Gabriel Corona

@TobiasAhnoff, OK for me. I'd want to add "always" here: > Verify that the authorization server ensures that the user consents to each authorization request. If the identity of the...

> Why am I asking about this? I argued in this [project´s IdentityAndConsent WG](https://github.com/camaraproject/IdentityAndConsentManagement) that id_token_hint is superior to login_hint, because the IdP can validate the signature of the id_token...

> CIBA does sent the id_token_hint through the front-channel and security and privacy concerns stated by @randomstuff do not apply, right? Oh, yes you are right! :+1:

An API for talking to Unix Domain Socket would be nice as well. I was trying to replace some lua script which talks to journald (through `/run/systemd/journal/socket`, a `SOCK_DGRAM` socket)...

I think 14.2.4, 14.2.5 and 14.2.5 are important (with some remarks). > 14.2.1 Verify that all components are up to date, preferably using a dependency checker during build or compile...

What would be nice is to have a simple web-based form with some questions about your application which would automatically filter out the requirements for you. This would require associating...

Yes, I agree that, it would probably be a separate project / extension to the main project.

Maybe [WebAuth](https://www.w3.org/TR/webauthn/) support?

WebAuthn is supposed to be a (very new) standard for token based authentication: using something like a authentication USB/BlueTooth device to handle stronger/two-factor authentication AFAIU. I didn't get time to...

Yes, for example. You're supposed to be able to use a smartphone instead. Apparently there's supposed to be a software token implemented in Firefox (webauthn_enable_softtoken). I didn't manage to get...