[Openid-specs-ab] Issue #1303: uid usage (openid/connect)
Edmund Jay
issues-reply at bitbucket.org
Thu Aug 19 08:24:26 UTC 2021
New issue 1303: uid usage
https://bitbucket.org/openid/connect/issues/1303/uid-usage
Edmund Jay:
Comments from TL regarding for [pull request #39](https://bitbucket.org/openid/connect/pull-requests/39/merging-cp-into-ca)
[https://bitbucket.org/openid/connect/pull-requests/39/merging-cp-into-ca#comment-238238844](https://bitbucket.org/openid/connect/pull-requests/39/merging-cp-into-ca#comment-238238844)
Torsten Lodderstedt 2021-07-24
I still don’t understand the way uid is supposed to work and what attack angles it will prevent. To me, this cannot be more than a nonce since there is no relationship between the user’s identity at the IdA and at the IA.
Moreover, I don’t see what value it provides in the context of credential issuance.
Nat Sakimura 2021-08-09
We could potentially remove it after merging this PR. NB this PR is not to implement these changes. We MUST NOT for the purpose of clarity and traceablilty. We MUST implement these with separate issue number and associated PR. Not on this PR.
More information about the Openid-specs-ab
mailing list