[Openid-specs-ab] What does "Token Request" refer to in the Signatures and Encryption section?

Breno de Medeiros breno at google.com
Fri Oct 11 15:49:08 UTC 2013


On Fri, Oct 11, 2013 at 4:29 AM, John Bradley <ve7jtb at ve7jtb.com> wrote:

> I think it is attempting to refer to the assertion profile for the token
> endpoint.  It is non normative and probably adds more to confusion.
>

That makes more sense. Yes, it's speculative and not clarifying.


>
> Leaving it out is fine.
>
> Sent from my iPhone
>
> On Oct 11, 2013, at 12:21 AM, Mike Jones <Michael.Jones at microsoft.com>
> wrote:
>
>  http://openid.net/specs/openid-connect-core-1_0-12.html#sigenc says:****
>
> ** **
>
> Depending on the transport through which the messages are sent, the
> integrity of the message might not be guaranteed and the originator of the
> message might not be authenticated. To mitigate these risks, Request
> Object, Token Request, ID Token, and UserInfo Response values MAY utilize
> [JWS] to sign the contents. ****
>
> To achieve message confidentiality, Request Object, Token Request, ID
> Token, and UserInfo Response values MAY use [JWE] to encrypt the content.
> ****
>
> A Token Request, used other places in the spec, just refers to a request
> made to the Token Endpoint – which I know of no way to sign or encrypt.  We
> do say how you can sign a JWT used with the private_key_jwt client
> authentication method, but that’s about as close to a match as I could come
> up with.****
>
> ** **
>
> Should I just delete these odd uses of Token Request, or does someone want
> to supply alternative wording that makes sense?****
>
> ** **
>
>                                                                 Thanks,***
> *
>
>                                                                 -- Mike***
> *
>
> ** **
>
> _______________________________________________
>
> Openid-specs-ab mailing list
> Openid-specs-ab at lists.openid.net
> http://lists.openid.net/mailman/listinfo/openid-specs-ab
>
>
> _______________________________________________
> Openid-specs-ab mailing list
> Openid-specs-ab at lists.openid.net
> http://lists.openid.net/mailman/listinfo/openid-specs-ab
>
>


-- 
--Breno
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20131011/d6f4b258/attachment.html>


More information about the Openid-specs-ab mailing list