Hi experts, I'm afraid that this question has been discussed ,but I can't found that.
"10. Responding to Authentication Requests" of Auth 2.0 Final says: OPs SHOULD use private associations for signing unsolicited positive assertions. I'd like to know the reason why "SHOULD is used rather than "MAY". Is there any security threat if we don't use private associations Thanks in advance. ----- hdknr.com _______________________________________________ specs mailing list [email protected] http://lists.openid.net/mailman/listinfo/openid-specs
