[Openid-specs-ab] What does "Token Request" refer to in the Signatures and Encryption section?

Mike Jones Michael.Jones at microsoft.com
Fri Oct 11 19:24:47 UTC 2013


It's gone now. :)

From: Breno de Medeiros [mailto:breno at google.com]
Sent: Friday, October 11, 2013 8:49 AM
To: John Bradley
Cc: Mike Jones; openid-specs-ab at lists.openid.net
Subject: Re: [Openid-specs-ab] What does "Token Request" refer to in the Signatures and Encryption section?



On Fri, Oct 11, 2013 at 4:29 AM, John Bradley <ve7jtb at ve7jtb.com<mailto:ve7jtb at ve7jtb.com>> wrote:
I think it is attempting to refer to the assertion profile for the token endpoint.  It is non normative and probably adds more to confusion.

That makes more sense. Yes, it's speculative and not clarifying.


Leaving it out is fine.

Sent from my iPhone

On Oct 11, 2013, at 12:21 AM, Mike Jones <Michael.Jones at microsoft.com<mailto:Michael.Jones at microsoft.com>> wrote:
http://openid.net/specs/openid-connect-core-1_0-12.html#sigenc says:


Depending on the transport through which the messages are sent, the integrity of the message might not be guaranteed and the originator of the message might not be authenticated. To mitigate these risks, Request Object, Token Request, ID Token, and UserInfo Response values MAY utilize [JWS] to sign the contents.

To achieve message confidentiality, Request Object, Token Request, ID Token, and UserInfo Response values MAY use [JWE] to encrypt the content.
A Token Request, used other places in the spec, just refers to a request made to the Token Endpoint - which I know of no way to sign or encrypt.  We do say how you can sign a JWT used with the private_key_jwt client authentication method, but that's about as close to a match as I could come up with.

Should I just delete these odd uses of Token Request, or does someone want to supply alternative wording that makes sense?

                                                                Thanks,
                                                                -- Mike

_______________________________________________

Openid-specs-ab mailing list
Openid-specs-ab at lists.openid.net<mailto:Openid-specs-ab at lists.openid.net>
http://lists.openid.net/mailman/listinfo/openid-specs-ab

_______________________________________________
Openid-specs-ab mailing list
Openid-specs-ab at lists.openid.net<mailto:Openid-specs-ab at lists.openid.net>
http://lists.openid.net/mailman/listinfo/openid-specs-ab



--
--Breno
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20131011/28390eec/attachment.html>


More information about the Openid-specs-ab mailing list