SlideShare a Scribd company logo
MODRNA WG
The interface of MODRNA (Mobile Profile of OpenID Connect) and GSMA Mobile
Connect
October 22, 2018
Bjorn Hjelm
Verizon
John Bradley
Yubico
http://openid.net/wg/mobile/
Purpose
• Support GSMA technical development of
Mobile Connect
• Enable Mobile Network Operators (MNOs) to
become Identity Providers
• Developing (1) a profile of and (2) an
extension to OpenID Connect for use by MNOs
providing identity services.
Participants
What is Mobile Connect?
• Mobile phone number as user identifier
• Mobile phone as authenticator
• MNO as authentication/identity provider
• Replace passwords and hardware security
tokens
Example Use Case
Mobile Connect Portfolio
Roadmap
Mobile Connect
Reference Architecture
2. The service provider requests the
authenticating operator from the API
Exchange.
3. The service provider makes a
request for authentication.
4. The operator selects the appropriate
authenticator depending on the request for
assurance and capabilities
1. The user clicks on a Mobile
Connect button to access a
service.
• SIM Applet
• USSD
• SMS
• Smartphone App
• FIDO
MNO
Service access request
Authentication
Service Provider
Authentication
request
Authentication
server
Identity
Gateway
MNO Discovery
MODRNA WG
2. The service provider requests the
authenticating operator from the API
Exchange.
3. The service provider makes a
request for authentication.
4. The operator selects the appropriate
authenticator depending on the request for
assurance and capabilities
1. The user clicks on a Mobile
Connect button to access a
service.
• SIM Applet
• USSD
• SMS
• Smartphone App
• FIDO
MNO
Service access request
Authentication
Service Provider
Authentication
request
Authentication
server
Identity
Gateway
MNO Discovery
1
2 3
Set up
credentials
MODRNA Specifications
• Discovery
– http://openid.net/wordpress-content/uploads/2014/04/draft-mobile-discovery-01.html
– Specifies a way to normalize a user identifier applicable to a mobile environment and MNO.
The specification defines discovery flow for both web and native applications residing on
mobile device.
• Client Registration
– http://openid.net/wordpress-content/uploads/2014/04/draft-mobile-registration-01.html
– Defines how a RP dynamically registers with a MNO by extending the OIDC Dynamic Client
Registration with software statements (RFC 7591).
• Authentication
– http://openid.net/specs/openid-connect-modrna-authentication-1_0.html
– Specify how RP’s request a certain level of assurance (LoA) for the authentication and an
encrypted login hint token to allow for the transport of user identifiers to the MNO in a
privacy preserving fashion. The specification also specify an additional message parameter to
bind the user’s consumption device and authentication device.
Auxiliary MODRNA Work
• User Questioning API
– http://openid.net/specs/openid-connect-user-questioning-api-1_0.html
– Defines a mechanism to perform transaction authorizations. Define
additional OpenID Connect endpoint (Resource Server) that RP would use
(server-to-server) to initiate transaction authorization processes.
• Account Porting
– http://openid.net/specs/openid-connect-account-porting-1_0.html
– Defines a mechanism to allow the migration of user account from old to new
OP.
– Protocol allowing new OP to obtain the necessary user data from the old OP
and provide every RP with the necessary data to migrate the RP's local user
account data in a secure way.
CIBA Development
• Initial work on Client Initiated Backchannel Authentication (CIBA) specification started
to define a mechanism to perform authentication (out-of-band) when there is no user
agent available and the authentication process needs to initiated via server-to-server
communication.
– CIBA specification approved as Implementer’s Draft in May 2017.
• As part of the collaboration with Financial-grade API (FAPI) WG, the CIBA specification
will be spilt into two specifications to support multiple use cases.
– The CIBA Core specification defines the flows where the RP initiates an authentication (out-of-band) when
there is no user agent available and the authentication process needs to initiated via server-to-server
communication.
– The MODRNA: Client Initiated Backchannel Authentication Profile addresses the MODRNA requirements for
CIBA.
• Working group scheduled extra calls to resolve open issue with the plan to have the
specifications ready for Implementer’s Draft end of October.
MODRNA WG Status
• CIBA development a priority for the group to get specs. ready for Implementer’s
Draft.
• Discovery Profile progressing towards Implementer’s Draft status in support of
market deployment.
– U.S. deployment to support mobile-based authentication is leveraging the MODRNA Discovery
specification.
• Account Porting discussion taking place to address options in the first part of the
porting flow.
– The first stage for a porting event is for the New OP to get confirmation from the Old OP that
the user wants to port and discussions focused on what can be leveraged from existing MNO
porting events to start the porting process.
• Plan to progress Authentication Profile towards Final Specification.
– Effort planned for Nov-Dec after CIBA development has been either completed or progressed
enough to allocate time for this effort.
MODRNA - GSMA CPAS
Status
• User Questioning API being adopted by Mobile Connect as an enabler
based on work done in MODRNA WG.
– Mobile Connect product definition and technical effort led by Orange.
• Possible impact to Mobile Connect from new CIBA development.
– Mobile Connect currently support back-channel authentication in the Server-
initiated Profile specification.
• New work started to add support in Mobile Connect for Token Binding.
– Based on recent IETF approved RFCs and work aligning with OpenID Connect
Token Bound Authentication spec. in EAP (Enhanced Authentication Profile)
WG.
– Token Binding also considered and supported by MNO community.
Thank you
http://openid.net/wg/mobile/

