Skip to content
This repository was archived by the owner on Apr 13, 2022. It is now read-only.

Commit 0fa853b

Browse files
jaxoncreedjaxoncreed
committed
Ruben fixes
1 parent 0f24e25 commit 0fa853b

File tree

2 files changed

+8
-7
lines changed

2 files changed

+8
-7
lines changed

README.md

+3-2
Original file line numberDiff line numberDiff line change
@@ -43,7 +43,8 @@ See also: [Motivation for WebID-OIDC](motivation.md).
4343
### Benefits and Capabilities
4444

4545
* Fully decentralized cross-domain authentication (any peer node can serve as
46-
an identity provider as well as a relying party to any other node) made possible by [PoP Tokens](https://tools.ietf.org/html/rfc7800).
46+
an identity provider as well as a relying party to any other node) made possible by
47+
[Proof of Posession (PoP) Tokens](https://tools.ietf.org/html/rfc7800).
4748
* Builds on decades of real-world authentication industry experience
4849
* Incorporates lessons from, and fixes to threat models of: SAML, OpenID and
4950
OpenID 2, OAuth and OAuth 2. See, for example, [RFC 6819 - OAuth 2.0 Threat
@@ -306,7 +307,7 @@ that profile, she would add the following triple to her profile:
306307

307308
#### The Problem
308309

309-
Unlike standard implementations of OIDC, WebID-OIDC must deal with a number of RSs many of which the OP will not know about. OIDC defines the `aud` claim which defines the RSs for which a token can be used.
310+
WebID-OIDC must deal with a number of RSs many of which the OP will not know about. OIDC defines the `aud` claim which defines the RSs for which a token can be used.
310311

311312
However, given Solid's use case, a token should be usable for any RS so the user may federate a query across multiple Pods, so the `aud`ience cannot be constrained. Yet, an unconstrained `aud`ience opens up the possibility of token stealing. In this case, a user sends a request to `evilPod.example`. The Pod returns the requested information, but now has the user's token and may pretend to be the user on any other Pod in the world.
312313

application-workflow-detailed.md

+5-5
Original file line numberDiff line numberDiff line change
@@ -223,11 +223,11 @@ POST https://secureauth.example/register
223223
Data:
224224
```json
225225
{
226-
grant_types: ["implicit"]
227-
issuer: "https://secureauth.example"
228-
redirect_uris: ["https://www.decentphotos.example/"]
229-
response_types: ["id_token token"]
230-
scope: "openid profile"
226+
"grant_types": ["implicit"],
227+
"issuer": "https://secureauth.example",
228+
"redirect_uris": ["https://www.decentphotos.example/"],
229+
"response_types": ["id_token token"],
230+
"scope": "openid profile"
231231
}
232232
```
233233

0 commit comments

Comments
 (0)