[Openid-specs-ab] What does "Token Request" refer to in the Signatures and Encryption section?

Breno de Medeiros breno at google.com
Fri Oct 11 14:19:38 UTC 2013


I believe Token Request here refers to 'response_type=token' authorization
requests, and is speculative since se have no prescriptive mechanism for
signing such requests.
On Oct 11, 2013 4:33 AM, "Brian Campbell" <bcampbell at pingidentity.com>
wrote:

> Delete 'em.
>
>
> On Fri, Oct 11, 2013 at 1:07 AM, n-sakimura <n-sakimura at nri.co.jp> wrote:
>
>>  I am fine with it.
>>
>> Nat
>>
>>
>> (2013/10/11 8:21), Mike Jones wrote:
>>
>>  http://openid.net/specs/openid-connect-core-1_0-12.html#sigenc says:
>>
>>
>>
>> Depending on the transport through which the messages are sent, the
>> integrity of the message might not be guaranteed and the originator of the
>> message might not be authenticated. To mitigate these risks, Request
>> Object, Token Request, ID Token, and UserInfo Response values MAY
>> utilize [JWS] to sign the contents.
>>
>> To achieve message confidentiality, Request Object, Token Request, ID
>> Token, and UserInfo Response values MAY use [JWE] to encrypt the content.
>>
>> A Token Request, used other places in the spec, just refers to a request
>> made to the Token Endpoint - which I know of no way to sign or encrypt.  We
>> do say how you can sign a JWT used with the private_key_jwt client
>> authentication method, but that’s about as close to a match as I could come
>> up with.
>>
>>
>>
>> Should I just delete these odd uses of Token Request, or does someone
>> want to supply alternative wording that makes sense?
>>
>>
>>
>>                                                                 Thanks,
>>
>>                                                                 -- Mike
>>
>>
>>
>>
>> _______________________________________________
>> Openid-specs-ab mailing listOpenid-specs-ab at lists.openid.nethttp://lists.openid.net/mailman/listinfo/openid-specs-ab
>>
>>
>>
>> --
>> Nat Sakimura (n-sakimura at nri.co.jp)
>> Nomura Research Institute, Ltd.
>> Tel:+81-3-6274-1412 Fax:+81-3-6274-1547
>>
>> 本メールに含まれる情報は機密情報であり、宛先に記載されている方のみに送信することを意図しております。意図された受取人以外の方によるこれらの情報の開示、複製、再配布や転送など一切の利用が禁止されています。誤って本メールを受信された場合は、申し訳ござ&#1235
>>  6;&#124
>> 14;せんが、送信者までお知らせいただき、受信されたメールを削除していただきますようお願い致します。
>> PLEASE READ:
>> The information contained in this e-mail is confidential and intended for the named recipient(s) only.
>> If you are not an intended recipient of this e-mail, you are hereby notified that any review, dissemination, distribution or duplication of this message is strictly prohibited. If you have received this message in error, please notify the sender immediately and delete your copy from your system.
>>
>>
>> _______________________________________________
>> Openid-specs-ab mailing list
>> Openid-specs-ab at lists.openid.net
>> http://lists.openid.net/mailman/listinfo/openid-specs-ab
>>
>>
>
> _______________________________________________
> Openid-specs-ab mailing list
> Openid-specs-ab at lists.openid.net
> http://lists.openid.net/mailman/listinfo/openid-specs-ab
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20131011/87bc0dfe/attachment.html>


More information about the Openid-specs-ab mailing list