[OpenID-Specs-eKYC-IDA] Issue #1154: Mention complementary security standards (OAuth mTLS, etc) (openid/ekyc-ida)

Vladimir Dzhuvinov issues-reply at bitbucket.org
Sat Jan 18 11:42:23 UTC 2020


New issue 1154: Mention complementary security standards (OAuth mTLS, etc)
https://bitbucket.org/openid/ekyc-ida/issues/1154/mention-complementary-security-standards

Vladimir Dzhuvinov:

In a informal talk about IdA I mentioned that given the nature of the standard and the personal data it deals with, providers should require strong client authentication and client certificate-bound access tokens \(mTLS\) for the UserInfo endpoint.

I suppose it makes sense to mention this together with the applicable specs in a section at the bottom of the spec.

I’m not sure if this should be normative or just informational.




More information about the Openid-specs-ekyc-ida mailing list