[Openid-specs-fapi] explicit typing of dynamic registration JWTs

Pamela Dingle pdingle at pingidentity.com
Wed Oct 4 20:34:04 UTC 2017

Hi all,

In the meeting yesterday, we discussed typing of JWTs in the context of
dynamic client registration.  I talked it over with a few of the OB folks
and they proposed to use the cty header to type the payload rather than
using typ to explicitly type the assertion.

For example:

Registration Request

   - Content-type for request is expected to be application/jwt
      - assertion typ header set to JWT
      - assertion cty header set to "ob_request+json"

Software Statement

   - assertion typ set to JWT
      - assertion cty header set to "ob_softwarestmt+json"

Any comments?   Any best practices or specs we run afoul of?

<https://www.pingidentity.com>[image: Ping Identity]
Pam Dingle
Principal Technical Architect
pdingle at pingidentity.com
w: +1 303.999.5890
c: +1 303.999.5890
Connect with us: [image: Glassdoor logo]
LinkedIn logo] <https://www.linkedin.com/company/21870> [image: twitter
logo] <https://twitter.com/pingidentity> [image: facebook logo]
<https://www.facebook.com/pingidentitypage> [image: youtube logo]
<https://www.youtube.com/user/PingIdentityTV> [image: Google+ logo]
<https://plus.google.com/u/0/114266977739397708540> [image: Blog logo]

*CONFIDENTIALITY NOTICE: This email may contain confidential and privileged 
material for the sole use of the intended recipient(s). Any review, use, 
distribution or disclosure by others is strictly prohibited.  If you have 
received this communication in error, please notify the sender immediately 
by e-mail and delete the message and any file attachments from your 
computer. Thank you.*
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-fapi/attachments/20171004/a0a6cd56/attachment.html>

More information about the Openid-specs-fapi mailing list