom KPN is using login_hint

@Jorge Garcia Hospital and @Elisabeth Mueller discuss operator token, numberverification and the relationship with networkbased-authentication.

@Elisabeth Mueller TEF is spot-on, operator token solves the problem that networkbased-authentication does not work on WiFI.

@Elisabeth Mueller If the API provider has a operator then do not do network-authentication but use the operator token which was created in a secure and proven way from the SIM.

@Jorge Garcia Hospital TEF is doing a new internal review on authoritzation code flow and login_hint and operator token.

prompt=consent

@Mark Cornall GSMA said that GSMA working group Operator Platform Group will be looking at consent in it’s next round of work. This will also involve the OGW TG subgroup as well. We will need to be careful to capture all our requirements and avoid overlap.

Action items