[Openid-specs-ab] Paper on Distributed Claims
sakimura at gmail.com
Fri Feb 10 10:22:13 UTC 2012
Yoshio Kakizaki et al. had their paper on distributed claims published
on the International Journal of Information Processing and Management,
Vol. 3, No. 1.
The excerpt of the paper is at:
The full content can be read at:
The paper is specifying both scope and the full claim, where only the
claim would do.
We probably need to clarify it in the final version of the spec.
In their implementation, the authors profiled the Connect such that
access_token to the UserInfo endpoint can be used only once to cope with
the problem of "leaked access_token". That is one way to deal with it,
though my preferred way is to encrypt the response using client's public
key (JWE) as that would enable the client to be used over unreliable
connections, and the server would be stateless.
More information about the Openid-specs-ab