[Openid-specs-risc] openid/sharedsignals: Comment created on issue 207
github at oidf.org
github at oidf.org
Wed Feb 5 11:01:14 UTC 2025
openid/sharedsignals event
Issue Comment created on issue 207
Issue Title: Receivers should validate aud value in StreamConfiguration response
https://github.com/openid/sharedsignals/issues/207
Comment: @thomasdarimont I am not familiar with the conformance tests, but this looks to me like a test case for the Transmitter, i.e., validating that a Transmitter uses the same `aud` in (probably?) stream creation responses and (in this case: Verification) SETs. If that understanding is correct, then this test does not touch on what the security analysis originally pointed out: The SSF spec does not require the receiver of a stream configuration to validate that configuration's `aud`.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-risc/attachments/20250205/d9ecf3e8/attachment.htm>
More information about the Openid-specs-risc
mailing list