- changed component to CIBA
CIBA - Clarify privacy issues with login_hint_token and discovery service
John brought up the point that for CIBA use cases, the user would have to give the RP an identifier to pass to the discovery service. Therefore its unlikely to bring any privacy benefits to CIBA from using an encrypted login_hint_token from a discovery service.
We should update the draft to reflect this.
Comments (8)
-
-
- changed milestone to CIBA Implementer's Draft
-
reporter I think this can also go in the mobile profile rather than the core profile
-
- changed component to MODRNA Profile CIBA
- removed milestone
-
- changed milestone to Implementer's Draft
John brought up the point that for CIBA use cases, the user would have to give the RP an identifier to pass to the discovery service. Therefore its unlikely to bring any privacy benefits to CIBA from using an encrypted login_hint_token from a discovery service.
We should update the draft to reflect this.
-
reporter This is not addressed by the current draft - I will add text
-
reporter -
reporter - changed status to resolved
PR has been merged
- Log in to comment