[Openid-specs-ab] WGLC for the Migration spec. towards the implementer's draft

Torsten Lodderstedt torsten at lodderstedt.net
Sat Jul 26 15:52:05 UTC 2014


Hi Nat,

I just read the spec (for the first time) and think the concept is 
generally sound. I'm wondering a bit about the way the client obtains 
the OP's public key. The GET request on the OpenID 2.0 Identifier URL 
directly returns the JWK. I would suggest to just return the jwk_uri, in 
the same way openid connect discovery does it. This way this GET request 
is static (even with key rotation in place) and the OP can reuse the 
existing functionality to publish its public keys (including support for 
multiple keys in case of rotation).

What do you think?

kind regards,
Torsten.

Am 26.07.2014 07:44, schrieb Nat Sakimura:
> Thanks to Edmund Jay, the examples are now fixed.
> This is to initiate the WG Last Call.
> Please review the document and file issues if there are within a week.
> Once all the issues are resolved, we will go to the implementer's 
> draft public review period for 45 days.
>
> Nat
>
> -- 
> Nat Sakimura (=nat)
> Chairman, OpenID Foundation
> http://nat.sakimura.org/
> @_nat_en
>
>
> _______________________________________________
> Openid-specs-ab mailing list
> Openid-specs-ab at lists.openid.net
> http://lists.openid.net/mailman/listinfo/openid-specs-ab

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20140726/3963f669/attachment.html>


More information about the Openid-specs-ab mailing list