[Openid-specs-mobile-profile] Issue #97: CIBA - Clarify privacy issues with login_hint_token and discovery service (openid/mobile)
Dave Tonge
issues-reply at bitbucket.org
Tue Oct 16 14:57:17 UTC 2018
New issue 97: CIBA - Clarify privacy issues with login_hint_token and discovery service
https://bitbucket.org/openid/mobile/issues/97/ciba-clarify-privacy-issues-with
Dave Tonge:
John brought up the point that for CIBA use cases, the user would have to give the RP an identifier to pass to the discovery service. Therefore its unlikely to bring any privacy benefits to CIBA from using an encrypted login_hint_token from a discovery service.
We should update the draft to reflect this.
Responsible: dgtonge
More information about the Openid-specs-mobile-profile
mailing list