[Openid-specs-ab] Issue #1273: Mitigating security risk by using WebAuthn in cross-device SIOP (openid/connect)

Kristina Yasuda issues-reply at bitbucket.org
Tue Jul 27 23:30:29 UTC 2021


New issue 1273: Mitigating security risk by using WebAuthn in cross-device SIOP
https://bitbucket.org/openid/connect/issues/1273/mitigating-security-risk-by-using-webauthn

Kristina Yasuda:

In 2021-07-27 SIOP special call it was agreed that the most effective way to mitigating MITM/phishing attacks in cross-device SIOP is to use WebAuthn for the session creation and many people expressed interest in writing up a specification how to do so and issue a WebAuthn credential to the claims returned in SIOP response. 

Related to Issue #1257 and Issue #1269

@{557058:0b818274-6498-4bde-b6e0-df9abc0477de} @{557058:6c7abba8-40e3-4cff-9278-44a2673d69da} @{557058:35c98cb9-cddc-4fa6-bb14-ac653e740263} @{602db0779f84a90069f2eb09} @{5e837b70cb85aa0c1458d24d}


More information about the Openid-specs-ab mailing list