- changed component to CIBA
CIBA signed result objects?
Issue #55
resolved
Should we - at least - recommend that the OP signs the authentication result object? Here: https://xml2rfc.tools.ietf.org/cgi-bin/xml2rfc.cgi?Submit=Submit&format=ascii&mode=html&type=ascii&url=https://bitbucket.org/openid/mobile/raw/tip/draft-mobile-client-initiated-backchannel-authentication.xml?at=default#successful_authentication_request_acknowdlegment
Comments (3)
-
reporter -
reporter - assigned issue to
-
- changed status to resolved
In the push mode the ID Token is signed and has the authn request id and hashes of the AT and RT that ties it all together. Other results are in HTTPS responses from the server which is server authentication TLS.
#127has some more explanation. - Log in to comment