[Openid-specs-ab] Dynamic Client Registration draft

John Bradley ve7jtb at ve7jtb.com
Mon Apr 2 01:55:44 UTC 2012


> 
> 
> Yes I reworked that on another ticket last week.   I will fix the nit at the end as well good catch.
> 
> John B.,
> On 2012-04-01, at 8:10 PM, Nat Sakimura wrote:
> 
>> Hi John, 
>> 
>> Did you take care of this one? 
>> Perhaps we have not yet as we have all been traveling circus for the month of March. 
>> 
>> =nat
>> 
>> ---------- Forwarded message ----------
>> From: Anganes, Amanda L <aanganes at mitre.org>
>> Date: Sat, Mar 3, 2012 at 12:58 AM
>> Subject: [Openid-specs-ab] Dynamic Client Registration draft
>> To: "openid-specs-ab at lists.openid.net" <openid-specs-ab at lists.openid.net>
>> 
>> 
>> Section 2.1: Client Registration Request lists the following four definitions:
>> 
>>  
>> 
>> userinfo_signed_response_algs
>> 
>> OPTIONAL. The JWS [JWS] signature algorithm required for UserInfo responses. If this is specified the response will be JWT [JWT] serialized, and signed using JWS [JWS].
>> 
>> userinfo_encrypted_response_algs
>> 
>> OPTIONAL. A space delimited list of the JWE [JWE] alg and enc algorithms required for UserInfo responses. If this is requested in combination with signing the response will be signed then encrypted. If this is specified the response will be JWT [JWT] serialized, and encrypted using JWE [JWE].
>> 
>> id_token_signed_response_algs
>> 
>> OPTIONAL. The JWS [JWS] signing algorithm required for the ID Token issued to this client_id. The default if not specified is HS256 using the provided client_secret.
>> 
>> id_token_encrypted_response_algs
>> 
>> OPTIONAL. A space delimited list of the JWE [JWE] alg and enc algorithms required for the ID Token issued to this client_id. If this is requested the response will be signed then encrypted. The default if not specified is no encryption.
>> 
>>  
>> 
>> All four of these parameter names end with the plural “algs”. Two of them, userinfo_encrypted_response_algs and id_token_encrypted_response_algs, are defined as space delimited lists. The other two, userinfo_signed_response_algs and id_token_signed_response_algs, appear to be singular (*The* JWS signature/signing algorithm).
>> 
>>  
>> 
>> If only 1 JWS signature algorithm each is supposed to be provided for the UserInfo and IdToken responses, can the ‘s’ be dropped from those two parameter names, in order to avoid confusion? Otherwise, if more than one algorithm can be provided, the “space delimited list” wording should be added to those two parameters.
>> 
>>  
>> 
>> Also, a minor nit: userinfo_signed_response_algs says “JWS signature algorithm”, while id_token_signed_response_algs says “JWS signing algorithm”. Signature/signing should probably match.
>> 
>>  
>> 
>> Thanks,
>> 
>>  
>> 
>> Amanda Anganes
>> 
>> Info Sys Engineer, G061
>> 
>> The MITRE Corporation
>> 
>> 782-271-3103
>> 
>> aanganes at mitre.org
>> 
>>  
>> 
>> 
>> _______________________________________________
>> Openid-specs-ab mailing list
>> Openid-specs-ab at lists.openid.net
>> http://lists.openid.net/mailman/listinfo/openid-specs-ab
>> 
>> 
>> 
>> 
>> -- 
>> Nat Sakimura (=nat)
>> Chairman, OpenID Foundation
>> http://nat.sakimura.org/
>> @_nat_en
>> 
>> _______________________________________________
>> Openid-specs-ab mailing list
>> Openid-specs-ab at lists.openid.net
>> http://lists.openid.net/mailman/listinfo/openid-specs-ab
> 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20120401/4b669ad6/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4937 bytes
Desc: not available
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20120401/4b669ad6/attachment.p7s>


More information about the Openid-specs-ab mailing list