More Related Content

What's hot

Open Banking via APIc 2018
Open Banking via APIc 2018Open Banking via APIc 2018
Open Banking via APIc 2018
Shiu-Fun Poon
 
What's new in API Connect and DataPower - 2019
What's new in API Connect and DataPower - 2019What's new in API Connect and DataPower - 2019
What's new in API Connect and DataPower - 2019
IBM DataPower Gateway
 
[WSO2Con EU 2017] How API Management at Suva is Helping in Reducing Costs to ...
[WSO2Con EU 2017] How API Management at Suva is Helping in Reducing Costs to ...[WSO2Con EU 2017] How API Management at Suva is Helping in Reducing Costs to ...
[WSO2Con EU 2017] How API Management at Suva is Helping in Reducing Costs to ...
WSO2
 
API and Microservices Management
API and Microservices ManagementAPI and Microservices Management
API and Microservices Management
IBM DataPower Gateway
 
Open Standards For Social Business Apps
Open Standards For Social Business AppsOpen Standards For Social Business Apps
Open Standards For Social Business Apps
IBM Connections Developers
 
Open Banking via API Connect & DataPower
Open Banking via API Connect & DataPowerOpen Banking via API Connect & DataPower
Open Banking via API Connect & DataPower
IBM DataPower Gateway
 
NFC-based User Authentication Mechanisms for Personalized IPTV Services
NFC-based User Authentication Mechanisms for Personalized IPTV ServicesNFC-based User Authentication Mechanisms for Personalized IPTV Services
NFC-based User Authentication Mechanisms for Personalized IPTV Services
Chun-Kai Wang
 
[WSO2Con EU 2017] Keynote: Mobile Identity in the Digital Economy
[WSO2Con EU 2017] Keynote: Mobile Identity in the Digital Economy[WSO2Con EU 2017] Keynote: Mobile Identity in the Digital Economy
[WSO2Con EU 2017] Keynote: Mobile Identity in the Digital Economy
WSO2
 
API-first Integration for Microservices
API-first Integration for MicroservicesAPI-first Integration for Microservices
API-first Integration for Microservices
WSO2
 

What's hot (9)

Open Banking via APIc 2018
Open Banking via APIc 2018Open Banking via APIc 2018
Open Banking via APIc 2018
 
What's new in API Connect and DataPower - 2019
What's new in API Connect and DataPower - 2019What's new in API Connect and DataPower - 2019
What's new in API Connect and DataPower - 2019
 
[WSO2Con EU 2017] How API Management at Suva is Helping in Reducing Costs to ...
[WSO2Con EU 2017] How API Management at Suva is Helping in Reducing Costs to ...[WSO2Con EU 2017] How API Management at Suva is Helping in Reducing Costs to ...
[WSO2Con EU 2017] How API Management at Suva is Helping in Reducing Costs to ...
 
