Please report any other irregularities here.
We'd like to get answers to the following questions from Bango and/or Telefonica: https://etherpad.mozilla.org/20mJlfcI9O This will help us understand what kind of threats are possible for spoofing payments when Marketplace hands it off to Bango.
Priority: -- → P1
Assignee: nobody → sruston
I've replied to the questions in the etherpad. Our infosec team might have some additional feedback, if so I'll update the etherpad again.
Kumar sounded happy with this in the email. Is there more to do?
Whiteboard: u=mkt p=
Target Milestone: --- → 2013-01-24
I have asked for clarification in the etherpad.
Target Milestone: 2013-01-24 → 2013-02-07
Version: 1.0 → 1.1
David, can you provide the link to where we can find the Header flow on your Redmine site and the relevant access credentials
Assignee: sruston → dll
https://bvpartner.tid.es/redmine/projects/bangoowd/wiki/APIs-Mobile_ID user: email@example.com pass: you will receive it by email
To address the security questions: we ONLY accept requests coming with MSISDNs in headers as long as they come from a preconfigured list of source IP addresses that we also use to know the origin operator. Of course, we also check the format of the http header we receive from the operator (that info is not public, but it does not include signatures).
Ray, can you confirm the info on the BV wiki covers what you need?
David, can we take the header information from your Wiki and put it on our public wiki?
Assignee: rforbes → dll
David answered this on the call: it is not public information so we need to store it privately in mana or somewhere.
Status: NEW → RESOLVED
Last Resolved: 6 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.