[Openid-specs-fapi] Issue #200: CIBA: Signed Authentication Request (openid/fapi)
issues-reply at bitbucket.org
Fri Dec 21 10:30:48 UTC 2018
New issue 200: CIBA: Signed Authentication Request
The new CIBA core profile defines a signed authentication request. Should this be mandated by the FAPI profile?
As it is a backchannel request and we require strong client auth for this endpoint, there probably isn't a strong security reason to require it.
- non-repudiation? it this a real need?
- guarantees that pairwise identifiers can be used in poll / ping mode
More information about the Openid-specs-fapi