[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [imi] Question regarding encryption
In my envisaged scenario the user would sign an RP defined message and transmit it to the IdP. The IdP adds the signed message and the users public key as additional claims to the token. I think this could solve the mentioned issues. The IdP does not know the RP and the RP can be sure that the user is the stated one. Replay attacks are also not possible because of the signed message which can be seen as a HoK proof. The only problem is, that this is not possible with the current spec. kind regards, Mario -- Mario Ivkovic A-SIT, Secure Information Technology Center - Austria Inffeldgasse 16a, A-8010 Graz, Austria Tel.: +43 (316) 873-5528 Fax.: +43 (316) 873-105521 Mario.Ivkovic@a-sit.at
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]