[OpenID-Specs-eKYC-IDA] Issue #1154: Mention complementary security standards (OAuth mTLS, etc) (openid/ekyc-ida)

Torsten Lodderstedt torsten at lodderstedt.net
Sat Jan 18 11:46:55 UTC 2020


I think this makes sense. I would envision FAPI to be the counterpart of IDA re security of the authorization/authentication process.

> Am 18.01.2020 um 12:42 schrieb Vladimir Dzhuvinov via Openid-specs-ekyc-ida <openid-specs-ekyc-ida at lists.openid.net>:
> 
> New issue 1154: Mention complementary security standards (OAuth mTLS, etc)
> https://bitbucket.org/openid/ekyc-ida/issues/1154/mention-complementary-security-standards
> 
> Vladimir Dzhuvinov:
> 
> In a informal talk about IdA I mentioned that given the nature of the standard and the personal data it deals with, providers should require strong client authentication and client certificate-bound access tokens \(mTLS\) for the UserInfo endpoint.
> 
> I suppose it makes sense to mention this together with the applicable specs in a section at the bottom of the spec.
> 
> I’m not sure if this should be normative or just informational.
> 
> 
> -- 
> Openid-specs-ekyc-ida mailing list
> Openid-specs-ekyc-ida at lists.openid.net
> http://lists.openid.net/mailman/listinfo/openid-specs-ekyc-ida
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 2367 bytes
Desc: not available
URL: <http://lists.openid.net/pipermail/openid-specs-ekyc-ida/attachments/20200118/dd58ef84/attachment-0001.p7s>


More information about the Openid-specs-ekyc-ida mailing list