elf-pavlik
commented
1 month ago Could you please add a specific use case?
OIDC Issuer, as the Identity Provider, has the highest user trust since it can authenticate anything as the user, in contrast to apps with the lowest trust and can only do precisely what the user explicitly authorized them to do.
The idea that a service could perform illegal activities was original raised in:
https://github.com/solid/webid-profile/pull/118#issuecomment-2408175673