[Openid-specs-mobile-profile] Issue 52 CIBA Pairwise Identifiers Structuring Text
James.H.Manger at team.telstra.com
Wed Jun 14 04:28:31 UTC 2017
> What are the threats if all client metadata is validated at registration time and all CIBA requests are authenticated?
- BadClient is not able to register for the same sector_identifier_uri as GoodPollingClient (regardless of CIBA or OIDC) This is nothing bad introduced by CIBA.
This is your mistake.
Multiple clients can register the same sector_identifier_uri — that is the whole point of the sector_id concept (grouping multiple apps). The issue is how does the registration system distinguish BadClient from OtherGoodPollingClient when both register the same sector_id?
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Openid-specs-mobile-profile