[Openid-specs-mobile-profile] Issue 52 CIBA Pairwise Identifiers Structuring Text
Manger, James
James.H.Manger at team.telstra.com
Wed Jun 14 04:28:31 UTC 2017
Axel,
> What are the threats if all client metadata is validated at registration time and all CIBA requests are authenticated?
- BadClient is not able to register for the same sector_identifier_uri as GoodPollingClient (regardless of CIBA or OIDC) This is nothing bad introduced by CIBA.
This is your mistake.
Multiple clients can register the same sector_identifier_uri — that is the whole point of the sector_id concept (grouping multiple apps). The issue is how does the registration system distinguish BadClient from OtherGoodPollingClient when both register the same sector_id?
--
James Manger
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-mobile-profile/attachments/20170614/c1834b54/attachment.html>
More information about the Openid-specs-mobile-profile
mailing list