Open PedroDiez opened 5 months ago
2024-05-02:
Hi Pedro & team,
I propose a solution to ensure the owner of the blockchainPublicAddress
is the user binding their MSISDN,
perform a verification, where it is required, the user to sign a message with their private key to verify control over the blockchain address.
Summary about discussion so far:
Problem description When generating a binding process
bindBlockchainPublicAddress
, Telco Operators have mechanism to enforce the phoneNumber indicated is the one that applied by means of AuthN/AuthZ (checking Access Token is issued for that phoneNumber). However, there is no enforcement about theblockchainPublicAddress
indicated really belongs to the user (i.e. person) under such phoneNumber.A solution is needed for this enforcement
Possible evolution Discussed within the issue
Alternative solution Not indicated
Additional context Details to be discussed under this issue