| Issue 127: | Add capability to impose minimum version limit on the remote end of an OpenID message | |
| Back to list |
Sign in to add a comment
|
An OP or RP site may want to require OpenID 2.0 support on the remote end of an authentication attempt. For example, yahoo.com requires 2.0 RPs. Although DotNetOpenId offers additional security on top of OpenID 1.x authentications to make requiring 2.0 on the far end less necessary, there are still scenarios where it may be desirable. |
||||||||||||
,
Aug 18, 2008
Fixed by adding the following members: DotNetOpenId.Provider.IAuthenticationRequest.RelyingPartyVersion DotNetOpenId.RelyingParty.SecuritySettings.MinimumRequiredOpenIdVersion.
Status: Fixed
|
|||||||||||||
,
Aug 19, 2008
Reactivating since the RP can probably be fooled simply by the discovery endpoint information that says '2.0' even though the Provider is 1.x and it would still work. We need to investigate this.
Status: Started
|
|||||||||||||
,
Aug 19, 2008
(No comment was entered for this change.)
Labels: -release-3.0 Release-2.4
|
|||||||||||||
,
Aug 19, 2008
Fixed hole where a Provider could slip through the 2.0 requirement filter by merely advertising support where it doesn't exist.
Status: Fixed
|
|||||||||||||
 Sign in to add a comment
|
|||||||||||||
