[Openid-specs-ab] OpenID specs updated to track JWE changes

[Mike Jones]

The working group wants to encourage implementers to make these changes as soon as possible so that testing can be performed on updated implementations before we publish the upcoming set of implementers drafts.  Also, if you can please send a note to the openid-connect-interop list when you've updated your test endpoints, that would be useful so others will know when they can begin testing the updated interfaces with your code.

                                             Thanks from the working group,
                                                            -- Mike

From: openid-connect-interop at googlegroups.com [mailto:openid-connect-interop at googlegroups.com] On Behalf Of Mike Jones
Sent: Tuesday, November 20, 2012 9:52 PM
To: openid-connect-interop at googlegroups.com
Subject: OpenID specs updated to track JWE changes

As most of you know, the format of encrypted JWE objects changed in draft-ietf-jose-json-web-encryption-06<http://tools.ietf.org/html/draft-ietf-jose-json-web-encryption-06> last month.  The primary changes were to eliminate the "int" (integrity) parameter and to create consolidated "A128CBC+HS256" and "A256CBC+HS512" algorithms.  As a result, I've updated the Open Connect specs to match.  Also, to address issue #614<https://bitbucket.org/openid/connect/issue/614> and issue #673<https://bitbucket.org/openid/connect/issue/673>, the parameters used for requesting signed and encrypted objects were reworked to provide finer grained control and more naming consistency.  Parameter changes were:

Parameters changed:
               userinfo_algs_supported ->
                              userinfo_signing_alg_values_supported
                              userinfo_encryption_alg_values_supported
                              userinfo_encryption_enc_values_supported
               id_token_algs_supported ->
                              id_token_signing_alg_values_supported
                              id_token_encryption_alg_values_supported
                              id_token_encryption_enc_values_supported
               request_object_algs_supported ->
                              request_object_signing_alg_values_supported
                              request_object_encryption_alg_values_supported
                              request_object_encryption_enc_values_supported
               token_endpoint_auth_algs_supported ->
                              token_endpoint_auth_signing_alg_values_supported
               require_signed_request_object ->
                              request_object_signing_alg
Parameters deleted:
               userinfo_encrypted_response_int
               id_token_encrypted_response_int

People should update their Connect code accordingly, as well as their JWE code.

There were changes to all the Connect specifications.  There are links to the new versions at http://openid.bitbucket.org/.  Direct links are:

*        http://openid.bitbucket.org/openid-connect-basic-1_0.html

*        http://openid.bitbucket.org/openid-connect-implicit-1_0.html

*        http://openid.bitbucket.org/openid-connect-messages-1_0.html

*        http://openid.bitbucket.org/openid-connect-standard-1_0.html

*        http://openid.bitbucket.org/openid-connect-discovery-1_0.html

*        http://openid.bitbucket.org/openid-connect-registration-1_0.html

*        http://openid.bitbucket.org/openid-connect-session-1_0.html

Hopefully this will be the last major set of breaking changes.  Please write if you have any questions.

                                                            -- Mike

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20121127/b757f667/attachment.html>