[Openid-specs-ab] Review Comments on Dyn Reg
Mike Jones
Michael.Jones at microsoft.com
Thu Nov 14 23:18:29 UTC 2013
Is there a specific proposed text change?
________________________________
From: Brian Campbell<mailto:bcampbell at pingidentity.com>
Sent: 11/14/2013 5:50 PM
To: Torsten Lodderstedt<mailto:torsten at lodderstedt.net>
Cc: Openid-specs Ab<mailto:openid-specs-ab at lists.openid.net>; Mike Jones<mailto:Michael.Jones at microsoft.com>
Subject: Re: [Openid-specs-ab] Review Comments on Dyn Reg
I think Torsten raises a good question here. The jwks_uri is great for
clients that have a web server. But there's not really a good story
for native clients who want to use anything other than a shared secret
(for signatures, encryption or authentication to the token endpoint).
Is it too limiting? Seems like it might be...
On Wed, Nov 6, 2013 at 7:11 PM, Torsten Lodderstedt
<torsten at lodderstedt.net> wrote:
>
> jwks_uri - How is this scheme supposed to work for native clients? I assume
> any instance of such an application would use a distinct key pair, which is
> stored locally. Is the client supposed to provide a web server interface? I
> would rather expect this kind of client to provide the public key data
> directly.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20131114/10163d97/attachment.html>
More information about the Openid-specs-ab
mailing list