[Openid-specs-ab] Paper on Distributed Claims

sakimura sakimura at gmail.com
Fri Feb 10 10:22:13 UTC 2012

 Dear Connectors:

 Yoshio Kakizaki et al. had their paper on distributed claims published 
 on the International Journal of Information Processing and Management, 
 Vol. 3, No. 1.

 The excerpt of the paper is at: 

 The full content can be read at: 

 The paper is specifying both scope and the full claim, where only the 
 claim would do.
 We probably need to clarify it in the final version of the spec.

 In their implementation, the authors profiled the Connect such that 
 access_token to the UserInfo endpoint can be used only once to cope with 
 the problem of "leaked access_token". That is one way to deal with it, 
 though my preferred way is to encrypt the response using client's public 
 key (JWE) as that would enable the client to be used over unreliable 
 connections, and the server would be stateless.



More information about the Openid-specs-ab mailing list