[Openid-specs-ab] Review Comments on Dyn Reg

[Richer, Justin P.]

It sounds too under defined at the moment, in my opinion -- especially for something as fundamental a security parameter as this. We can always extend/augment the fields in § 2.1 in the future after we get some people actually implementing it and trying it out.

 -- Justin

On Nov 15, 2013, at 12:35 AM, Brian Campbell <bcampbell at pingidentity.com> wrote:

> I could make one. It'd probably involve the introduction of a new
> registration parameter (jwks probably).
> 
> The larger question for the group, I think, is if this is something
> that we should try to add at this point?
> 
> On Thu, Nov 14, 2013 at 4:18 PM, Mike Jones <Michael.Jones at microsoft.com> wrote:
>> Is there a specific proposed text change?
>> ________________________________
>> From: Brian Campbell
>> Sent: 11/14/2013 5:50 PM
>> To: Torsten Lodderstedt
>> Cc: Openid-specs Ab; Mike Jones
>> 
>> Subject: Re: [Openid-specs-ab] Review Comments on Dyn Reg
>> 
>> I think Torsten raises a good question here. The jwks_uri is great for
>> clients that have a web server. But there's not really a good story
>> for native clients who want to use anything other than a shared secret
>> (for signatures, encryption or authentication to the token endpoint).
>> 
>> Is it too limiting? Seems like it might be...
>> 
>> On Wed, Nov 6, 2013 at 7:11 PM, Torsten Lodderstedt
>> <torsten at lodderstedt.net> wrote:
>>> 
>>> jwks_uri - How is this scheme supposed to work for native clients? I
>>> assume
>>> any instance of such an application would use a distinct key pair, which
>>> is
>>> stored locally. Is the client supposed to provide a web server interface?
>>> I
>>> would rather expect this kind of client to provide the public key data
>>> directly.
> _______________________________________________
> Openid-specs-ab mailing list
> Openid-specs-ab at lists.openid.net
> http://lists.openid.net/mailman/listinfo/openid-specs-ab