[Openid-specs-mobile-profile] Issue #97: CIBA - Clarify privacy issues with login_hint_token and discovery service (openid/mobile)

Dave Tonge issues-reply at bitbucket.org
Tue Oct 16 14:57:17 UTC 2018


New issue 97: CIBA - Clarify privacy issues with login_hint_token and discovery service
https://bitbucket.org/openid/mobile/issues/97/ciba-clarify-privacy-issues-with

Dave Tonge:

John brought up the point that for CIBA use cases, the user would have to give the RP an identifier to pass to the discovery service. Therefore its unlikely to bring any privacy benefits to CIBA from using an encrypted login_hint_token from a discovery service.

We should update the draft to reflect this.

Responsible: dgtonge


More information about the Openid-specs-mobile-profile mailing list