[Openid-specs-ab] Issue #1726: Federation: jwks in entity statements (openid/connect)
tlodderstedt
issues-reply at bitbucket.org
Thu Nov 17 18:12:40 UTC 2022
New issue 1726: Federation: jwks in entity statements
https://bitbucket.org/openid/connect/issues/1726/federation-jwks-in-entity-statements
Torsten Lodderstedt:
Why is the`jwks` claim mandatory in entity statements. Wouldn’t it be sufficient to assert attributes about the entity and refer to the respective entity using the entity id in the `sub` claim? The signing keys of the respective entity can be obtained via entity id/entity configuration/jwks or jwks\_uri.
Forcing deployments to add the keys to the entity statements makes key rotation harder.
More information about the Openid-specs-ab
mailing list