[Openid-specs-ab] identifier rotation

Nat Sakimura sakimura at gmail.com
Fri Mar 15 07:52:58 UTC 2013


Well, just by looking at key rotation, it reminded me of the project that I
did a few years ago for identifier rotation.
User ID rotation is not that hard.
Issuer rotation was a bit more tricky. Basically, what I did was to have
the old issuer sign the both old and new issuer identifier and include it
in the new issuer's assertion.

My 2c at 3:52am.

-- 
Nat Sakimura (=nat)
Chairman, OpenID Foundation
http://nat.sakimura.org/
@_nat_en
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20130315/b4f03435/attachment.html>


More information about the Openid-specs-ab mailing list