[Openid-specs-mobile-profile] Issue 52 CIBA Pairwise Identifiers Structuring Text

John Bradley ve7jtb at ve7jtb.com
Mon Jun 19 12:05:06 UTC 2017

It is not part of discovery.

It is part of registration.

The SIU must be validated in registration for clients that use PPID.

How it is validated depends on the way the client receives the response.
1. Redirect
2. Post back
3. Polling/ RO password

I don’t know that we have resolved the validation issue. 

CIBA is adding new responses.

We cant say nothing in CIBA and hope that registration is updated.

If the decision is to add validation rules for SIU that are specific to CIBA to registration then I am fine with it.

I think not everyone seem to be on the same page around understanding the need for validating the SIU.
I don’t think we have agreement to not allow symmetric authentication for CIBA polling and more specifically to require the client authentication key to be published in the jwks_uri and published in the siu for validation.

So I think we still have an issue with CIBA polling.

John B.
> On Jun 8, 2017, at 2:38 AM, Axel.Nennker at telekom.de wrote:
> Hi all,
> can this issue be closed?
> https://bitbucket.org/openid/mobile/issues/52/ciba-pairwise-identifiers-structuring-text <https://bitbucket.org/openid/mobile/issues/52/ciba-pairwise-identifiers-structuring-text>
> The sector_identifier_url is now mandatory to be specified at Client registration time.
> Validation of the sector_identifier is out-of-scope for CIBA and should be in Discovery.
> Please comment on the issue in bitbucket or here.
> Kind regards
> Axel
> T-Labs (Research & Innovation)
> Axel Nennker
> Winterfeldtstr. 21, 10781 Berlin
> +491702275312 (Tel.)
> E-Mail: axel.nennker at telekom.de <mailto:axel.nennker at telekom.de>
> _______________________________________________
> Openid-specs-mobile-profile mailing list
> Openid-specs-mobile-profile at lists.openid.net <mailto:Openid-specs-mobile-profile at lists.openid.net>
> http://lists.openid.net/mailman/listinfo/openid-specs-mobile-profile <http://lists.openid.net/mailman/listinfo/openid-specs-mobile-profile>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-mobile-profile/attachments/20170619/2aea8e1c/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4383 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.openid.net/pipermail/openid-specs-mobile-profile/attachments/20170619/2aea8e1c/attachment.p7s>

More information about the Openid-specs-mobile-profile mailing list