API and Microservices Management
API and Microservices ManagementAPI and Microservices Management
API and Microservices Management
 
Open Standards For Social Business Apps
Open Standards For Social Business AppsOpen Standards For Social Business Apps
Open Standards For Social Business Apps
 
Open Banking via API Connect & DataPower
Open Banking via API Connect & DataPowerOpen Banking via API Connect & DataPower
Open Banking via API Connect & DataPower
 
NFC-based User Authentication Mechanisms for Personalized IPTV Services
NFC-based User Authentication Mechanisms for Personalized IPTV ServicesNFC-based User Authentication Mechanisms for Personalized IPTV Services
NFC-based User Authentication Mechanisms for Personalized IPTV Services
 
[WSO2Con EU 2017] Keynote: Mobile Identity in the Digital Economy
[WSO2Con EU 2017] Keynote: Mobile Identity in the Digital Economy[WSO2Con EU 2017] Keynote: Mobile Identity in the Digital Economy
[WSO2Con EU 2017] Keynote: Mobile Identity in the Digital Economy
 
API-first Integration for Microservices
API-first Integration for MicroservicesAPI-first Integration for Microservices
API-first Integration for Microservices
 

Similar to OpenID Foundation MODRNA WG Update

An Overview of the interface of MODRNA and GSMA Mobile Connect
An Overview of the interface of MODRNA and GSMA Mobile ConnectAn Overview of the interface of MODRNA and GSMA Mobile Connect
An Overview of the interface of MODRNA and GSMA Mobile Connect
Bjorn Hjelm
 
OpenID Foundation MODRNA WG Update
OpenID Foundation MODRNA WG UpdateOpenID Foundation MODRNA WG Update
OpenID Foundation MODRNA WG Update
Bjorn Hjelm
 
OpenID Foundation MODRNA WG Update
OpenID Foundation MODRNA WG UpdateOpenID Foundation MODRNA WG Update
OpenID Foundation MODRNA WG Update
Bjorn Hjelm
 
OpenID Foundation MODRNA WG Overview
OpenID Foundation MODRNA WG OverviewOpenID Foundation MODRNA WG Overview
OpenID Foundation MODRNA WG Overview
Bjorn Hjelm
 
OpenID Foundation MODRNA WG overview at EIC 2018
OpenID Foundation MODRNA WG overview at EIC 2018OpenID Foundation MODRNA WG overview at EIC 2018
OpenID Foundation MODRNA WG overview at EIC 2018
Bjorn Hjelm
 
OpenID Foundation MODRNA WG overview at EIC 2019
OpenID Foundation MODRNA WG overview at EIC 2019OpenID Foundation MODRNA WG overview at EIC 2019
OpenID Foundation MODRNA WG overview at EIC 2019
Bjorn Hjelm
 
OpenID Connect: The Mobile Profile
OpenID Connect: The Mobile ProfileOpenID Connect: The Mobile Profile
OpenID Connect: The Mobile Profile
Bjorn Hjelm
 
Mobile Network Operators and Identity – Crossing the Chasm
Mobile Network Operators and Identity – Crossing the ChasmMobile Network Operators and Identity – Crossing the Chasm
Mobile Network Operators and Identity – Crossing the Chasm
Bjorn Hjelm
 
MODRNA WG Update - April 2021
MODRNA WG Update - April 2021MODRNA WG Update - April 2021
MODRNA WG Update - April 2021
Bjorn Hjelm
 
OpenID Foundation MODRNA WG Update
OpenID Foundation MODRNA WG UpdateOpenID Foundation MODRNA WG Update
OpenID Foundation MODRNA WG Update
Bjorn Hjelm
 
MODRNA WG update - OpenID Foundation Workshop at EIC 2022
MODRNA WG update - OpenID Foundation Workshop at EIC 2022MODRNA WG update - OpenID Foundation Workshop at EIC 2022
MODRNA WG update - OpenID Foundation Workshop at EIC 2022
Bjorn Hjelm
 
