Two Identifiers - no caching advantage
Pete Rowley
prowley at redhat.com
Thu Oct 19 17:39:48 UTC 2006
Dick Hardt wrote:
> My key point is that the IdP cannot trust the discovery done by the
> RP since what the request is unsigned and may have been modified
> between the RP and the IdP.
>
Yep. Though trusting RPs for _anything_ is a bad idea. Users necessarily
need to trust IdP's, the IdP's should protect them from the RPs.
--
Pete
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3241 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.openid.net/pipermail/openid-specs/attachments/20061019/79043fac/attachment-0002.bin>
More information about the specs
mailing list