[Openid-specs-ab] client_update in Regsitration

Nat Sakimura sakimura at gmail.com
Thu May 17 03:11:13 UTC 2012


I have a question wrt the type=client_update in the registration spec.

How is the client authenticated for update?
Unless it is authenticated, the registration values such as redirect_uris
can be overwritten by an attacker.

Nat Sakimura (=nat)
Chairman, OpenID Foundation
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20120517/b6114a0b/attachment.html>

More information about the Openid-specs-ab mailing list