Overview of the OpenID Foundation's Mobile Profile of OpenID Connect MODRNA WG
Overview of the OpenID Foundation's Mobile Profile of OpenID Connect MODRNA WGOverview of the OpenID Foundation's Mobile Profile of OpenID Connect MODRNA WG
Overview of the OpenID Foundation's Mobile Profile of OpenID Connect MODRNA WG
Bjorn Hjelm
 
MODRNA WG Overview - October 2020
MODRNA WG Overview - October 2020MODRNA WG Overview - October 2020
MODRNA WG Overview - October 2020
Bjorn Hjelm
 
MODRNA WG Update - Apr. 2022
MODRNA WG Update - Apr. 2022MODRNA WG Update - Apr. 2022
MODRNA WG Update - Apr. 2022
Bjorn Hjelm
 
Nfc sfdc mobile_sdk
Nfc sfdc mobile_sdkNfc sfdc mobile_sdk
Nfc sfdc mobile_sdk
Cory Cowgill
 
Small Cells Service
Small Cells ServiceSmall Cells Service
Small Cells Service
Small Cell Forum
 
Camara Application Programming Interface (API) Overview.pdf
Camara Application Programming Interface (API) Overview.pdfCamara Application Programming Interface (API) Overview.pdf
Camara Application Programming Interface (API) Overview.pdf
DimitrisLogothetis10
 
Mobile number protability
Mobile number protability  Mobile number protability
Mobile number protability
Praveen Sidola
 
Project falcon1
Project falcon1Project falcon1
Project falcon1
Shahid Nadeem
 
NFC and the Salesforce Mobile SDK
NFC and the Salesforce Mobile SDKNFC and the Salesforce Mobile SDK
NFC and the Salesforce Mobile SDK
Salesforce Developers
 

Similar to OpenID Foundation MODRNA WG Update (20)

An Overview of the interface of MODRNA and GSMA Mobile Connect
An Overview of the interface of MODRNA and GSMA Mobile ConnectAn Overview of the interface of MODRNA and GSMA Mobile Connect
An Overview of the interface of MODRNA and GSMA Mobile Connect
 
OpenID Foundation MODRNA WG Update
OpenID Foundation MODRNA WG UpdateOpenID Foundation MODRNA WG Update
OpenID Foundation MODRNA WG Update
 
OpenID Foundation MODRNA WG Update
OpenID Foundation MODRNA WG UpdateOpenID Foundation MODRNA WG Update
OpenID Foundation MODRNA WG Update
 
OpenID Foundation MODRNA WG Overview
OpenID Foundation MODRNA WG OverviewOpenID Foundation MODRNA WG Overview
OpenID Foundation MODRNA WG Overview
 
OpenID Foundation MODRNA WG overview at EIC 2018
OpenID Foundation MODRNA WG overview at EIC 2018OpenID Foundation MODRNA WG overview at EIC 2018
OpenID Foundation MODRNA WG overview at EIC 2018
 
OpenID Foundation MODRNA WG overview at EIC 2019
OpenID Foundation MODRNA WG overview at EIC 2019OpenID Foundation MODRNA WG overview at EIC 2019
OpenID Foundation MODRNA WG overview at EIC 2019
 
OpenID Connect: The Mobile Profile
OpenID Connect: The Mobile ProfileOpenID Connect: The Mobile Profile
OpenID Connect: The Mobile Profile
 
Mobile Network Operators and Identity – Crossing the Chasm
Mobile Network Operators and Identity – Crossing the ChasmMobile Network Operators and Identity – Crossing the Chasm
Mobile Network Operators and Identity – Crossing the Chasm
 
MODRNA WG Update - April 2021
MODRNA WG Update - April 2021MODRNA WG Update - April 2021
MODRNA WG Update - April 2021
 
OpenID Foundation MODRNA WG Update
OpenID Foundation MODRNA WG UpdateOpenID Foundation MODRNA WG Update
OpenID Foundation MODRNA WG Update
 
