[Openid-specs-mobile-profile] Issue 52 CIBA Pairwise Identifiers Structuring Text

Manger, James James.H.Manger at team.telstra.com
Wed Jun 14 04:28:31 UTC 2017


> What are the threats if all client metadata is validated at registration time and all CIBA requests are authenticated?

-          BadClient is not able to register for the same sector_identifier_uri as GoodPollingClient (regardless of CIBA or OIDC) This is nothing bad introduced by CIBA.

This is your mistake.
Multiple clients can register the same sector_identifier_uri — that is the whole point of the sector_id concept (grouping multiple apps). The issue is how does the registration system distinguish BadClient from OtherGoodPollingClient when both register the same sector_id?

James Manger

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-mobile-profile/attachments/20170614/c1834b54/attachment.html>

More information about the Openid-specs-mobile-profile mailing list