[Openid-specs-ab] client_update in Regsitration

Nat Sakimura sakimura at gmail.com
Thu May 17 03:11:13 UTC 2012


Hi

I have a question wrt the type=client_update in the registration spec.

How is the client authenticated for update?
Unless it is authenticated, the registration values such as redirect_uris
can be overwritten by an attacker.


-- 
Nat Sakimura (=nat)
Chairman, OpenID Foundation
http://nat.sakimura.org/
@_nat_en
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20120517/b6114a0b/attachment.html>


More information about the Openid-specs-ab mailing list