[Openid-specs-ab] Issue #1445: Add section on use of Resolvers (openid/connect)
tlodderstedt
issues-reply at bitbucket.org
Sat Feb 26 12:51:30 UTC 2022
New issue 1445: Add section on use of Resolvers
https://bitbucket.org/openid/connect/issues/1445/add-section-on-use-of-resolvers
Torsten Lodderstedt:
As discussed in issue #1432, the new “Resolve Entity Statement“ introduces a very valuable additional function without considering the impact on trust model and security. Those must be clearly discussed along with advise for implementers, otherwise the resolver function may be the cause of security flaws in actual deployments.
Topics should include:
* pros and cons
* trust model
* security advise
More information about the Openid-specs-ab
mailing list