MODRNA WG update - OpenID Foundation Workshop at EIC 2022
MODRNA WG update - OpenID Foundation Workshop at EIC 2022MODRNA WG update - OpenID Foundation Workshop at EIC 2022
MODRNA WG update - OpenID Foundation Workshop at EIC 2022
 
Overview of the OpenID Foundation's Mobile Profile of OpenID Connect MODRNA WG
Overview of the OpenID Foundation's Mobile Profile of OpenID Connect MODRNA WGOverview of the OpenID Foundation's Mobile Profile of OpenID Connect MODRNA WG
Overview of the OpenID Foundation's Mobile Profile of OpenID Connect MODRNA WG
 
MODRNA WG Overview - October 2020
MODRNA WG Overview - October 2020MODRNA WG Overview - October 2020
MODRNA WG Overview - October 2020
 
MODRNA WG Update - Apr. 2022
MODRNA WG Update - Apr. 2022MODRNA WG Update - Apr. 2022
MODRNA WG Update - Apr. 2022
 
Nfc sfdc mobile_sdk
Nfc sfdc mobile_sdkNfc sfdc mobile_sdk
Nfc sfdc mobile_sdk
 
Small Cells Service
Small Cells ServiceSmall Cells Service
Small Cells Service
 
Camara Application Programming Interface (API) Overview.pdf
Camara Application Programming Interface (API) Overview.pdfCamara Application Programming Interface (API) Overview.pdf
Camara Application Programming Interface (API) Overview.pdf
 
Mobile number protability
Mobile number protability  Mobile number protability
Mobile number protability
 
Project falcon1
Project falcon1Project falcon1
Project falcon1
 
NFC and the Salesforce Mobile SDK
NFC and the Salesforce Mobile SDKNFC and the Salesforce Mobile SDK
NFC and the Salesforce Mobile SDK
 

More from Bjorn Hjelm

MODRNA WG Update - Oct 2023
MODRNA WG Update - Oct 2023MODRNA WG Update - Oct 2023
MODRNA WG Update - Oct 2023
Bjorn Hjelm
 
MODRNA WG Update - Apr 2023
MODRNA WG Update - Apr 2023MODRNA WG Update - Apr 2023
MODRNA WG Update - Apr 2023
Bjorn Hjelm
 
MODRNA WG Update - Nov 2022
MODRNA WG Update - Nov 2022MODRNA WG Update - Nov 2022
MODRNA WG Update - Nov 2022
Bjorn Hjelm
 
MODRNA WG update - OpenID Foundation Workshop at EIC 2021
MODRNA WG update - OpenID Foundation Workshop at EIC 2021 MODRNA WG update - OpenID Foundation Workshop at EIC 2021
MODRNA WG update - OpenID Foundation Workshop at EIC 2021
Bjorn Hjelm
 
MODRNA WG Update - Dec 2021
MODRNA WG Update - Dec 2021MODRNA WG Update - Dec 2021
MODRNA WG Update - Dec 2021
Bjorn Hjelm
 
Development of 5G IAM Architecture
Development of 5G IAM ArchitectureDevelopment of 5G IAM Architecture
Development of 5G IAM Architecture
Bjorn Hjelm
 
Development of 5G IAM Architecture
Development of 5G IAM ArchitectureDevelopment of 5G IAM Architecture
Development of 5G IAM Architecture
Bjorn Hjelm
 
NSTIC Panel on Mobile-based Identity and Access Management
NSTIC Panel on Mobile-based Identity and Access ManagementNSTIC Panel on Mobile-based Identity and Access Management
NSTIC Panel on Mobile-based Identity and Access Management
Bjorn Hjelm
 
IIW 27 Wednesday Session 3
IIW 27 Wednesday Session 3IIW 27 Wednesday Session 3
IIW 27 Wednesday Session 3
Bjorn Hjelm
 
Integration of FIDO and Mobile Connect to deliver authentication globally wor...
Integration of FIDO and Mobile Connect to deliver authentication globally wor...Integration of FIDO and Mobile Connect to deliver authentication globally wor...
Integration of FIDO and Mobile Connect to deliver authentication globally wor...
Bjorn Hjelm
 
