[Openid-specs-ab] Mandatory JWK Support for OpenID Connect
Anthony Nadalin
tonynad at microsoft.com
Fri Jul 27 04:42:06 UTC 2012
And we have the issues of no one understanding processing a JWK
From: Richer, Justin P. [mailto:jricher at mitre.org]
Sent: Thursday, July 26, 2012 3:15 PM
To: <openid-connect-interop at googlegroups.com>
Cc: Anthony Nadalin; openid-specs-ab at lists.openid.net
Subject: Re: [Openid-specs-ab] Mandatory JWK Support for OpenID Connect
Additionally, we're leaning toward picking JWK because it's a raw key format as opposed to a certificate format, which has signing authorities and all other manner of overhead that aren't directly used by the protocols under discussion.
-- Justin
On Jul 26, 2012, at 6:10 PM, Edmund Jay wrote:
This is in reference to the open issue # 633 at http://hg.openid.net/connect/issue/633/messages-42-jwk-and-x509-format-support
The specs currently support x509 and JWK format for publishing public keys but is silent on which must be supported.
There may be interop problems related to cryptographic aspects of OpenID due to lack of common support between client and server.
-- Edmund
________________________________
From: Anthony Nadalin <tonynad at microsoft.com<mailto:tonynad at microsoft.com>>
To: Edmund Jay <ejay at mgi1.com<mailto:ejay at mgi1.com>>; "openid-specs-ab at lists.openid.net<mailto:openid-specs-ab at lists.openid.net>" <openid-specs-ab at lists.openid.net<mailto:openid-specs-ab at lists.openid.net>>; "openid-connect-interop at googlegroups.com<mailto:openid-connect-interop at googlegroups.com>" <openid-connect-interop at googlegroups.com<mailto:openid-connect-interop at googlegroups.com>>
Sent: Thu, July 26, 2012 1:46:41 PM
Subject: RE: [Openid-specs-ab] Mandatory JWK Support for OpenID Connect
Can you provide the rationale or a pointer to the rationale?
From: openid-specs-ab-bounces at lists.openid.net<mailto:openid-specs-ab-bounces at lists.openid.net> [mailto:openid-specs-ab-bounces at lists.openid.net]<mailto:[mailto:openid-specs-ab-bounces at lists.openid.net]> On Behalf Of Edmund Jay
Sent: Thursday, July 26, 2012 11:58 AM
To: openid-specs-ab at lists.openid.net<mailto:openid-specs-ab at lists.openid.net>; openid-connect-interop at googlegroups.com<mailto:openid-connect-interop at googlegroups.com>
Subject: [Openid-specs-ab] Mandatory JWK Support for OpenID Connect
This is to inform everyone that the Working Group has decided to make JWK support mandatory for both the client and server.
Feedbacks welcome.
-- Edmund
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20120727/3c939b3d/attachment.html>
More information about the Openid-specs-ab
mailing list