Re: [webrtc-pc] Specifying third party IdP for validating assertion

This is correct, but I'm not seeing an issue here.  Yes, one origin can produce an assertion that is validated by a different origin.  Yes, the browser that is used to produce an assertion doesn't validate that assertion (it's not the relying party).

This might sound like a problem, but it isn't.  You can read about why if you dig into SIGMA, and draft-ietf-mmusic-sdp-uks contains a more direct description of the problems that arise from this (and defenses you need).

GitHub Notification of comment by martinthomson
Please view or discuss this issue at using your GitHub account

Received on Tuesday, 19 June 2018 06:26:11 UTC