[OpenID-Specs-eKYC-IDA] Issue #1154: Mention complementary security standards (OAuth mTLS, etc) (openid/ekyc-ida)

Vladimir Dzhuvinov issues-reply at bitbucket.org
Sat Jan 18 11:42:23 UTC 2020

New issue 1154: Mention complementary security standards (OAuth mTLS, etc)

Vladimir Dzhuvinov:

In a informal talk about IdA I mentioned that given the nature of the standard and the personal data it deals with, providers should require strong client authentication and client certificate-bound access tokens \(mTLS\) for the UserInfo endpoint.

I suppose it makes sense to mention this together with the applicable specs in a section at the bottom of the spec.

I’m not sure if this should be normative or just informational.

More information about the Openid-specs-ekyc-ida mailing list