[Openid-specs-ab] Feedback requested: JWT library effort

[Adam Dawes]

Hi all,

I have mentioned to some of you that Google is very interested in making it
easy and secure for developers to do JWT/ID Token validation on their
servers. We think resources like jwt.io and the many open source libraries
have helped developers a lot with this process. But we are also concerned
that there are still many ways to mess up validation and want to make it
easy for developers to automatically do the right thing. I'm reaching out
because we would like to partner with the Foundation and the Connect WG to
build canonical libraries that gain wide adoption and which help drive
greater adoption of federation.

To drive this effort forward, I wanted to introduce a new PM on my team,
Luke Camery. He's put together a spec
<https://docs.google.com/document/d/1V5uE-aR6k5JYuQQ6Ylgj8t1F_HMS7DEMJ4AIRMyR9Ts/edit#>
for
the libraries.

I'd like to invite the group to provide feedback and also see if it would
be worthwhile to walk through this on an upcoming WG call. Also, we're also
going to be looking for contractors to help us implement these requirements
so if any of you are available or have recommendations, we would love to
get those.

Please let us know what you think.

thanks,
AD

-- 
Adam Dawes | Sr. Product Manager | adawes at google.com | +1 650-214-2410
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20170823/22c34290/attachment.html>