[Openid-specs-ab] Id_token signature type
Nat Sakimura
sakimura at gmail.com
Wed May 4 13:31:52 UTC 2011
Sorry - Again it went to spam folder...
Yes, that is fine by me in general.
For the sake of consistency, I would propose to use "alg" instead of
"algorithm" as the parameter name, though.
Having said that, if the alg is RS* or EC*, we may want to send the keyinfo
as well,
either as JWK url or the URL of the PEM file etc.
=nat
On Sat, Apr 23, 2011 at 12:53 AM, Breno de Medeiros <breno at google.com>wrote:
> Another topic discussed during last meeting of the OpenID ABC WG was
> how a relying party would indicate that the id_token should be
> symmetrically versus asymmetrically signed.
>
> A concrete proposal would be to add a parameter, say
> algorithm=<standard algorithm name>, where <standard algorithm name>
> is one of the possible defined values for 'alg' in the JWT.
>
> This parameter would be sent to the endpoint that returns the access_token.
>
> Thoughts?
>
> --
> --Breno
> _______________________________________________
> Openid-specs-ab mailing list
> Openid-specs-ab at lists.openid.net
> http://lists.openid.net/mailman/listinfo/openid-specs-ab
>
--
Nat Sakimura (=nat)
http://www.sakimura.org/en/
http://twitter.com/_nat_en
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20110504/f39dd5a6/attachment.html>
More information about the Openid-specs-ab
mailing list