Enhancement of blockchainPublicAddress belongs to the user whose phoneNumber is indicated to set-up the binding relationship

[PedroDiez]

Problem description
When generating a binding process bindBlockchainPublicAddress, Telco Operators have mechanism to enforce the phoneNumber indicated is the one that applied by means of AuthN/AuthZ (checking Access Token is issued for that phoneNumber). However, there is no enforcement about the blockchainPublicAddress indicated really belongs to the user (i.e. person) under such phoneNumber.

A solution is needed for this enforcement

Possible evolution
Discussed within the issue

Alternative solution
Not indicated

Additional context
Details to be discussed under this issue

[PedroDiez]

2024-05-02:

• @PedroDiez: Will check how this is performed currently in TEF
• @grgpapadopoulos: You can add additional context to the issue

[grgpapadopoulos]

Hi Pedro & team,
I propose a solution to ensure the owner of the blockchainPublicAddress is the user binding their MSISDN,
perform a verification, where it is required, the user to sign a message with their private key to verify control over the blockchain address.

[PedroDiez]

Summary about discussion so far:

• Background topic is to ensure that the binding perfomed is trusted (MSISDN-Blockchain relation is verified)
• In TEF there are currently solutions (applied at App/Service) on beforehand, previously to attempt binding registration
• DT indicates a solution in CAMARA/OGW should consider a way to allow for such a process
• Talking during the meeting, need to be discussed further, could be options like sending an SMS to the user in order to inform him to about such a binding so as her/him can confirm that association.
• Also point out the relevance of a compliance of the procedure with legality/privacy