Add requirement about segmentation of SSO identities #2150
Labels
1) Discussion ongoing
Issue is opened and assigned but no clear proposal yet
V2
V51
Group issues related to OAuth
_5.0 - prep
This needs to be addressed to prepare 5.0
In the context of OpenID Connect, I was wondering whether a requirement mandating that user identities from different IdPs are properly separated i.e. that a IdP cannot spoof a user from another IdP. This is actually relevant for any SSOs and might go into V2.
Original wording:
Alternative wording:
The wording should reject unintended/malicious spoofing of user identities but still allow cases where the sharing of user identities between different IdP is intended / by design.
The text was updated successfully, but these errors were encountered: