[Openid-specs-ab] well-known location for sector_identifier_uri

John Bradley ve7jtb at ve7jtb.com
Tue Mar 15 14:36:56 UTC 2016


They would all need to provide the same sector_identifier_uri during registration.

The file at the sector identifier would need to contain both redirect URI.

This is under the control of the RP to show that the sites are related.   You don’t want any site to be able to use your sector identifier to do correlation.

The AS could have some administrative rule that sites are related and override the logic but that is likely not to be manageable over time.

John B.


> On Mar 14, 2016, at 1:30 PM, Mike Schwartz <mike at gluu.org> wrote:
> 
> James,
> 
> In the Gluu Server we just implemented interfaces to make it easier for domain admins to publish sector_identifier_uri's. How could a single sector_identifier_uri work if you have multiple partners which you want to issue distinct pairwise identifiers?
> 
> - Mike
> 
> 
> -------------------------------------
> Michael Schwartz
> Gluu
> Founder / CEO
> 
> _______________________________________________
> Openid-specs-ab mailing list
> Openid-specs-ab at lists.openid.net
> http://lists.openid.net/mailman/listinfo/openid-specs-ab

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4326 bytes
Desc: not available
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20160315/9dc150a1/attachment.p7s>


More information about the Openid-specs-ab mailing list