1. OpenID Foundation Avatar OpenID Foundation
  2. WGs
  3. connect
  4. Issues

uid usage

Issue #1303 new
Edmund Jay created an issue

Comments from TL regarding for pull request #39

https://bitbucket.org/openid/connect/pull-requests/39/merging-cp-into-ca#comment-238238844

Torsten Lodderstedt 2021-07-24

I still don’t understand the way uid is supposed to work and what attack angles it will prevent. To me, this cannot be more than a nonce since there is no relationship between the user’s identity at the IdA and at the IA.

Moreover, I don’t see what value it provides in the context of credential issuance.

Nat Sakimura 2021-08-09

We could potentially remove it after merging this PR. NB this PR is not to implement these changes. We MUST NOT for the purpose of clarity and traceablilty. We MUST implement these with separate issue number and associated PR. Not on this PR.

Comments (0)

  1. Log in to comment
Assignee
Type
bug
Priority
major
Status
new
Component
Claims Aggregation
Milestone
Version
Votes
0
Watchers
1
Jira: the preferred issue tracker for Bitbucket. Join the team!