[Openid-specs-ab] Definition of Authentication

Anthony Nadalin tonynad at microsoft.com
Thu Nov 7 18:54:31 UTC 2013


Good choice

From: openid-specs-ab-bounces at lists.openid.net [mailto:openid-specs-ab-bounces at lists.openid.net] On Behalf Of Mike Jones
Sent: Thursday, November 7, 2013 10:49 AM
To: Nat Sakimura; openid-specs-ab at lists.openid.net
Subject: Re: [Openid-specs-ab] Definition of Authentication

That sounds OK with me.

From: openid-specs-ab-bounces at lists.openid.net<mailto:openid-specs-ab-bounces at lists.openid.net> [mailto:openid-specs-ab-bounces at lists.openid.net] On Behalf Of Nat Sakimura
Sent: Thursday, November 07, 2013 10:46 AM
To: openid-specs-ab at lists.openid.net<mailto:openid-specs-ab at lists.openid.net>
Subject: [Openid-specs-ab] Definition of Authentication

Having seen the recent thread around client secret etc., I am confident that we have problems with the current definition of Authentication.

Currently, it is:

Authentication
Process of verifying that an Entity is the owner of an Identity.


It is unclear what is "owner" etc., and is too hand-wavy. For example, what is the owner of the identity in the case of Client Authentication?

We should adopt either ISO18014 or X.1252. I feel X.1252 is slightly better.

It is:

Process used to achieve sufficient confidence in the binding
between the entity and the presented identity

I Propose to adopt this definition.


--
Nat Sakimura (=nat)
Chairman, OpenID Foundation
http://nat.sakimura.org/
@_nat_en
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20131107/58de7276/attachment.html>


More information about the Openid-specs-ab mailing list