[Openid-specs-mobile-profile] Issue #60: MODRNA Authentication Profile: Improving description in section 9 "Security Considerations" (openid/mobile)

Gonzalo Fernández issues-reply at bitbucket.org
Sun Sep 24 09:50:17 UTC 2017


New issue 60: MODRNA Authentication Profile: Improving description in section 9 "Security Considerations"
https://bitbucket.org/openid/mobile/issues/60/modrna-authentication-profile-improving

Gonzalo Fernández:

The second part of the first paragraph said: "The signature allows the OP to authenticate and authorize the sender of the hint and prevent collecting of phone numbers by rogue clients".

It is not the signature which prevents collecting of phone numbers but the fact that the login_hint_token is encrypted. So I think the right sentence would be "The login_hint_token allows the OP ......"

Do you agree?

Responsible: Eisiphone


More information about the Openid-specs-mobile-profile mailing list