FIDO and Mobile Connect
FIDO and Mobile ConnectFIDO and Mobile Connect
FIDO and Mobile Connect
Bjorn Hjelm
 

More from Bjorn Hjelm (11)

MODRNA WG Update - Oct 2023
MODRNA WG Update - Oct 2023MODRNA WG Update - Oct 2023
MODRNA WG Update - Oct 2023
 
MODRNA WG Update - Apr 2023
MODRNA WG Update - Apr 2023MODRNA WG Update - Apr 2023
MODRNA WG Update - Apr 2023
 
MODRNA WG Update - Nov 2022
MODRNA WG Update - Nov 2022MODRNA WG Update - Nov 2022
MODRNA WG Update - Nov 2022
 
MODRNA WG update - OpenID Foundation Workshop at EIC 2021
MODRNA WG update - OpenID Foundation Workshop at EIC 2021 MODRNA WG update - OpenID Foundation Workshop at EIC 2021
MODRNA WG update - OpenID Foundation Workshop at EIC 2021
 
MODRNA WG Update - Dec 2021
MODRNA WG Update - Dec 2021MODRNA WG Update - Dec 2021
MODRNA WG Update - Dec 2021
 
Development of 5G IAM Architecture
Development of 5G IAM ArchitectureDevelopment of 5G IAM Architecture
Development of 5G IAM Architecture
 
Development of 5G IAM Architecture
Development of 5G IAM ArchitectureDevelopment of 5G IAM Architecture
Development of 5G IAM Architecture
 
NSTIC Panel on Mobile-based Identity and Access Management
NSTIC Panel on Mobile-based Identity and Access ManagementNSTIC Panel on Mobile-based Identity and Access Management
NSTIC Panel on Mobile-based Identity and Access Management
 
IIW 27 Wednesday Session 3
IIW 27 Wednesday Session 3IIW 27 Wednesday Session 3
IIW 27 Wednesday Session 3
 
Integration of FIDO and Mobile Connect to deliver authentication globally wor...
Integration of FIDO and Mobile Connect to deliver authentication globally wor...Integration of FIDO and Mobile Connect to deliver authentication globally wor...
Integration of FIDO and Mobile Connect to deliver authentication globally wor...
 
FIDO and Mobile Connect
FIDO and Mobile ConnectFIDO and Mobile Connect
FIDO and Mobile Connect
 

Recently uploaded

Bond degree offer diploma Transcript
Bond degree offer diploma TranscriptBond degree offer diploma Transcript
Bond degree offer diploma Transcript
ynanesn
 
bangalore Girls call 👀 XXXXXXXXXXX 👀 Cash Payment With Room DeliveryDelivery
bangalore Girls call  👀 XXXXXXXXXXX 👀 Cash Payment With Room DeliveryDeliverybangalore Girls call  👀 XXXXXXXXXXX 👀 Cash Payment With Room DeliveryDelivery
bangalore Girls call 👀 XXXXXXXXXXX 👀 Cash Payment With Room DeliveryDelivery
Jasmine Rawat
 
TGDF 2024 Unreal Lumen with Arm Immortalis : The Best Practices of Ray Tracin...
TGDF 2024 Unreal Lumen with Arm Immortalis : The Best Practices of Ray Tracin...TGDF 2024 Unreal Lumen with Arm Immortalis : The Best Practices of Ray Tracin...
TGDF 2024 Unreal Lumen with Arm Immortalis : The Best Practices of Ray Tracin...
Owen Wu
 
Girls Call Marol Naka 9910780858 Provide Best And Top Girl Service And No1 in...
Girls Call Marol Naka 9910780858 Provide Best And Top Girl Service And No1 in...Girls Call Marol Naka 9910780858 Provide Best And Top Girl Service And No1 in...
Girls Call Marol Naka 9910780858 Provide Best And Top Girl Service And No1 in...
margaretblush
 
Celebrity Girls Call Mumbai 9910780858 Provide Best And Top Girl Service And ...
Celebrity Girls Call Mumbai 9910780858 Provide Best And Top Girl Service And ...Celebrity Girls Call Mumbai 9910780858 Provide Best And Top Girl Service And ...
Celebrity Girls Call Mumbai 9910780858 Provide Best And Top Girl Service And ...
dizzycaye
 
