<div dir="ltr"><div><div>In working to resolve 703, 704 and 740 [1] over the last two days I've added the PKIX JWK key type (as well as an example) for X.509 certificates and consolidated the x509_uri, x509_encryption_uri, and jwk_encryption_uri parameters into a single combined jwk_uri parameter.  I've also provided suggested guidance about how to do key rotation of asymmetric keys for both signing and encryption using jwk_uri.<br>

<br>I believe this is now a more consistent model that meets the full desired feature set. It might even be a simplification overall (it's no more complicated anyway). But I'm sure it could benefit from a review from some of the distinguished members of this list.  The specific change sets are listed below[2] and I think Mike is going to push an update to the <a href="http://openid.bitbucket.org">openid.bitbucket.org</a> HTML specs this afternoon, which will be a little more readable. The real heart of the changes are contained in Section 4 of Messages.<br>

<br></div><div><br></div>Thanks, <br></div>Brian<br><div><div><br><br>[1]<br><a href="https://bitbucket.org/openid/connect/issue/703/key-publication-needs-to-be-reworked">https://bitbucket.org/openid/connect/issue/703/key-publication-needs-to-be-reworked</a><br>

<a href="https://bitbucket.org/openid/connect/issue/704/provide-key-rollover-guidance">https://bitbucket.org/openid/connect/issue/704/provide-key-rollover-guidance</a><br><a href="https://bitbucket.org/openid/connect/issue/740/use-of-same-key-for-different-operations">https://bitbucket.org/openid/connect/issue/740/use-of-same-key-for-different-operations</a><br>

<br>[2]<br><a href="https://bitbucket.org/openid/connect/commits/aa93484bd1270007c21a89713c716e43f494d9d3">https://bitbucket.org/openid/connect/commits/aa93484bd1270007c21a89713c716e43f494d9d3</a><br><a href="https://bitbucket.org/openid/connect/commits/c34bad3e1197acb80a7289f2a5a7adfb84c65310">https://bitbucket.org/openid/connect/commits/c34bad3e1197acb80a7289f2a5a7adfb84c65310</a><br>

<a href="https://bitbucket.org/openid/connect/commits/5a02032842fbe08ad85a578c821cdc3469ff0302">https://bitbucket.org/openid/connect/commits/5a02032842fbe08ad85a578c821cdc3469ff0302</a><br><a href="https://bitbucket.org/openid/connect/commits/0cf12e189a3abb55032ccd61f61a197eaab6cd18">https://bitbucket.org/openid/connect/commits/0cf12e189a3abb55032ccd61f61a197eaab6cd18</a><br>

<a href="https://bitbucket.org/openid/connect/commits/164747e934d9dd03cf87f8c9421bcead544d5ca2">https://bitbucket.org/openid/connect/commits/164747e934d9dd03cf87f8c9421bcead544d5ca2</a><br><br>[3]<br><a href="http://openid.bitbucket.org/openid-connect-messages-1_0.html#sigenc">http://openid.bitbucket.org/openid-connect-messages-1_0.html#sigenc</a><br>

</div></div></div>