[Openid-specs-ab] Processing sector_identifier_uri values

Justin Richer jricher at mitre.org
Thu Oct 31 14:16:33 UTC 2013


How about language that says the sector identifier would be pulled down 
at registration and heavily cached.

  -- Justin


On 10/29/2013 08:59 PM, Mike Jones wrote:
>
> In his review of Registration, George wrote the following about 
> http://openid.net/specs/openid-connect-registration-1_0-20.html#SectorIdentifierValidation:
>
> It seems like there is some pretty complicated OP logic required to 
> process the sector_identifier_uri.
>
> Given that the the list of allowed redirect_uris in the JSON file can 
> change at any time! the OP would
>
> need to pull the file and verify that the current client redirect_uri 
> is still present in the list. That is too much
>
> over head to do at token issuance. Should we have some guidance that 
> redirect_uris can be added to the
>
> sector_identifier_uri file but SHOULD NOT be removed. Removing a 
> redirect_uri from the file results in
>
> undefined behavior? With this guidance the OP can do all the necessary 
> checking at client registration
>
> time which seems reasonable.
>
> It's always been my assumption that the sector_identifier_uri is 
> validated once at registration time and never fetched again.  If 
> people agree, I think we should say that.
>
> -- Mike
>
>
>
> _______________________________________________
> Openid-specs-ab mailing list
> Openid-specs-ab at lists.openid.net
> http://lists.openid.net/mailman/listinfo/openid-specs-ab

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20131031/c537dc83/attachment.html>


More information about the Openid-specs-ab mailing list