openid / connect / issues / #1335 - add a text how SIOP can be used for authentication and claim presentation — Bitbucket

Issue #1335 resolved

Kristina Yasuda created an issue 2021-09-09

We discussed at Sept-02-2021 SIOP call that there are 3 applications of SIOP v2. Suggest we add this in the SIOP v2 introduction.

To authenticate a user based on the self-attested signature
To present self-asserted claims
To present Third Party signed claims

I also summarized characteristics of such applications per same-device and cross-device flow that were discussed: https://hackmd.io/9MmHKXCBQvy2zghVoG3fXg?view

But per some feedback from the first implementers, I don’t think we have a consensus to put a language as strong as “usage of cross-device SIOP for authentication is not recommended“, nor per Stephane’s comment in Issue ~~#1269~~ (https://bitbucket.org/openid/connect/issues/1269/add-security-considerations-for-cross#comment-61098781) we have consensus to draw such a clear line between CD-SIOP and SM-SIOP.

‌

‌

SIOP_v2_usage.PNG

Comments (5)

Michael Jones
- changed status to open
Discussed on the 9-Sep-21 call
- 2021-09-09T14:48:41+00:00
Kristina Yasuda reporter
- assigned issue to
  
  Kristina Yasuda
- 2021-11-04T15:42:18+00:00
Kristina Yasuda reporter
I think we can resolve this issue since this has been addressed by updating the text of introduction, use-cases, scope sections in PR #68. Please let me know if it is not clear enough
- 2021-12-09T07:05:24+00:00
Kristina Yasuda reporter
@John Bradley agreed to review in 2021-12-08 SIOP special call
- 2021-12-16T05:16:11+00:00
Kristina Yasuda reporter
- changed status to resolved
addressed in the latest SIOP v2 draft
- 2022-01-22T01:28:01+00:00
Log in to comment

Assignee: Kristina Yasuda

Type: enhancement

Priority: major

Status: resolved

Component: SIOP

Milestone: –

Version: –

Votes: 0

Watchers: 1

Jira: the preferred issue tracker for Bitbucket. Join the team!