[Openid-specs-ab] Dynamic Client Registration draft

Nat Sakimura sakimura at gmail.com
Sun Apr 1 23:10:16 UTC 2012 

Hi John,

Did you take care of this one?
Perhaps we have not yet as we have all been traveling circus for the month
of March.

=nat

---------- Forwarded message ----------
From: Anganes, Amanda L <aanganes at mitre.org>
Date: Sat, Mar 3, 2012 at 12:58 AM
Subject: [Openid-specs-ab] Dynamic Client Registration draft
To: "openid-specs-ab at lists.openid.net" <openid-specs-ab at lists.openid.net>


 Section 2.1: Client Registration Request lists the following four
definitions:****

** **

userinfo_signed_response_algs****

OPTIONAL. The JWS [JWS] signature algorithm required for UserInfo
responses. If this is specified the response will be JWT [JWT] serialized,
and signed using JWS [JWS].****

userinfo_encrypted_response_algs****

OPTIONAL. A space delimited list of the JWE [JWE] alg and enc algorithms
required for UserInfo responses. If this is requested in combination with
signing the response will be signed then encrypted. If this is specified
the response will be JWT [JWT] serialized, and encrypted using JWE [JWE].***
*

id_token_signed_response_algs****

OPTIONAL. The JWS [JWS] signing algorithm required for the ID Token issued
to this client_id. The default if not specified is HS256 using the provided
client_secret.****

id_token_encrypted_response_algs****

OPTIONAL. A space delimited list of the JWE [JWE] alg and enc algorithms
required for the ID Token issued to this client_id. If this is requested
the response will be signed then encrypted. The default if not specified is
no encryption.****

** **

All four of these parameter names end with the plural “algs”. Two of them,
userinfo_encrypted_response_algs and id_token_encrypted_response_algs, are
defined as space delimited lists. The other two,
userinfo_signed_response_algs and id_token_signed_response_algs, appear to
be singular (**The** JWS signature/signing algorithm). ****

** **

If only 1 JWS signature algorithm each is supposed to be provided for the
UserInfo and IdToken responses, can the ‘s’ be dropped from those two
parameter names, in order to avoid confusion? Otherwise, if more than one
algorithm can be provided, the “space delimited list” wording should be
added to those two parameters.****

** **

Also, a minor nit: userinfo_signed_response_algs says “JWS signature
algorithm”, while id_token_signed_response_algs says “JWS signing
algorithm”. Signature/signing should probably match. ****

** **

Thanks,****

** **

*Amanda Anganes*

Info Sys Engineer, G061****

The MITRE Corporation****

782-271-3103****

aanganes at mitre.org****

** **

_______________________________________________
Openid-specs-ab mailing list
Openid-specs-ab at lists.openid.net
http://lists.openid.net/mailman/listinfo/openid-specs-ab




-- 
Nat Sakimura (=nat)
Chairman, OpenID Foundation
http://nat.sakimura.org/
@_nat_en
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20120402/4b888527/attachment.html>

More information about the Openid-specs-ab mailing list