RMIT degree offer diploma Transcript
RMIT degree offer diploma TranscriptRMIT degree offer diploma Transcript
RMIT degree offer diploma Transcript
sozta
 
MQU degree offer diploma Transcript
MQU degree offer diploma TranscriptMQU degree offer diploma Transcript
MQU degree offer diploma Transcript
ynanesn
 
Monash degree offer diploma Transcript
Monash degree offer diploma TranscriptMonash degree offer diploma Transcript
Monash degree offer diploma Transcript
ynanesn
 

Recently uploaded (8)

Bond degree offer diploma Transcript
Bond degree offer diploma TranscriptBond degree offer diploma Transcript
Bond degree offer diploma Transcript
 
bangalore Girls call 👀 XXXXXXXXXXX 👀 Cash Payment With Room DeliveryDelivery
bangalore Girls call  👀 XXXXXXXXXXX 👀 Cash Payment With Room DeliveryDeliverybangalore Girls call  👀 XXXXXXXXXXX 👀 Cash Payment With Room DeliveryDelivery
bangalore Girls call 👀 XXXXXXXXXXX 👀 Cash Payment With Room DeliveryDelivery
 
TGDF 2024 Unreal Lumen with Arm Immortalis : The Best Practices of Ray Tracin...
TGDF 2024 Unreal Lumen with Arm Immortalis : The Best Practices of Ray Tracin...TGDF 2024 Unreal Lumen with Arm Immortalis : The Best Practices of Ray Tracin...
TGDF 2024 Unreal Lumen with Arm Immortalis : The Best Practices of Ray Tracin...
 
Girls Call Marol Naka 9910780858 Provide Best And Top Girl Service And No1 in...
Girls Call Marol Naka 9910780858 Provide Best And Top Girl Service And No1 in...Girls Call Marol Naka 9910780858 Provide Best And Top Girl Service And No1 in...
Girls Call Marol Naka 9910780858 Provide Best And Top Girl Service And No1 in...
 
Celebrity Girls Call Mumbai 9910780858 Provide Best And Top Girl Service And ...
Celebrity Girls Call Mumbai 9910780858 Provide Best And Top Girl Service And ...Celebrity Girls Call Mumbai 9910780858 Provide Best And Top Girl Service And ...
Celebrity Girls Call Mumbai 9910780858 Provide Best And Top Girl Service And ...
 
RMIT degree offer diploma Transcript
RMIT degree offer diploma TranscriptRMIT degree offer diploma Transcript
RMIT degree offer diploma Transcript
 
MQU degree offer diploma Transcript
MQU degree offer diploma TranscriptMQU degree offer diploma Transcript
MQU degree offer diploma Transcript
 
Monash degree offer diploma Transcript
Monash degree offer diploma TranscriptMonash degree offer diploma Transcript
Monash degree offer diploma Transcript
 

