[Openid-specs-ab] Review Comments on Dyn Reg
Brian Campbell
bcampbell at pingidentity.com
Thu Nov 14 23:35:37 UTC 2013
I could make one. It'd probably involve the introduction of a new
registration parameter (jwks probably).
The larger question for the group, I think, is if this is something
that we should try to add at this point?
On Thu, Nov 14, 2013 at 4:18 PM, Mike Jones <Michael.Jones at microsoft.com> wrote:
> Is there a specific proposed text change?
> ________________________________
> From: Brian Campbell
> Sent: 11/14/2013 5:50 PM
> To: Torsten Lodderstedt
> Cc: Openid-specs Ab; Mike Jones
>
> Subject: Re: [Openid-specs-ab] Review Comments on Dyn Reg
>
> I think Torsten raises a good question here. The jwks_uri is great for
> clients that have a web server. But there's not really a good story
> for native clients who want to use anything other than a shared secret
> (for signatures, encryption or authentication to the token endpoint).
>
> Is it too limiting? Seems like it might be...
>
> On Wed, Nov 6, 2013 at 7:11 PM, Torsten Lodderstedt
> <torsten at lodderstedt.net> wrote:
>>
>> jwks_uri - How is this scheme supposed to work for native clients? I
>> assume
>> any instance of such an application would use a distinct key pair, which
>> is
>> stored locally. Is the client supposed to provide a web server interface?
>> I
>> would rather expect this kind of client to provide the public key data
>> directly.
More information about the Openid-specs-ab
mailing list