Overview[1]#

OpenID Connect MODRNA Authentication Profile 1.0 (MODRNA) is a profile of the OpenID Connect Core 1.0 specification that defines common authentication contexts and further extensions to OpenID Connect Core to be used when requesting authentication from Mobile Network Operators.

OpenID Connect MODRNA Authentication Profile 1.0 also defines Mandatory to Implement features for Mobile Network Operators to assure interoperability of clients across Mobile Network Operators.

OpenID Connect MODRNA Authentication Profile 1.0 defines additional Request parameters in the Authentication Request.

OpenID Connect MODRNA Authentication Profile 1.0 also specifies Authentication Context Class Reference values based on the ISO/IEC DIS 29115 ISO 29115 to be used for the "acr_values" request parameter.

MODRNA supports all request parameters as specified in OpenID Connect Core 1.0 section 3.1.2.1 OpenID.Core and in addition the following parameters are defined or made REQUIRED for clients to send. All additional paramaters are REQUIRED for OpenID Connect Provider to support.

acr_values#

REQUIRED. In OpenID.Core this parameter is specified as OPTIONAL. For MODRNA this parameter is REQUIRED in order to enable the Relying Party to indicate a MODRNA conform authentication request to the OpenID Connect Provider. Allowed values are defined OpenID Connect MODRNA Authentication Profile 1.0 Section 4.

login_hint_token#

OPTIONAL. This is a new parameter. The login_hint_token is used to transport a user identifier from the Discovery Service to the OpenID Connect Provider without revealing this identifier to the client. OpenID Connect MODRNA Authentication Profile 1.0 Section 6 specifies the structure of this parameter. Protection of the login_hint_token's content is specified in OpenID Connect MODRNA Authentication Profile 1.0 Section 6.1.

binding_message#

OPTIONAL. This is a new parameter. An Interlock message to tie the consumption device and the authentication device together. How to ensure that the message is actually shown on all relevant devices is out of the scope of this document. Possible values and constraints are specified in OpenID Connect MODRNA Authentication Profile 1.0 Section 7. Ways to protect the integrity of the binding_message are discussed in OpenID Connect MODRNA Authentication Profile 1.0 Section 9.

More Information#

There might be more information for this subject on one of the following:

Add new attachment

Only authorized users are allowed to upload new attachments.
« This page (revision-7) was last changed on 07-Mar-2017 12:49 by jim