[Openid-specs-ab] FW: JSON Web Key (JWK) Thumbprint is now RFC 7638

Mike Jones Michael.Jones at microsoft.com
Tue Sep 8 18:34:22 UTC 2015



From: Mike Jones
Sent: Tuesday, September 08, 2015 11:33 AM
To: jose at ietf.org
Subject: JSON Web Key (JWK) Thumbprint is now RFC 7638

The JSON Web Key (JWK) Thumbprint specification is now RFC 7638<http://www.rfc-editor.org/info/rfc7638>.  The abstract describes the specification as follows:

This specification defines a method for computing a hash value over a JSON Web Key (JWK). It defines which fields in a JWK are used in the hash computation, the method of creating a canonical form for those fields, and how to convert the resulting Unicode string into a byte sequence to be hashed. The resulting hash value can be used for identifying or selecting the key represented by the JWK that is the subject of the thumbprint.

Thanks to James Manger<https://www.linkedin.com/pub/james-manger/3b/561/979>, John Bradley<http://www.thread-safe.com/>, and Nat Sakimura<http://nat.sakimura.org/>, all of whom participated in security discussions that led to the creation of this specification.  Thanks also to the JOSE working group<http://datatracker.ietf.org/wg/jose/charter/> members, chairs, area directors, and other IETF members who contributed to the specification.

A JWK Thumbprint is used as the "sub" (subject) claim value in OpenID Connect self-issued ID Tokens<http://openid.net/specs/openid-connect-core-1_0.html#SelfIssuedResponse>.

                                                            -- Mike

P.S.  This note was also posted as http://self-issued.info/?p=1446 and as @selfissued<https://twitter.com/selfissued>.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20150908/56e487d1/attachment.html>


More information about the Openid-specs-ab mailing list