[Openid-specs-heart] Fwd: HEART Profiles - HEART AS Key Rotation

Adrian Gropper agropper at healthurl.com
Mon Dec 7 20:14:06 UTC 2015


Initially sent to the wrong list, see below:


---------- Forwarded message ----------
From: Adrian Gropper <agropper at healthurl.com>
Date: Mon, Dec 7, 2015 at 1:33 PM
Subject: Re: HEART Profiles - HEART AS Key Rotation
To: Justin Richer <jricher at mit.edu>
Cc: "wg-uma at kantarainitiative.org UMA" <WG-UMA at kantarainitiative.org>


So there are two jwks_uri, one for the RS and another for the AS, because
each is a Server in OAuth speak at one time or another. Do we need to
profile key rotation for either or both servers?

Adrian


On Monday, December 7, 2015, Justin Richer <jricher at mit.edu> wrote:

> The RS registers its jwks_uri in §3 of the OAuth profile since it needs to
> register as an OAuth client at the AS.
>
>  — Justin
>
> On Dec 7, 2015, at 11:15 AM, Adrian Gropper <agropper at healthurl.com>
> wrote:
>
> I section 4.1 of
> http://openid.bitbucket.org/HEART/openid-heart-oauth2.html, we have :
> "jwks_uriThe fully qualified URI of the server's public key in JWK Set
> <http://openid.bitbucket.org/HEART/openid-heart-oauth2.html#RFC7517>
> [RFC7517] format" One of the reasons for this is to facilitate key
> rotation by the AS. Do we have or need a profile for how key rotation would
> be done with the RS?
>
> Thanks,
>
> Adrian
> --
>
> Adrian Gropper MD
>
> PROTECT YOUR FUTURE - RESTORE Health Privacy!
> HELP us fight for the right to control personal health data.
> DONATE: http://patientprivacyrights.org/donate-2/
> _______________________________________________
> WG-UMA mailing list
> WG-UMA at kantarainitiative.org
> http://kantarainitiative.org/mailman/listinfo/wg-uma
>
>
>

-- 

Adrian Gropper MD

PROTECT YOUR FUTURE - RESTORE Health Privacy!
HELP us fight for the right to control personal health data.
DONATE: http://patientprivacyrights.org/donate-2/




-- 

Adrian Gropper MD

PROTECT YOUR FUTURE - RESTORE Health Privacy!
HELP us fight for the right to control personal health data.
DONATE: http://patientprivacyrights.org/donate-2/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-heart/attachments/20151207/e7e3c33f/attachment.html>


More information about the Openid-specs-heart mailing list