[Openid-specs-ab] Definition of Authentication
Nat Sakimura
sakimura at gmail.com
Thu Nov 7 18:45:57 UTC 2013
Having seen the recent thread around client secret etc., I am confident
that we have problems with the current definition of Authentication.
Currently, it is:
AuthenticationProcess of verifying that an Entity is the owner of an
Identity.
It is unclear what is "owner" etc., and is too hand-wavy. For example, what
is the owner of the identity in the case of Client Authentication?
We should adopt either ISO18014 or X.1252. I feel X.1252 is slightly
better.
It is:
Process used to achieve sufficient confidence in the binding
between the entity and the presented identity
I Propose to adopt this definition.
--
Nat Sakimura (=nat)
Chairman, OpenID Foundation
http://nat.sakimura.org/
@_nat_en
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20131107/95f521b1/attachment.html>
More information about the Openid-specs-ab
mailing list