[Openid-specs-ab] Issue #1203: sub_jwk when sub is DID in SIOP (openid/connect)

Kristina Yasuda issues-reply at bitbucket.org
Mon Feb 1 07:19:32 UTC 2021


New issue 1203: sub_jwk when sub is DID in SIOP
https://bitbucket.org/openid/connect/issues/1203/sub_jwk-when-sub-is-did-in-siop

Kristina Yasuda:

When sub is a DID, keys are retrieved from DID Document, so sub\_jwk should be optional. sub\_jwk would remain required when sub is jwk thumbprint. 

If sub\_jwk is included when sub is a DID, it could be used to compare whether verification method from the DID Document matches the kid of sub\_jwk, but this is not a must protection.





More information about the Openid-specs-ab mailing list