[Openid-specs-ab] Dynamic client registration: Stating intent that request objects are mandatory
Vladimir Dzhuvinov
vladimir at connect2id.com
Sun Jul 24 10:20:55 UTC 2016
The point of signed / signed+encrypted request objects is to provide
additional security, and my understanding is that clients registered
with "request_object_signing_alg" and / or "request_uris" must not be
allowed by the OP to make plain OpenID authentication requests. Am I
correct on this? (even though it's not stated in the OIDC specs)
Cheers,
Vladimir
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3711 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20160724/cb57e660/attachment.p7s>
More information about the Openid-specs-ab
mailing list