[Openid-specs-ab] Definition of Authentication
Michael.Jones at microsoft.com
Thu Nov 7 18:49:06 UTC 2013
That sounds OK with me.
From: openid-specs-ab-bounces at lists.openid.net [mailto:openid-specs-ab-bounces at lists.openid.net] On Behalf Of Nat Sakimura
Sent: Thursday, November 07, 2013 10:46 AM
To: openid-specs-ab at lists.openid.net
Subject: [Openid-specs-ab] Definition of Authentication
Having seen the recent thread around client secret etc., I am confident that we have problems with the current definition of Authentication.
Currently, it is:
Process of verifying that an Entity is the owner of an Identity.
It is unclear what is "owner" etc., and is too hand-wavy. For example, what is the owner of the identity in the case of Client Authentication?
We should adopt either ISO18014 or X.1252. I feel X.1252 is slightly better.
Process used to achieve sufficient confidence in the binding
between the entity and the presented identity
I Propose to adopt this definition.
Nat Sakimura (=nat)
Chairman, OpenID Foundation
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Openid-specs-ab