[Openid-specs-fapi] Issue #200: CIBA: Signed Authentication Request (openid/fapi)

Dave Tonge issues-reply at bitbucket.org
Fri Dec 21 10:30:48 UTC 2018


New issue 200: CIBA: Signed Authentication Request
https://bitbucket.org/openid/fapi/issues/200/ciba-signed-authentication-request

Dave Tonge:

The new CIBA core profile defines a signed authentication request. Should this be mandated by the FAPI profile?

As it is a backchannel request and we require strong client auth for this endpoint, there probably isn't a strong security reason to require it. 

Advantages are:

 - non-repudiation? it this a real need? 
 - guarantees that pairwise identifiers can be used in poll / ping mode




More information about the Openid-specs-fapi mailing list