[Openid-specs-fapi] Issue #200: CIBA: Signed Authentication Request (openid/fapi)
Dave Tonge
issues-reply at bitbucket.org
Fri Dec 21 10:30:48 UTC 2018
New issue 200: CIBA: Signed Authentication Request
https://bitbucket.org/openid/fapi/issues/200/ciba-signed-authentication-request
Dave Tonge:
The new CIBA core profile defines a signed authentication request. Should this be mandated by the FAPI profile?
As it is a backchannel request and we require strong client auth for this endpoint, there probably isn't a strong security reason to require it.
Advantages are:
- non-repudiation? it this a real need?
- guarantees that pairwise identifiers can be used in poll / ping mode
More information about the Openid-specs-fapi
mailing list