Yet Another Delegation Thread

Josh Hoyt josh at janrain.com
Thu Oct 26 15:21:52 UTC 2006


On 10/26/06, Dick Hardt <dick at sxip.com> wrote:
> If the IdP is not doing discovery per your previous comment, then
> compromising the RP's discovery is sufficient hijack a user's
> identifier, and it likely is easier to compromise an RP then an IdP,
> and we should move complexity to IdPs to an RP all other things being
> equal.

Compromising a relying party's discovery is sufficient in *any case*
to hijack an identifier. The discovery just needs to return a
different IdP.

Not letting the RP verify *all* of the discovered information adds
another place (the IdP) where compromising discovery is a valid
attack.

Josh



More information about the specs mailing list