search

openid / sharedsignals

OpenID Shared Signals Working Group Repository
55 stars 14 forks source link

Added language requiring authorization of stream management API #173

Closed FragLegs closed 5 months ago

FragLegs commented 6 months ago

To address the attacks proposed in #161 and #160, this PR adda a paragraph indicating that all Stream Management API endpoints must use authorization that associates stream IDs with a specific Receiver, unless some other method of trust is established.

FragLegs commented 5 months ago

Update RFC2818 and RFC7235 to RFC9110