[Openid-specs-mobile-profile] Account porting within the same OP

Torsten Lodderstedt torsten at lodderstedt.net
Wed Jun 6 07:31:54 UTC 2018


Hi James,

> Am 04.06.2018 um 05:03 schrieb Manger, James <James.H.Manger at team.telstra.com>:
> 
> One option for the "Old OP no longer exists" use case could be for the New OP to take over the Old OP domain name.
> RPs process id_tokens as per Account Porting. RPs don't know, nor need to know, that the Old OP has been completely replaced. The New OP needs to host a static openid-configuration file at the Old OP's domain (https://oldop.example.net/.well-known/openid-configuration), though the 
> "port_check_endpoint" can point to a New OP domain. That endpoint probably needs to support RP credentials established with the Old OP.
> No spec changes are needed.

Good idea! I need to check whether the old domain can be used that way. What I like the most is that there is no central authority needed (other than the DNS registrar :-)).

best regards,
Torsten. 

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3872 bytes
Desc: not available
URL: <http://lists.openid.net/pipermail/openid-specs-mobile-profile/attachments/20180606/6cb090ea/attachment.p7s>


More information about the Openid-specs-mobile-profile mailing list