From: email@example.com [mailto:firstname.lastname@example.org] On Behalf Of Roland Hedberg Sent: Saturday, January 26, 2013 9:12 AM To: email@example.com Group Subject: [Openid-specs-ab] Default OpenID Request Object signing algorithm
in the change log for the discovery document under -09 it says:
- Changed default OpenID Request Object signing algorithm to RS256, per issue
In no later version changes is this default mention, still it's absent from the document. It just says: "Servers SHOULD support none and RS256."
So, how should it be; should there be a default.