<p dir="ltr">I believe Token Request here refers to 'response_type=token' authorization requests, and is speculative since se have no prescriptive mechanism for signing such requests.</p>
<div class="gmail_quote">On Oct 11, 2013 4:33 AM, "Brian Campbell" <<a href="mailto:bcampbell@pingidentity.com">bcampbell@pingidentity.com</a>> wrote:<br type="attribution"><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div dir="ltr">Delete 'em.<br></div><div class="gmail_extra"><br><br><div class="gmail_quote">On Fri, Oct 11, 2013 at 1:07 AM, n-sakimura <span dir="ltr"><<a href="mailto:n-sakimura@nri.co.jp" target="_blank">n-sakimura@nri.co.jp</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div text="#000000" bgcolor="#FFFFFF">
<div>I am fine with it. <br>
<br>
Nat<div><div><br>
<br>
(2013/10/11 8:21), Mike Jones wrote:<br>
</div></div></div>
<blockquote type="cite"><div><div>
<div>
<p class="MsoNormal"><a href="http://openid.net/specs/openid-connect-core-1_0-12.html#sigenc" target="_blank">http://openid.net/specs/openid-connect-core-1_0-12.html#sigenc</a>
says:</p>
<p class="MsoNormal"> </p>
<p><span lang="EN">Depending on the transport through which the
messages are sent, the integrity of the message might not be
guaranteed and the originator of the message might not be
authenticated. To mitigate these risks, Request Object, <span>
Token Request</span>, ID Token, and UserInfo Response
values MAY utilize [JWS] to sign the contents.
</span></p>
<p><span lang="EN">To achieve message confidentiality, Request
Object,
<span>Token Request</span>, ID Token, and UserInfo Response
values MAY use [JWE] to encrypt the content.
</span></p>
<p class="MsoNormal">A Token Request, used other places in the
spec, just refers to a request made to the Token Endpoint –
which I know of no way to sign or encrypt. We do say how you
can sign a JWT used with the private_key_jwt client
authentication method, but that’s about as close to a match as
I could come up with.</p>
<p class="MsoNormal"> </p>
<p class="MsoNormal">Should I just delete these odd uses of
Token Request, or does someone want to supply alternative
wording that makes sense?</p>
<p class="MsoNormal"> </p>
<p class="MsoNormal">
Thanks,</p>
<p class="MsoNormal">
-- Mike</p>
<p class="MsoNormal"> </p>
</div>
<br>
<fieldset></fieldset>
<br>
</div></div><pre>_______________________________________________
Openid-specs-ab mailing list
<a href="mailto:Openid-specs-ab@lists.openid.net" target="_blank">Openid-specs-ab@lists.openid.net</a>
<a href="http://lists.openid.net/mailman/listinfo/openid-specs-ab" target="_blank">http://lists.openid.net/mailman/listinfo/openid-specs-ab</a><span><font color="#888888">
</font></span></pre><span><font color="#888888">
</font></span></blockquote><span><font color="#888888">
<br>
<br>
<pre cols="72">--
Nat Sakimura (<a href="mailto:n-sakimura@nri.co.jp" target="_blank">n-sakimura@nri.co.jp</a>)
Nomura Research Institute, Ltd.
Tel:<a href="tel:%2B81-3-6274-1412" value="+81362741412" target="_blank">+81-3-6274-1412</a> Fax:<a href="tel:%2B81-3-6274-1547" value="+81362741547" target="_blank">+81-3-6274-1547</a>
$BK\%a!<%k$K4^$^$l$k>pJs$O5!L)>pJs$G$"$j!"08@h$K5-:\$5$l$F$$$kJ}$N$_$KAw?.$9$k$3$H$r0U?^$7$F$*$j$^$9!#0U?^$5$l$?<u<h?M0J30$NJ}$K$h$k$3$l$i$N>pJs$N3+<(!"J#@=!":FG[I[$dE>Aw$J$I0l@Z$NMxMQ$,6X;_$5$l$F$$$^$9!#8m$C$FK\%a!<%k$r<u?.$5$l$?>l9g$O!"?=$7Lu$4$6(Bӓ
6;|
14;$B$;$s$,!"Aw?.<T$^$G$*CN$i$;$$$?$@$-!"<u?.$5$l$?%a!<%k$r:o=|$7$F$$$?$@$-$^$9$h$&$*4j$$CW$7$^$9!#(B
PLEASE READ:
The information contained in this e-mail is confidential and intended for the named recipient(s) only.
If you are not an intended recipient of this e-mail, you are hereby notified that any review, dissemination, distribution or duplication of this message is strictly prohibited. If you have received this message in error, please notify the sender immediately and delete your copy from your system.
</pre>
</font></span></div>
<br>_______________________________________________<br>
Openid-specs-ab mailing list<br>
<a href="mailto:Openid-specs-ab@lists.openid.net" target="_blank">Openid-specs-ab@lists.openid.net</a><br>
<a href="http://lists.openid.net/mailman/listinfo/openid-specs-ab" target="_blank">http://lists.openid.net/mailman/listinfo/openid-specs-ab</a><br>
<br></blockquote></div><br></div>
<br>_______________________________________________<br>
Openid-specs-ab mailing list<br>
<a href="mailto:Openid-specs-ab@lists.openid.net">Openid-specs-ab@lists.openid.net</a><br>
<a href="http://lists.openid.net/mailman/listinfo/openid-specs-ab" target="_blank">http://lists.openid.net/mailman/listinfo/openid-specs-ab</a><br>
<br></blockquote></div>