[Openid-specs-ab] WGLC for the Migration spec. towards the implementer's draft
sakimura at gmail.com
Sun Jul 27 13:35:15 UTC 2014
Actually, the OpenID 2.0 Identifier URL returns JWK Set. It should probably
be more explicit than to say application/jwk-set+json.
Good point about reutrning jwk_uri instead of the JWK Set.
The downside is that you have to make two calls, but it is only once per
RP/OpenID 2.0 Identifier pair, so it probably is OK.
What do others think?
2014-07-26 11:52 GMT-04:00 Torsten Lodderstedt <torsten at lodderstedt.net>:
> Hi Nat,
> I just read the spec (for the first time) and think the concept is
> generally sound. I'm wondering a bit about the way the client obtains the
> OP's public key. The GET request on the OpenID 2.0 Identifier URL directly
> returns the JWK. I would suggest to just return the jwk_uri, in the same
> way openid connect discovery does it. This way this GET request is static
> (even with key rotation in place) and the OP can reuse the existing
> functionality to publish its public keys (including support for multiple
> keys in case of rotation).
> What do you think?
> kind regards,
> Am 26.07.2014 07:44, schrieb Nat Sakimura:
> Thanks to Edmund Jay, the examples are now fixed.
> This is to initiate the WG Last Call.
> Please review the document and file issues if there are within a week.
> Once all the issues are resolved, we will go to the implementer's draft
> public review period for 45 days.
> Nat Sakimura (=nat)
> Chairman, OpenID Foundation
> Openid-specs-ab mailing listOpenid-specs-ab at lists.openid.nethttp://lists.openid.net/mailman/listinfo/openid-specs-ab
Nat Sakimura (=nat)
Chairman, OpenID Foundation
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Openid-specs-ab