[Openid-specs-ab] Issue #1633: Which keys to use for signing trust marks. (openid/connect)
rolandh
issues-reply at bitbucket.org
Fri Sep 9 16:39:17 UTC 2022
New issue 1633: Which keys to use for signing trust marks.
https://bitbucket.org/openid/connect/issues/1633/which-keys-to-use-for-signing-trust-marks
Roland Hedberg:
In the specification it is stated:
“The validation of such a signed statement is performed in the same way that an Entity Configuration is validated.�
_Signed statement_ refers to a trust mark.
When validating a entity configuration the keys published in the jwks parameter in the Entity Statement are used. The same is expected to be true for verifications of trust marks. This is not explicitly stated in the specification. I think it should be.
From this follow that trust marks MUST be signed by keys published in the jwks parameter in the Entity Statement.
Responsible: Roland Hedberg
More information about the Openid-specs-ab
mailing list