[Openid-specs-mobile-profile] Issue #50: Authenticate RP to Old OP during porting (openid/mobile)
issues-reply at bitbucket.org
Wed Oct 5 03:54:37 UTC 2016
New issue 50: Authenticate RP to Old OP during porting
draft-account-porting-01 assumes an encrypted port_token is basically a bearer token allowing the RP to call the Old OP to complete the porting flow without further authentication.
The Old OP is effectively leveraging the authentication of the RP by the New OP. This is awkward when the Old OP and New OP don't identify RPs in exactly the same way. Old & New OPs will have separate client_ids for a given RP so that doesn't help. Old & New OPs should both understand the same sector_id for an RP. However, sector_ids might not be properly implemented everywhere. In particular, an OP that issues public subject ids doesn't uses sector_ids.
See [email thread](http://lists.openid.net/pipermail/openid-specs-mobile-profile/Week-of-Mon-20160926/000598.html).
More information about the Openid-specs-mobile-profile