[Openid-specs-ab] Issue #848: Messages - 2.1.2.1 'acr' value 'MAY' seems wrong (openid/connect)
Nat Sakimura
issues-reply at bitbucket.org
Sun Jun 2 22:33:55 UTC 2013
New issue 848: Messages - 2.1.2.1 'acr' value 'MAY' seems wrong
https://bitbucket.org/openid/connect/issue/848/messages-2121-acr-value-may-seems-wrong
Nat Sakimura:
Currently, it says:
An absolute URI or a registered name [RFC6711] MAY be used as an acr value.
This allows someone to define a duplicative short name to RFC6711 and use it, which causes both security and interoperability issues.
Proposal:
An absolute URI or a registered name [RFC6711] MUST be used as an acr value.
More information about the Openid-specs-ab
mailing list