[Openid-specs-ab] Fwd: Key handling
Roland Hedberg
roland.hedberg at adm.umu.se
Fri Mar 2 14:14:13 UTC 2012
Sorry, should have been sent to both lists.
-- Roland
Vidarebefordrat brev:
> Från: Roland Hedberg <roland.hedberg at adm.umu.se>
> Ämne: Key handling
> Datum: 2 mars 2012 14:56:48 CET
> Till: "openid-connect-interop at googlegroups.com" <openid-connect-interop at googlegroups.com>
> Svara till: "openid-connect-interop at googlegroups.com" <openid-connect-interop at googlegroups.com>
>
> Hi!
>
> I have some questions on key handling.
>
> 1)
> If one uses JWK to publish keys it is not possible to specify the lifetime of a key.
> Potentially therefor a client could do one provider configuration discovery and then cache and reuse the result forever.
>
> 2)
> When a client for some reason want to change it's keys it can do a client registration client_update request.
>
> Regarding keys is such an update to be regarded as a replace or an update ?
>
> Let's assume that a client issued a client_associate request with information about one key and then later a client_update request again with one key.
>
> What if in the original request a X509_url was given, pointing to a RSA key and in the update only a jwk_url was provided again about a RSA key.
>
> Should the old key be replace by the new ?
>
> What if the original key was a RSA key and the one in the update was an EC key ?
>
> Again replace ?
>
> Basically are we dealing with update or replace ??
>
> -- Roland
More information about the Openid-specs-ab
mailing list