[WG-OTTO] OpenID Connect thread on Client Trust
mike at gluu.org
Tue Jan 26 12:36:55 CST 2016
There was a thread in the OpenID Connect mailing list today that is
relevant to our work:
As a related issue, the group talked about
the issue of bad client registering and users
granting access to them. Simply requiring developers
to register a client does not stop attackers.
It used to be easier for them to take other venues
but the proliferation of the second factor authenticator
and so on has pressured them to move to this direction
as well. This is a trust framework issue and what a
protocol can do is to provide a hook so that
the trust framework can make use of it.
More information about the WG-OTTO