[Openid-specs-risc] Fwd: Multi subject discuss?
phil.hunt at oracle.com
Tue Dec 12 17:18:20 UTC 2017
Re-sending to RISC group.
Apologies to fastfed.
Begin forwarded message:
> From: Phil Hunt <phil.hunt at oracle.com>
> Date: December 12, 2017 at 9:04:14 AM PST
> To: openid-specs-fastfed at lists.openid.net
> Subject: Multi subject discuss?
> It has been raised by marius on the secevents list that multi subjects in risc sets is a requirement which has not been discussed here.
> As we have not discussed this, I propose we do so.
> I have grave concerns about possible privacy implications particular if third party security providers are involved.
> I believe for any stream, transmitters and receivers must negotiate a single subject identifier to use. This can become a requirement for config eg as an extension to stream config
> Ps i also support single profile option in stream config per discussion with annabelle.
> I also support a standard subject claim but because of issues like multi subject, i do not support it being part of the main set draft.
> I think standard subject is also useful for access tokens/id tokens and may pave the way for single subject sets in risc.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Openid-specs-risc