[Openid-specs-mobile-profile] Comments on draft-mobile-authentication-1

Torsten Lodderstedt torsten at lodderstedt.net
Sun Nov 29 18:19:48 UTC 2015


Hi Jörg,

thanks for producing a new revision, which covers context and 
login_token_hint (@all: it's published at 
https://bitbucket.org/openid/mobile/raw/default/draft-mobile-authentication-01.txt).

Please find attached my comments as well as proposed text for 
security/privacy considerations sections and other aspects.

I would like to bring one question to the group's attention: Do we want 
to require the login_token_hint to be signed? What is the main reason? 
Issuer authenticity?

best regards,
Torsten.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-mobile-profile/attachments/20151129/035e3baa/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: draft-mobile-authentication-01_tlt.docx
Type: application/octet-stream
Size: 12828 bytes
Desc: not available
URL: <http://lists.openid.net/pipermail/openid-specs-mobile-profile/attachments/20151129/035e3baa/attachment.obj>


More information about the Openid-specs-mobile-profile mailing list