[Openid-specs-risc] openid/sharedsignals: Comment created on issue 172
github at oidf.org
github at oidf.org
Fri May 24 14:06:49 UTC 2024
openid/sharedsignals event
Issue Comment created on issue 172
Issue Title: Add SHOULD language about checking the issuer value
https://github.com/openid/sharedsignals/pull/172
Comment: > Along with this, the receivers MUST validate `iss` claims on every SSF event delivered on the stream @appsdesh I agree that Receivers ought to validate the `iss` claim in the SET, but is there a specific attack that you are imagining that can only be countered this way?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-risc/attachments/20240524/ee4b4d46/attachment.html>
More information about the Openid-specs-risc
mailing list