[Openid-specs-ab] Issue #853: Registration: Missing request object JWE "alg" and "enc" parameters (openid/connect)
John Bradley
ve7jtb at ve7jtb.com
Wed Jun 26 16:49:09 UTC 2013
Registration has request_object_signing_alg to prevent a AS from accepting unsigned request objects if the client wants.
For encrypted request objects there is no identified reason that the AS would want to restrict a client use only encrypted request objects.
The AS publishes what it supports, and the client is free to use those alg an enc. The good client will encrypt or not appropriately, forcing an attacker to encrypt has no value for asymmetric keys.
Why do you think this would be required?
John B.
On 2013-06-26, at 7:51 AM, "Vladimir Dzhuvinov" <issues-reply at bitbucket.org> wrote:
> New issue 853: Registration: Missing request object JWE "alg" and "enc" parameters
> https://bitbucket.org/openid/connect/issue/853/registration-missing-request-object-jwe
>
> Vladimir Dzhuvinov:
>
> OIDC discovery has the parameters **request_object_signing_alg_values_supported**,
> **request_object_encryption_alg_values_supported** and
> **request_object_encryption_enc_values_supported**, but the registration spec as it is now doesn't allow the client to register a preferred JWE "alg" and "enc" value.
>
>
> _______________________________________________
> Openid-specs-ab mailing list
> Openid-specs-ab at lists.openid.net
> http://lists.openid.net/mailman/listinfo/openid-specs-ab
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4507 bytes
Desc: not available
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20130626/1d29ecc9/attachment.p7s>
More information about the Openid-specs-ab
mailing list