[Openid-specs-ab] Connect Progress

John Bradley ve7jtb at ve7jtb.com
Fri Jan 7 16:00:39 UTC 2011 

Yes the 3rd party attribute provider registration is a key issue.   I was hoping that the UMA oAuth work might be helpful.

Dynamic client registration with symmetric keys presents a denial of service opportunity if we don't have an association handle in the request.
I am interested in peoples ideas on this.

What stops someone from coming along and making a new association as you?   
I suppose mutual TLS would work but that solution is worse than the problem:)

John B.
On 2011-01-07, at 6:55 AM, Nat Sakimura wrote:

> P.S. There also is going to be 
> 
> - Dynamic Client Registration. 
> 
> Am I still missing something? Only the other potential thing that comes to my mind is 
> 
> - Resource Registration (for third party claims providers.) 
> 
> =nat
> 
> On Wed, Jan 5, 2011 at 6:51 PM, Nat Sakimura <sakimura at gmail.com> wrote:
> Hi. 
> 
> I have started splitting out AB 1.0 RC3 into "Core", "Protocol Bindings", "Profiles". It will likely to be: 
> 
> - Connect Core: Defines Messages
> - Artifact Binding (AB): Defines Web App Flow with Artifact
> - GET Binding (GB): Defines User Agent Flow (Is there a better name?)
> - GB/HMAC SHA-256 Profile
> - AB/No Signature Profile
> - AB/RSA&EC-DSA Signature Profile
> - AB/Signed and Encrypted Profile
> - AB/Holder of Key Profile. 
> - Connect Discovery
> 
> If you have other suggestions, please let me know. 
> 
> I am now working on the "Core". For the "Connect Core", I am using "cc" as the abbreviation string. 
> Thus, the URI for the spec would be
> 
> http://openid.net/specs/cc/1.0/
> 
> Best, 
> 
> -- 
> Nat Sakimura (=nat)
> http://www.sakimura.org/en/
> http://twitter.com/_nat_en
> 
> 
> 
> -- 
> Nat Sakimura (=nat)
> http://www.sakimura.org/en/
> http://twitter.com/_nat_en
> _______________________________________________
> Openid-specs-ab mailing list
> Openid-specs-ab at lists.openid.net
> http://lists.openid.net/mailman/listinfo/openid-specs-ab

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20110107/7f623000/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4767 bytes
Desc: not available
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20110107/7f623000/attachment.p7s>

More information about the Openid-specs-ab mailing list