[Openid-specs-ab] Aggregated and Distributed Claims

Hans Zandbelt hans.zandbelt at zmartzone.eu
Mon Mar 4 15:56:11 UTC 2019

FYI: developing the OIDC certification suite we encountered the same:


On Mon, Mar 4, 2019 at 4:38 PM Torsten Lodderstedt via Openid-specs-ab <
openid-specs-ab at lists.openid.net> wrote:

> Hi all,
> I just worked my way through section 5.6.2 of the OpenID Connect Core spec
> and I'm wondering how a RP is supposed to check the signature of a nested
> JWT containing aggregated claims. There is no text that the JWT must
> contain an „iss" claim that could be used to obtains the other claims
> provider’s JWKS URI.
> What is the assumption of the spec how signature validation should work?
> kind regards,
> Torsten. _______________________________________________
> Openid-specs-ab mailing list
> Openid-specs-ab at lists.openid.net
> http://lists.openid.net/mailman/listinfo/openid-specs-ab

hans.zandbelt at zmartzone.eu
ZmartZone IAM - www.zmartzone.eu
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20190304/87db80ac/attachment.html>

More information about the Openid-specs-ab mailing list