[Openid-specs-ab] Use of shared secret for Symmetric signatures

Lai Xin Chu xinchu at ohanae.com
Wed May 30 11:00:44 UTC 2012


Hi all,

 

I am currently working on an implementation of the OpenID Connect server
based on the latest working draft.

 

I would like to make a suggestion for Section 4.3 of OpenID Connect Messages
1.0:

http://openid.net/specs/openid-connect-messages-1_0.html#sigs

 

For Symmetric Signatures, perhaps it would be useful to define how the
shared secret can be used to derive the secret key for generating the HMAC
signature (eg. By obtaining the UTF-8 character encoding of the shared
secret) since a shared secret established between a client and server will
be expected to be in text format.

 

 

Thanks & Best Regards,

Xin Chu

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20120530/3b81e1cd/attachment.html>


More information about the Openid-specs-ab mailing list