[OpenID-Specs-eKYC-IDA] Issue #1154: Mention complementary security standards (OAuth mTLS, etc) (openid/ekyc-ida)
torsten at lodderstedt.net
Sat Jan 18 11:46:55 UTC 2020
I think this makes sense. I would envision FAPI to be the counterpart of IDA re security of the authorization/authentication process.
> Am 18.01.2020 um 12:42 schrieb Vladimir Dzhuvinov via Openid-specs-ekyc-ida <openid-specs-ekyc-ida at lists.openid.net>:
> New issue 1154: Mention complementary security standards (OAuth mTLS, etc)
> Vladimir Dzhuvinov:
> In a informal talk about IdA I mentioned that given the nature of the standard and the personal data it deals with, providers should require strong client authentication and client certificate-bound access tokens \(mTLS\) for the UserInfo endpoint.
> I suppose it makes sense to mention this together with the applicable specs in a section at the bottom of the spec.
> I’m not sure if this should be normative or just informational.
> Openid-specs-ekyc-ida mailing list
> Openid-specs-ekyc-ida at lists.openid.net
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 2367 bytes
Desc: not available
More information about the Openid-specs-ekyc-ida