[Openid-specs-risc] openid/sharedsignals: Comment created on issue 207
github at oidf.org
github at oidf.org
Tue Feb 4 19:26:55 UTC 2025
openid/sharedsignals event
Issue Comment created on issue 207
Issue Title: Receivers should validate aud value in StreamConfiguration response
https://github.com/openid/sharedsignals/issues/207
Comment: > While Receivers are mandated to validate the audience value in SETs (due to [RFC7519, Section 4.1.3]), they are currently not required to validate the audience value in stream configurations returned by a Transmitter, e.g., in a stream creation response. FYI I just added a check for the first part to the conformance tests. In the `openid-ssf-transmitter-events` we now verify that the verification SET `aud` matches the `aud` from the stream, and produce a warning if that is not the case.  Is the reference [RFC7519, Section 4.1.3] okay, or should I use another reference here?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-risc/attachments/20250204/b9b48ada/attachment.htm>
More information about the Openid-specs-risc
mailing list