OpenID Foundation MODRNA WG Update

  • 1. MODRNA WG The interface of MODRNA (Mobile Profile of OpenID Connect) and GSMA Mobile Connect October 22, 2018 Bjorn Hjelm Verizon John Bradley Yubico http://openid.net/wg/mobile/
  • 2. Purpose • Support GSMA technical development of Mobile Connect • Enable Mobile Network Operators (MNOs) to become Identity Providers • Developing (1) a profile of and (2) an extension to OpenID Connect for use by MNOs providing identity services.
  • 4. What is Mobile Connect? • Mobile phone number as user identifier • Mobile phone as authenticator • MNO as authentication/identity provider • Replace passwords and hardware security tokens
  • 7. Mobile Connect Reference Architecture 2. The service provider requests the authenticating operator from the API Exchange. 3. The service provider makes a request for authentication. 4. The operator selects the appropriate authenticator depending on the request for assurance and capabilities 1. The user clicks on a Mobile Connect button to access a service. • SIM Applet • USSD • SMS • Smartphone App • FIDO MNO Service access request Authentication Service Provider Authentication request Authentication server Identity Gateway MNO Discovery
  • 8. MODRNA WG 2. The service provider requests the authenticating operator from the API Exchange. 3. The service provider makes a request for authentication. 4. The operator selects the appropriate authenticator depending on the request for assurance and capabilities 1. The user clicks on a Mobile Connect button to access a service. • SIM Applet • USSD • SMS • Smartphone App • FIDO MNO Service access request Authentication Service Provider Authentication request Authentication server Identity Gateway MNO Discovery 1 2 3 Set up credentials
  • 9. MODRNA Specifications • Discovery – http://openid.net/wordpress-content/uploads/2014/04/draft-mobile-discovery-01.html – Specifies a way to normalize a user identifier applicable to a mobile environment and MNO. The specification defines discovery flow for both web and native applications residing on mobile device. • Client Registration – http://openid.net/wordpress-content/uploads/2014/04/draft-mobile-registration-01.html – Defines how a RP dynamically registers with a MNO by extending the OIDC Dynamic Client Registration with software statements (RFC 7591). • Authentication – http://openid.net/specs/openid-connect-modrna-authentication-1_0.html – Specify how RP’s request a certain level of assurance (LoA) for the authentication and an encrypted login hint token to allow for the transport of user identifiers to the MNO in a privacy preserving fashion. The specification also specify an additional message parameter to bind the user’s consumption device and authentication device.
  • 10. Auxiliary MODRNA Work • User Questioning API – http://openid.net/specs/openid-connect-user-questioning-api-1_0.html – Defines a mechanism to perform transaction authorizations. Define additional OpenID Connect endpoint (Resource Server) that RP would use (server-to-server) to initiate transaction authorization processes. • Account Porting – http://openid.net/specs/openid-connect-account-porting-1_0.html – Defines a mechanism to allow the migration of user account from old to new OP. – Protocol allowing new OP to obtain the necessary user data from the old OP and provide every RP with the necessary data to migrate the RP's local user account data in a secure way.
  • 11. CIBA Development • Initial work on Client Initiated Backchannel Authentication (CIBA) specification started to define a mechanism to perform authentication (out-of-band) when there is no user agent available and the authentication process needs to initiated via server-to-server communication. – CIBA specification approved as Implementer’s Draft in May 2017. • As part of the collaboration with Financial-grade API (FAPI) WG, the CIBA specification will be spilt into two specifications to support multiple use cases. – The CIBA Core specification defines the flows where the RP initiates an authentication (out-of-band) when there is no user agent available and the authentication process needs to initiated via server-to-server communication. – The MODRNA: Client Initiated Backchannel Authentication Profile addresses the MODRNA requirements for CIBA. • Working group scheduled extra calls to resolve open issue with the plan to have the specifications ready for Implementer’s Draft end of October.
  • 12. MODRNA WG Status • CIBA development a priority for the group to get specs. ready for Implementer’s Draft. • Discovery Profile progressing towards Implementer’s Draft status in support of market deployment. – U.S. deployment to support mobile-based authentication is leveraging the MODRNA Discovery specification. • Account Porting discussion taking place to address options in the first part of the porting flow. – The first stage for a porting event is for the New OP to get confirmation from the Old OP that the user wants to port and discussions focused on what can be leveraged from existing MNO porting events to start the porting process. • Plan to progress Authentication Profile towards Final Specification. – Effort planned for Nov-Dec after CIBA development has been either completed or progressed enough to allocate time for this effort.
  • 13. MODRNA - GSMA CPAS Status • User Questioning API being adopted by Mobile Connect as an enabler based on work done in MODRNA WG. – Mobile Connect product definition and technical effort led by Orange. • Possible impact to Mobile Connect from new CIBA development. – Mobile Connect currently support back-channel authentication in the Server- initiated Profile specification. • New work started to add support in Mobile Connect for Token Binding. – Based on recent IETF approved RFCs and work aligning with OpenID Connect Token Bound Authentication spec. in EAP (Enhanced Authentication Profile) WG. – Token Binding also considered and supported by MNO community.