Mobile Launch of MODRNA – Overview/Update

From IIW
Jump to: navigation, search

Mobile Connect/MODRNA WG Overview/Update

Tuesday 1G

Convener: Torsten Lodderstedt

Notes-taker(s): Sebastian Ebling

Tags for the session - technology discussed/ideas considered:

Discussion notes, key understandings, outstanding questions, observations, and, if appropriate to this discussion: action items, next steps:

  • Torsten explains involved parties (SP = Service Provider, OP = OpenID Provider -> in this case Mobile Network Operator (MNO), Authenticator = SIM based Authentication on a mobile device
  • MODRNA is an OpenID working group that standardizes discovery, registration, and authentication with Mobile Network Operators
  • Q: is it a browser flow
    • A: it depends. Most operators implement OpenID Connect code flow

Challenges the WG is going to cope with:

1) finding the op

2) registration

3) controll authentication process

  • Finding the OP is a challenge
    • OpenID is is based on E-Mail Addresses
    • Phone number in case of Mobile Connect
  • RP register once and establish a trust relation ship

Q: Why do you think this will work

A: Phone-based authentication is already in place. For example Whatsapp, SMS OTPs as 2nd factor. Utilizing the SIM card could improve authentication and UX.

Q: Why should individuals trust Mobile Network Providers?

A: Survey results indicate people (at least in some regions) trust operators more then other players.

I: Changing MNO is a problem when identity is locked to the MNO

A: PPIDs have to be portable across operators

I: You are still locked to have a mobile contract with a provider that supports Mobile Connect

I: Checking if PPIDs can moved can be part of the process of onboarding to a new operator

  • People identify with Applications an Devices not with SIM card. See Apple Pay,

Facebook. Identity is connected to


Q: Device or number: What are we more attached to?

Q: Who creates the demand for MC?

A: GSMA thought this is a good idea. MNO already have validated information about you and want to become identity. There is demand from the market.

Is there interest from the SP side?

A: Google likes the idea of getting rid of SMS and participate in validated information. Simpler recovery.


Torsten shows the flow:

IIW21 T1G.jpg

  • What happens when you have no mobile connection (travel/roaming)?
  • What happens if I lose my device? Can I lock everything in one step?
  • What should be the first service providers use that service?
    • Insurance companies
    • Banking / commerce -> financial transactions