[OpenID-Specs-eKYC-IDA] Issue #1154: Mention complementary security standards (OAuth mTLS, etc) (openid/ekyc-ida)
issues-reply at bitbucket.org
Sat Jan 18 11:42:23 UTC 2020
New issue 1154: Mention complementary security standards (OAuth mTLS, etc)
In a informal talk about IdA I mentioned that given the nature of the standard and the personal data it deals with, providers should require strong client authentication and client certificate-bound access tokens \(mTLS\) for the UserInfo endpoint.
I suppose it makes sense to mention this together with the applicable specs in a section at the bottom of the spec.
I’m not sure if this should be normative or just informational.
More information about the Openid-specs-ekyc-ida