[Openid-specs-ab] OX work on OpenID Connect multi-party Federations
ve7jtb at ve7jtb.com
Fri Aug 31 14:44:05 UTC 2012
Publishing the certs on a https: URI basically gives you no better than HTTPS PKIX security.
I think that is fine for most applications. For LoA 3 and perhaps LoA 2 the certificate or keys may need to be in the meta-data to be part of a more highly trusted trust chain.
On 2012-08-31, at 10:38 AM, Michael Schwartz <mike at gluu.org> wrote:
> I just added :
> 1) RP and OP to publish public certificates on an HTTPS URI
> 2) Federation publishes Public Key and signs federation metadata
> per John's suggestion.
> - Mike
> Michael Schwartz
> Founder / CEO
> office: +1 646-810-8761
> mike at gluu.org
> On Fri, 31 Aug 2012, John Bradley wrote:
>> I think the general idea is good. It will be important to support entity attributes for LOA and claims confidence.
>> Andreas has also had some thoughts.
>> We should try and dedicate a call or session at IIW to this.
>> On 2012-08-31, at 10:12 AM, Michael Schwartz <mike at gluu.org> wrote:
>>> OpenID Group...
>>> We weren't going to announce this until we had working code, but we have started to sketch a design for OpenID Connect federation metadata:
>>> I used Shib-style federations like InCommon as the model.
>>> This obviously needs some work... I would like to reference the entity's certificates by URI if that's feasible.
>>> Sorry it goes into the weeds a little at the end. We're moving some of the content to new pages :)
>>> Openid-specs-ab mailing list
>>> Openid-specs-ab at lists.openid.net
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 4937 bytes
Desc: not available
More information about the Openid-specs-ab