[Openid-specs-ab] WGLC for the Migration spec. towards the implementer's draft

Nat Sakimura sakimura at gmail.com
Sun Jul 27 13:35:15 UTC 2014


Actually, the OpenID 2.0 Identifier URL returns JWK Set. It should probably
be more explicit than to say  application/jwk-set+json.

Good point about reutrning jwk_uri instead of the JWK Set.
The downside is that you have to make two calls, but it is only once per
RP/OpenID 2.0 Identifier pair, so it probably is OK.

What do others think?

Nat


2014-07-26 11:52 GMT-04:00 Torsten Lodderstedt <torsten at lodderstedt.net>:

>  Hi Nat,
>
> I just read the spec (for the first time) and think the concept is
> generally sound. I'm wondering a bit about the way the client obtains the
> OP's public key. The GET request on the OpenID 2.0 Identifier URL directly
> returns the JWK. I would suggest to just return the jwk_uri, in the same
> way openid connect discovery does it. This way this GET request is static
> (even with key rotation in place) and the OP can reuse the existing
> functionality to publish its public keys (including support for multiple
> keys in case of rotation).
>
> What do you think?
>
> kind regards,
> Torsten.
>
> Am 26.07.2014 07:44, schrieb Nat Sakimura:
>
> Thanks to Edmund Jay, the examples are now fixed.
> This is to initiate the WG Last Call.
> Please review the document and file issues if there are within a week.
> Once all the issues are resolved, we will go to the implementer's draft
> public review period for 45 days.
>
>  Nat
>
>  --
> Nat Sakimura (=nat)
> Chairman, OpenID Foundation
> http://nat.sakimura.org/
> @_nat_en
>
>
> _______________________________________________
> Openid-specs-ab mailing listOpenid-specs-ab at lists.openid.nethttp://lists.openid.net/mailman/listinfo/openid-specs-ab
>
>
>


-- 
Nat Sakimura (=nat)
Chairman, OpenID Foundation
http://nat.sakimura.org/
@_nat_en
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20140727/55e8170b/attachment.html>


More information about the Openid-specs-ab mailing list