[Openid-specs-ab] user_jwk claim name
John Bradley
ve7jtb at ve7jtb.com
Wed Jan 23 12:55:54 UTC 2013
The JWK is tied to the sub not the OP. The OP may have multiple keys if it has multiple persona.
If we change it, sub_jwk would work. I don't think op_jwk is correct.
On 2013-01-23, at 5:13 AM, Mike Jones <Michael.Jones at microsoft.com> wrote:
> What should the “user_jwk” claim be called? I suspect we named it “user_jwk” to be parallel with “user_id”, but we've since changed the name “user_id” to “sub”. This claim contains the self-issued OP's public key that is used to check the signature of the ID token.
>
> The name “op_jwk”, for one thing, seems better than “user_jwk”. I say that because (I don't think) it's a key that's specific to the user. It's a key that's specific to the OP.
>
> I’m asking this now, because while we’re continuing to tweak some names to be more intuitive before we issue the implementer’s drafts, we should stop making breaking changes if at all after the implementer’s drafts are out.
>
> Any other preferences/ideas?
>
> Thanks,
> -- Mike
>
> _______________________________________________
> Openid-specs-ab mailing list
> Openid-specs-ab at lists.openid.net
> http://lists.openid.net/mailman/listinfo/openid-specs-ab
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20130123/ae6ac50f/attachment.html>
More information about the Openid-specs-ab
mailing list