[Openid-specs-mobile-profile] Comments on draft-mobile-authentication-1
Torsten Lodderstedt
torsten at lodderstedt.net
Sun Nov 29 18:19:48 UTC 2015
Hi Jörg,
thanks for producing a new revision, which covers context and
login_token_hint (@all: it's published at
https://bitbucket.org/openid/mobile/raw/default/draft-mobile-authentication-01.txt).
Please find attached my comments as well as proposed text for
security/privacy considerations sections and other aspects.
I would like to bring one question to the group's attention: Do we want
to require the login_token_hint to be signed? What is the main reason?
Issuer authenticity?
best regards,
Torsten.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-mobile-profile/attachments/20151129/035e3baa/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: draft-mobile-authentication-01_tlt.docx
Type: application/octet-stream
Size: 12828 bytes
Desc: not available
URL: <http://lists.openid.net/pipermail/openid-specs-mobile-profile/attachments/20151129/035e3baa/attachment.obj>
More information about the Openid-specs-mobile-profile
mailing list