I am working with a broad coalition of people across multiple industries to build a ubiquitous identity layer for the Internet.
- Redmond, Washington, USA
- https://self-issued.info/
Block or Report
Block or report selfissued
Contact GitHub support about this user’s behavior. Learn more about reporting abuse.
Report abusePopular repositories
-
oidcfederation Public
Forked from rohe/oidcfederation
A document that described how to do a multi lateral federation with OpenID Connect.
-
-
-
oidctest Public
Forked from rohe/oidctest
Test framework for testing OpenID Connect entities
Python 1
-
pyoidc Public
Forked from OpenIDC/pyoidc
A complete OpenID Connect implementation in Python
Python 1
-
176 contributions in the last year
Contribution activity
May 2022
Created 2 commits in 2 repositories
Created 1 repository
Opened 5 pull requests in 4 repositories
oauthstuff/draft-selective-disclosure-jwt
2
open
oauthstuff/draft-ietf-oauth-security-topics
1
open
json-web-proofs/json-web-proofs
1
merged
jwk-thumbprint-uri/jwk-thumbprint-uri
1
merged
Reviewed 4 pull requests in 3 repositories
json-web-proofs/json-web-proofs
2 pull requests
oauthstuff/draft-selective-disclosure-jwt
1 pull request
jwk-thumbprint-uri/jwk-thumbprint-uri
1 pull request
Created an issue in oauthstuff/draft-ietf-oauth-security-topics that received 1 comment
Confusing reference "(see Attackers A1 and A5)"
https://tools.ietf.org/id/draft-ietf-oauth-security-topics-19.html#section-4.9.1 says "(see Attackers A1 and A5)". I have no idea what this is refe…
Opened 17 other issues in 2 repositories
oauthstuff/draft-ietf-oauth-security-topics
15
open
- What is the "functional specification"?
- Alphabetize Acknowledgements
- Acknowledgment for Tim Würtele clearly wrong
- Term "clickjacking" used without being defined
- Example of Client as Open Redirector?
- What are "CSRF tokens"?
- Explain how "nonce" and "at_hash" are a countermeasure against access token injection
- Token binding reference missing
- Update references to refer to current drafts, especially for new RFCs
- Quizzical "sub" claim reference
- Use standard OpenID citation tags
- List JWT Access Token "aud" claim as a means of audience restriction
- Include DPoP as a means of sender-constraining tokens
- Overreaching statement about access tokens in the implicit flow
- Unconditional AS support for PKCE is overkill

