Mobile Network Operators and Identity – Crossing the Chasm
Download as PPTX, PDF•0 likes•86 views
The document discusses the adoption of open standards for authentication and authorization within mobile network operators, emphasizing the use of OAuth 2.0 and OpenID Connect. It outlines the development of profiles for mobile network operators to enhance identity services and improve user experience, specifically focusing on features like discovery and dynamic registration. The document also highlights the importance of reliable product quality and service infrastructure for mainstream market acceptance.
Mobile Network Operators and Identity – Crossing the Chasm
- 1. Mobile Network Operators and Identity – Crossing the Chasm Bjorn Hjelm September 22, 2015
- 2. “Chasm crossing is not the end, but rather the beginning, of mainstream market development.” - Geoffrey A. Moore, Crossing the Chasm: Marketing and Selling Disruptive Products to Mainstream Customers 2
- 3. Leveraging Open Standards for “Mainstream Market”. 3 “Productivity improvement for existing operations.” “Evolution, not revolution.” “Technology to enhance, not overthrow, the established ways of doing business.” “Do not want to debug somebody else’s product.“ - Geoffrey A. Moore, Crossing the Chasm: Marketing and Selling Disruptive Products to Mainstream Customers “When pragmatists buy, they care about the company they are buying from, the quality of the product they are buying, the infrastructure of supporting products and system interfaces, and the reliability of the service they are going to get.” - Geoffrey A. Moore, Crossing the Chasm: Marketing and Selling High-Tech Products to Mainstream Customers
- 4. 4 Authentication and Authorization Framework using Open Standards OAuth 2.0 and OpenID Connect are two authentication and authorization standards that promises to serve as important tools. OAuth 2.0 IETF standard for securing Client application delegated access to server resources on behalf of a resource owner. Useful for conveying authorization decisions across network of web- enabled applications and APIs. Client authenticated to the Resource Server (RS) through the use of an access token provided by an Authorization Server (AS). OpenID Connect OpenID Foundation standard that extends OAuth 2.0 adding an identity layer to perform user authentication. OpenID Connect 1.0 adds two identity constructs to the token issuing model in OAuth 2.0. • Identity Token – Enables a federated SSO user experience for a user. • Identity attribute API – Allowing a Client to retrieve the desired identity attributes for the a given user.
- 5. OpenID Foundation MODRNA WG Developing a profile of OpenID Connect for use by Mobile Network Operators providing identity services. Specifications divided into three parts: • Discovery • Dynamic Registration • Authentication MODRNA Working Group provides input to GSMA on the technical development of Mobile Connect. 5
- 6. 6 Discovery Profile Addition to OpenID Connect Discovery specification. Specifies a way to normalize a user identifier to derive a resource and especially a host for OpenID Provider (OP) Issuer Discovery. Dynamic Registration Profile Addition to OpenID Connect Dynamic Registration specification. Specifies how a Client dynamically register with multiple Mobile Network Operators (MNOs) based on information asserted by a trusted entity. Authentication Profile Addition to OpenID Connect Core specification. Specifies the common authentication contexts to be used.
- 7. Discovery with Account Chooser. 7 Using Account Chooser to bypass discovery to improve user experience. Account Chooser is a OpenID Foundation specification to help with the login process to a website by leveraging an account cashed. Proposed enhancement to Account Chooser specification to work with MODRNA Discovery flow by allowing login identifiers strings that are keyed on phone numbers. Service Providers will bring up Account Chooser during login and MNO will populate Account Chooser after successful login the MNO calls
- 8. References for more information 8 OpenID Foundation MODRNA Working Group http://openid.net/wg/mobile/ OpenID Foundation Account Chooser Working Group http://openid.net/wg/ac/ Account Chooser http://accountchooser.net/