Overview#Mobile Operator Discovery, Registration & Authentication (MODRNA) Working Group within OpenID Foundation will develop a profile of OpenID Connect intended to be appropriate for use by Mobile Network Operators (MNOs) providing identity services to Relying Partys and for Relying Partys in consuming those services as well as any other party wishing to be interoperable with this profile.
Mobile Operator Discovery, Registration & Authentication Working Group will develop extensions to OpenID Connect as needed in the context of GSMA’s Mobile Connect initiative, such as server-initiated authentication, transaction authorization, and account migration. Additionally, it will identify and make recommendations for additional standards items.
Mobile network operators increasingly want to become identity providers that way leveraging their reach and specific technical capabilities to partners. The MODRNA WG aims to create a profile of OpenID Connect tailored to the specific needs of mobile networks and devices thus enabling usage of operator ID services in an interoperable way. The specific challenges the working group is aiming to cope with are:
To start with, OpenID Connect basically relies on the Email Address to determine an user’s OpenID Connect Provider (OP). In the context of mobile identity, the mobile Phone Number or other suitable mobile network data are considered more appropriate. The working group will propose extensions to the OpenID Connect Discovery function to use this data to determine the operator’s OP, taking also into consideration protection of this data’s privacy (esp. mobile phone number).
Reaching all mobile users in a certain market requires a relying party to connect to all of its Mobile Network Operators. The working group will develop mechanisms so a Relying Party can get approved for the ID service once and connect at runtime to any relevant mobile network operator without have to manually register at each one.
As service providers may have different requirements regarding a certain authentication transaction, the profile will also define a set of authentication policies operator OP’s are recommended to implement and service providers can choose from.
This working group has been setup in cooperation with the GSMA in order to support GSMA’s Mobile Connect. Intermediary working group results will be proposed to this project and participating operators for adoption (e.g. in pilots) but can also be adopted by any other interested party or organization. The experiences gathered during early adoption will influence further work.
Mobile Operator Discovery, Registration & Authentication Specifications#
- OpenID Connect Client Initiated Backchannel Authentication Flow (CIBA)
- OpenID Connect MODRNA Authentication Profile 1.0.
- OpenID Connect Account Porting
- OpenID Connect User Questioning API
- OpenID Connect Backchannel Authentication