Dear OAUTH WRAP group,
My name is Kevin Smith of Vodafone R&D, and I lead a cross-mobile
operator project called OneAPI ('Open Network Enablers') [1]. The aim
is to provide a RESTful API to expose network functions such as
location, messaging, payments and more to developers; with the
reckoning that this will make it far easier to mash-up Web
applications with network capabilities and reduce the time to reach
all mobile subscribers in a territory. Thus far we have a live pilot
implementation across the 3 major Canadian operators [2] and a non-
commercial test site connected to
12 European operators [3], and will be releasing v1.0 specifications
backed by the OMA this month.
For the first release we did not attempt to prescribe an AAA model to
operators, instead leaving them to reuse their own SDP AAA
implementation for OneAPI. For our second phase now underway we would
like to provide a recommended reference implementation AAA model for
operators who are unsure how to allow secure API access whilst
allowing user consent and privacy to be respected. Therefore we have
discussed OAUTH as an ideal candidate that will be well-known to Web
developers.
My question regards the suitability of WRAP for such a reference
implementation: the decoupling of authentication is good sense and
would be welcome by operators, however it appears that WRAP is
deprecated and is intended to be replaced by OAUTH 2.0 - is that
right? Please could you provide any details on the plans for if/how
the two will interoperate? If it's at all possible, we would very much
welcome a member of the group to present on WRAP at one of our face-to-
face meetings in London - if that is of interest please let me know
and I can make arrangements.
Thanks for your time and look forward to your advice.
Kind regards,
Kevin
[1]
http://www.gsmworld.com/oneapi
[2]
http://canada.oneapi.gsmworld.com/
[3]
http://oneapi.aepona.com/
Kevin Smith
Senior Technology Strategist, R&D
Vodafone Technology
E-mail:
kevin...@vodafone.com
--
You received this message because you are subscribed to the Google Groups "OAuth WRAP WG" group.
To post to this group, send email to
oauth-...@googlegroups.com.
To unsubscribe from this group, send email to
oauth-wrap-w...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/oauth-wrap-wg?hl=en.