-
-
Notifications
You must be signed in to change notification settings - Fork 2
FAQ
Martin Paljak edited this page Mar 5, 2017
·
5 revisions
Short answer: it is a small specification, that defines a profile and interpretation rules of an OpenID ID token, which itself is a profile of JWT (JSON Web Token). Long answer: TBD
- Remove the need for special server/loadbalancer/proxy configuration (request client certificates, validate them etc), which does not really scale multiple providers nor is available in cloud environments
- Provide a better and more flexible UX compared to traditional browser-facilitated TLS client certificate authentication, when things go wrong (PIN gets blocked, card is not available etc): http://imgur.com/a/Gjhbr
- Pave way for possible integrations on mobile platforms, that usually lack needed support for hardware tokens in the first place and depend on an interchangeable token format
- To make the authentication step and subsequent session management a more explicit part of application development phase
- TBA