[Openid-specs-ab] Issue #1203: sub_jwk when sub is DID in SIOP (openid/connect)
Kristina Yasuda
issues-reply at bitbucket.org
Mon Feb 1 07:19:32 UTC 2021
New issue 1203: sub_jwk when sub is DID in SIOP
https://bitbucket.org/openid/connect/issues/1203/sub_jwk-when-sub-is-did-in-siop
Kristina Yasuda:
When sub is a DID, keys are retrieved from DID Document, so sub\_jwk should be optional. sub\_jwk would remain required when sub is jwk thumbprint.
If sub\_jwk is included when sub is a DID, it could be used to compare whether verification method from the DID Document matches the kid of sub\_jwk, but this is not a must protection.
More information about the Openid-specs-ab
mailing list