[Openid-specs-ab] Issue #1694: definition of jwks (openid/connect)
Andrii Deinega
issues-reply at bitbucket.org
Wed Oct 26 18:41:46 UTC 2022
New issue 1694: definition of jwks
https://bitbucket.org/openid/connect/issues/1694/definition-of-jwks
Andrii Deinega:
[https://openid.net/specs/openid-connect-federation-1\_0.html#name-entity-statement](https://openid.net/specs/openid-connect-federation-1_0.html#name-entity-statement) \(draft 24\) in section 3.1 tells us
> REQUIRED Conditional. A JSON Web Key Set \(JWKS\) \[RFC7517\] representing the public part of the subject Entity's signing keys. The corresponding private key is used by Leaf Entities to sign Entity Statements about themselves, and intermediate entities to sign statements about other entities. The keys that can be found here are intended to sign Entity Statements and SHOULD NOT be used in other protocols.
The keys available in JWKS are the public keys, and they are used to verify Entity Statements. I understand the intent and suggest improving the wording in the last sentence.
More information about the Openid-specs-ab
mailing list