[Openid-specs-mobile-profile] Issue #60: MODRNA Authentication Profile: Improving description in section 9 "Security Considerations" (openid/mobile)
Gonzalo Fernández
issues-reply at bitbucket.org
Sun Sep 24 09:50:17 UTC 2017
New issue 60: MODRNA Authentication Profile: Improving description in section 9 "Security Considerations"
https://bitbucket.org/openid/mobile/issues/60/modrna-authentication-profile-improving
Gonzalo Fernández:
The second part of the first paragraph said: "The signature allows the OP to authenticate and authorize the sender of the hint and prevent collecting of phone numbers by rogue clients".
It is not the signature which prevents collecting of phone numbers but the fact that the login_hint_token is encrypted. So I think the right sentence would be "The login_hint_token allows the OP ......"
Do you agree?
Responsible: Eisiphone
More information about the Openid-specs-mobile-profile
mailing list