[Openid-specs-ab] Issue #1335: add a text how SIOP can be used for authentication and claim presentation (openid/connect)
issues-reply at bitbucket.org
Thu Sep 9 03:52:15 UTC 2021
New issue 1335: add a text how SIOP can be used for authentication and claim presentation
We discussed at Sept-02-2021 SIOP call that there are 3 applications of SIOP v2. Suggest we add this in the SIOP v2 introduction.
1. To authenticate a user based on the self-attested signature
2. To present self-asserted claims
3. To present Third Party signed claims
I also summarized characteristics of such applications per same-device and cross-device flow that were discussed: [https://hackmd.io/9MmHKXCBQvy2zghVoG3fXg?view](https://hackmd.io/9MmHKXCBQvy2zghVoG3fXg?view)
But per some feedback from the first implementers, I don’t think we have a consensus to put a language as strong as “usage of cross-device SIOP for authentication is not recommended“, nor per Stephane’s comment in Issue #1269 \([https://bitbucket.org/openid/connect/issues/1269/add-security-considerations-for-cross#comment-61098781](https://bitbucket.org/openid/connect/issues/1269/add-security-considerations-for-cross#comment-61098781)\) we have consensus to draw such a clear line between CD-SIOP and SM-SIOP.
More information about the Openid-specs-ab