[Openid-specs-ab] identifier rotation
sakimura at gmail.com
Fri Mar 15 07:52:58 UTC 2013
Well, just by looking at key rotation, it reminded me of the project that I
did a few years ago for identifier rotation.
User ID rotation is not that hard.
Issuer rotation was a bit more tricky. Basically, what I did was to have
the old issuer sign the both old and new issuer identifier and include it
in the new issuer's assertion.
My 2c at 3:52am.
Nat Sakimura (=nat)
Chairman, OpenID Foundation
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Openid-specs-ab