[Openid-specs-ab] [openid/connect] General - removal of symmetric signatures for id tokens (issue #571)

tlodderstedt issues-reply at bitbucket.org
Fri Apr 6 20:55:22 UTC 2012


--- you can reply above this line ---

New issue 571: General - removal of symmetric signatures for id tokens
https://bitbucket.org/openid/connect/issue/571/general-removal-of-symmetric-signatures

tlodderstedt on Fri, 6 Apr 2012 22:55:22 +0200:

I think the spec could benefit from removing support for symmetric signatures and support asymmetric signatures, only. RPs (even public clients) could validate signatures based on the AS's public key. Interop would benefit because of the reduced numbers of algorithms, security would benefit because of the limited applicability of symmetric signatures (two parties only!). Moreover, dual use of client secrets for authentication on the AS (original use case) and creation/validation of digital signatures would put to an end.


--

This is an issue notification from bitbucket.org. You are receiving
this either because you are the owner of the issue, or you are
following the issue.


More information about the Openid-specs-ab mailing list