[Openid-specs-ab] Issue #858: Messages 220.127.116.11 iss clarification (openid/connect)
issues-reply at bitbucket.org
Tue Jul 2 01:23:57 UTC 2013
New issue 858: Messages 18.104.22.168 iss clarification
iss may need clarification that it is a https: scheme URI in sec 22.214.171.124
One or more interop participants are using host names as issuer without a scheme
This is clear in discovery.
In Messages the definition of issuer identifier
Verifiable identifier for an Issuer. An Issuer Identifier is a URL using the https scheme that contains scheme, host, and OPTIONALLY, port number and path components. (No query or fragment components MAY be present.)
Also Sec 9.14
OpenID Connect supports multiple issuers per Host and Port combination. The issuer returned by discovery MUST exactly match the value of iss in the ID Token.
OpenID Connect treats the path component of any URI as part of the user identifier. For instance, the subject "1234" with an issuer of "https://example.com" is not equivalent to the subject "1234" with an issuer of "https://example.com/sales".
More information about the Openid-specs-ab