[Openid-specs-ab] Self-issued "sub" claim value ambiguity

[Mike Jones]

Standard 5.5<http://openid.net/specs/openid-connect-standard-1_0.html#self_issued.validation>, list item 5 says:
The Client MUST validate that the sub (subject) value is the base64url encoded SHA-256 hash of the concatenation of the key values in the user_jwk claim. When the alg value is RS256, the key values mod and exp are concatenated in that order. When the alg value is ES256, the key values crv, x and y are concatenated in that order.

This language leaves it ambiguous whether the concatenated key values in Standard 5.5 supposed to be the base64url encoded values or the raw key bytes?  Following the precedents in the JOSE specs, I assume that we would concatenate the base64url encoded values.  Unless I hear objections, I'll clarify the specs to say that.

                                                            Thanks,
                                                            -- Mike

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20130123/d2b34b9e/attachment.html>