[Openid-specs-ab] Definition of Authentication
sakimura at gmail.com
Thu Nov 7 18:45:57 UTC 2013
Having seen the recent thread around client secret etc., I am confident
that we have problems with the current definition of Authentication.
Currently, it is:
AuthenticationProcess of verifying that an Entity is the owner of an
It is unclear what is "owner" etc., and is too hand-wavy. For example, what
is the owner of the identity in the case of Client Authentication?
We should adopt either ISO18014 or X.1252. I feel X.1252 is slightly
Process used to achieve sufficient confidence in the binding
between the entity and the presented identity
I Propose to adopt this definition.
Nat Sakimura (=nat)
Chairman, OpenID Foundation
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Openid-specs-ab