Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.
MODRNA WG
The interface of MODRNA (Mobile Profile of OpenID Connect) and GSMA Mobile
Connect
October 16, 2017
Bjorn Hjelm
...
Purpose
• Support GSMA technical development of
Mobile Connect
• Enable Mobile Network Operators (MNOs) to
become Identity...
Participants
What is Mobile Connect?
• Mobile phone number as user identifier
• Mobile phone as authenticator
• MNO as authentication/i...
Example Use Case
Towards Mobile Connect
Services Enabler model
Mobile Connect
Reference Architecture
2. The service provider requests the
authenticating operator from the API
Exchange.
...
MODRNA WG
2. The service provider requests the
authenticating operator from the API
Exchange.
3. The service provider make...
MODRNA Specifications
• Discovery
– http://openid.net/specs/openid-connect-modrna-authentication-1_0.html
– Dedicated disc...
Auxiliary MODRNA Work
• Client Initiated Backchannel Authentication
– http://openid.net/specs/openid-connect-modrna-client...
MODRNA WG Status
• Following four specifications approved as Implementer’s Draft (May 2017).
– MODRNA Authentication Profi...
MODRNA - GSMA CPAS
Status
• Established a Governance Process for how Mobile Connect will reference and
adopt MODRNA spec.
...
Thank you
http://openid.net/wg/mobile/
Upcoming SlideShare
Loading in …5
×

OpenID Foundation MODRNA WG Update

2,723 views

Published on

OpenID Foundation MODRNA WG update presented at OpenID Foundation Workshop at PayPal in San Jose, CA on Oct. 16, 2017.

Published in: Technology
  • Be the first to comment

  • Be the first to like this

OpenID Foundation MODRNA WG Update

  1. 1. MODRNA WG The interface of MODRNA (Mobile Profile of OpenID Connect) and GSMA Mobile Connect October 16, 2017 Bjorn Hjelm Verizon John Bradley Yubico http://openid.net/wg/mobile/
  2. 2. Purpose • Support GSMA technical development of Mobile Connect • Enable Mobile Network Operators (MNOs) to become Identity Providers • Developing (1) a profile of and (2) an extension to OpenID Connect for use by MNOs providing identity services.
  3. 3. Participants
  4. 4. What is Mobile Connect? • Mobile phone number as user identifier • Mobile phone as authenticator • MNO as authentication/identity provider • Replace passwords and hardware security tokens
  5. 5. Example Use Case
  6. 6. Towards Mobile Connect Services Enabler model
  7. 7. Mobile Connect Reference Architecture 2. The service provider requests the authenticating operator from the API Exchange. 3. The service provider makes a request for authentication. 4. The operator selects the appropriate authenticator depending on the request for assurance and capabilities 1. The user clicks on a Mobile Connect button to access a service. • SIM Applet • USSD • SMS • Smartphone App • FIDO MNO Service access request Authentication Service Provider Authentication request Authentication server Identity Gateway MNO Discovery
  8. 8. MODRNA WG 2. The service provider requests the authenticating operator from the API Exchange. 3. The service provider makes a request for authentication. 4. The operator selects the appropriate authenticator depending on the request for assurance and capabilities 1. The user clicks on a Mobile Connect button to access a service. • SIM Applet • USSD • SMS • Smartphone App • FIDO MNO Service access request Authentication Service Provider Authentication request Authentication server Identity Gateway MNO Discovery 1 2 3 Set up credentials
  9. 9. MODRNA Specifications • Discovery – http://openid.net/specs/openid-connect-modrna-authentication-1_0.html – Dedicated discovery service – Account Chooser integration • Client Registration – http://openid.net/wordpress-content/uploads/2014/04/draft-mobile-registration-01.html – OIDC Dynamic Client Registration with software statements (RFC 7591) – Mandatory claims in the statements – Signature algorithms – Lifecycle management, e.g. revocation of statements/blocking of RPs • Authentication – http://openid.net/wordpress-content/uploads/2014/04/draft-mobile-discovery-01.html – ACR values – Additional parameters
  10. 10. Auxiliary MODRNA Work • Client Initiated Backchannel Authentication – http://openid.net/specs/openid-connect-modrna-client-initiated-backchannel-authentication- 1_0.html – Mechanism to perform authentication (out-of-band) when there is no user agent available and the authentication process needs to initiated via server-to-server communication • User Questioning API – http://openid.net/specs/openid-connect-user-questioning-api-1_0.html – Mechanism to perform transaction authorizations. Define additional OpenID Connect endpoint (Resource Server) that RP would use (server-to-server) to initiate transaction authorization processes • Account Porting – http://openid.net/specs/openid-connect-account-porting-1_0.html – Mechanism to allow the migration of user account from old to new OP – Protocol allowing new OP to obtain the necessary user data from the old OP and provide every RP with the necessary data to migrate the RP's local user account data in a secure way
  11. 11. MODRNA WG Status • Following four specifications approved as Implementer’s Draft (May 2017). – MODRNA Authentication Profile – Account Porting – User Questioning API – Client Initiated Backchannel Authentication • Collaboration with Financial API (FAPI) WG on use cases, Mobile Connect, Backchannel Authentication, and Dynamic Client Registration. – Joint face-to-face meeting with FAPI WG planned for Nov. in London. • Collaboration with International Government Assurance (iGov) WG on Attribute Exchange using NIST IR 8112 Attribute Metadata as guideline.
  12. 12. MODRNA - GSMA CPAS Status • Established a Governance Process for how Mobile Connect will reference and adopt MODRNA spec. – Process outlines how Mobile Connect specs. handle Implementer’s Draft and Published specs. • Collaboration with GSMA includes joint MODRNA – GSMA CPAS technical workshop held twice a year with significant progress achieved. – Recent (May 2017) workshop focused on the development of Client Initiated Backchannel Authentication spec. • Active work on aligning priorities and roadmap between both organizations. • Services Enabler model and evolved Mobile Connect architecture in Release 3 targeted for 2018. – MODRNA Discovery Profile spec. proposal for discovery functionality. – Dynamic client registration with software statements (RFC 7591) for credential management.
  13. 13. Thank you http://openid.net/wg/mobile/

×