Mobile Launch of MODRNA – Overview/Update
Mobile Connect/MODRNA WG Overview/Update
Convener: Torsten Lodderstedt
Notes-taker(s): Sebastian Ebling
Tags for the session - technology discussed/ideas considered:
Discussion notes, key understandings, outstanding questions, observations, and, if appropriate to this discussion: action items, next steps:
- Torsten explains involved parties (SP = Service Provider, OP = OpenID Provider -> in this case Mobile Network Operator (MNO), Authenticator = SIM based Authentication on a mobile device
- MODRNA is an OpenID working group that standardizes discovery, registration, and authentication with Mobile Network Operators
- Q: is it a browser flow
- A: it depends. Most operators implement OpenID Connect code flow
Challenges the WG is going to cope with:
1) finding the op
3) controll authentication process
- Finding the OP is a challenge
- OpenID is is based on E-Mail Addresses
- Phone number in case of Mobile Connect
- RP register once and establish a trust relation ship
Q: Why do you think this will work
A: Phone-based authentication is already in place. For example Whatsapp, SMS OTPs as 2nd factor. Utilizing the SIM card could improve authentication and UX.
Q: Why should individuals trust Mobile Network Providers?
A: Survey results indicate people (at least in some regions) trust operators more then other players.
I: Changing MNO is a problem when identity is locked to the MNO
A: PPIDs have to be portable across operators
I: You are still locked to have a mobile contract with a provider that supports Mobile Connect
I: Checking if PPIDs can moved can be part of the process of onboarding to a new operator
- People identify with Applications an Devices not with SIM card. See Apple Pay,
Facebook. Identity is connected to
Q: Device or number: What are we more attached to?
Q: Who creates the demand for MC?
A: GSMA thought this is a good idea. MNO already have validated information about you and want to become identity. There is demand from the market.
Is there interest from the SP side?
A: Google likes the idea of getting rid of SMS and participate in validated information. Simpler recovery.
Torsten shows the flow:
- What happens when you have no mobile connection (travel/roaming)?
- What happens if I lose my device? Can I lock everything in one step?
- What should be the first service providers use that service?
- Insurance companies
- Banking / commerce -> financial transactions