Android Application Question

Marc Boorshtein mboorshtein at
Wed Jan 4 16:38:24 EST 2017

> The problem is that scaling RPs without giving up authenticating them
> requires public keys and trust management. They have not accepted that and
> the RPs will never support it. Thus, no scaling. Of course, if you
> eliminate authentication of the RP, yes, you can do it. Lots of people,
> probably most, are fine with that.
Got it.  I guess it depends on the situation.  All our RPs are via SAML and
we require signed authn requests.  We just use OIDC for authenticating
users back to their primary source.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the users mailing list