[Openid-specs-mobile-profile] CIBA Client Authenticaiton Amsterdam
Axel.Nennker at telekom.de
Axel.Nennker at telekom.de
Fri May 12 11:24:45 UTC 2017
Hi all,
I added clarification to CIBA regarding Client Authentication
1) The Client MUST be authenticated
2) The Client SHOULD use a signed OpenID Connect Request object (alg != none)
3) The OP MUST support signed OpenID Connect Requests objects and if the validation of the signature fails the request MUST fail.
If alg == none another method of Client authentication MUST be used as per 1)
The commit is here: https://bitbucket.org/openid/mobile/commits/84bbedb432fe511fa6cc38bbeae2eb56c9d40727
The latest version as always is here:
https://xml2rfc.tools.ietf.org/cgi-bin/xml2rfc.cgi?Submit=Submit&format=ascii&mode=html&type=ascii&url=https://bitbucket.org/openid/mobile/raw/tip/draft-mobile-client-initiated-backchannel-authentication.xml?at=default
WDYT?
Cheers
Axel
Deutsche Telekom AG
T-Labs (Research & Innovation)
Dipl.-Inform. Axel Nennker
Winterfeldtstr. 21, 10781 Berlin
+491702275312 (Mobile)
E-Mail: axel.nennker at telekom.de
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-mobile-profile/attachments/20170512/39544545/attachment.html>
More information about the Openid-specs-mobile-profile
mailing list