CIBA Binding Messages

Issue #204 on hold
Dave Tonge created an issue

From Freddi:

binding_message - could we do some work on improving this. There are a number of types of bindings that would be useful and we could investigate: - two way binding - where the AD and CD are both bound to each other for a short period of time - binding through NFC/scanned bar code rather than relying on a human

Comments (7)

  1. Takahiko Kawasaki

    If it is difficult to list up all the possible use cases of binding_message at this moment and/or if we want to avoid preventing someone from inventing fantastic ways for binding in the future, it might be worth considering to separate binding_message into two parameters, binding_type and binding_value. For example, like binding_type=message and binding_value=Hello.

    Even after this style is adopted, it is possible to keep binding_message={value} (if it is desired) as an alias of the combination of binding_type=message and binding_value={value}.

  2. Dave Tonge reporter

    So we should probably have the binding_type discussion in the mobile issue tracker, but I'd probably be against it. I think that the login_hint_token is the generic container that we have that can help with this sort of thing.

    In situations where we can have a way of passing tokens between the AD and the CD I think it makes sense to use the login_hint_token at the beginning of the flow rather than the binding message part way through the flow.

  3. Dave Tonge reporter

    Currently I'm unsure of what we can add around this. I propose that any implementation considerations around the binding message be added to the new document rather than to the FAPI CIBA profile

  4. Log in to comment