[Openid-specs-ab] Use of shared secret for Symmetric signatures
Lai Xin Chu
xinchu at ohanae.com
Wed May 30 11:00:44 UTC 2012
I am currently working on an implementation of the OpenID Connect server
based on the latest working draft.
I would like to make a suggestion for Section 4.3 of OpenID Connect Messages
For Symmetric Signatures, perhaps it would be useful to define how the
shared secret can be used to derive the secret key for generating the HMAC
signature (eg. By obtaining the UTF-8 character encoding of the shared
secret) since a shared secret established between a client and server will
be expected to be in text format.
Thanks & Best Regards,
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Openid-specs-ab