[WG-OTTO] OpenID Connect thread on Client Trust

Mike Schwartz mike at gluu.org
Tue Jan 26 12:36:55 CST 2016


There was a thread in the OpenID Connect mailing list today that is 
relevant to our work:

   As a related issue, the group talked about
   the issue of bad client registering and users
   granting access to them. Simply requiring developers
   to register a client does not stop attackers.
   It used to be easier for them to take other venues
   but the proliferation of the second factor authenticator
   and so on has pressured them to move to this direction
   as well. This is a trust framework issue and what a
   protocol can do is to provide a hook so that
   the trust framework can make use of it.

- Mike

More information about the WG-OTTO mailing list