[Openid-specs-ab] Mandatory JWK Support for OpenID Connect

Anthony Nadalin tonynad at microsoft.com
Fri Jul 27 04:42:06 UTC 2012


And we have the issues of no one understanding processing a JWK

From: Richer, Justin P. [mailto:jricher at mitre.org]
Sent: Thursday, July 26, 2012 3:15 PM
To: <openid-connect-interop at googlegroups.com>
Cc: Anthony Nadalin; openid-specs-ab at lists.openid.net
Subject: Re: [Openid-specs-ab] Mandatory JWK Support for OpenID Connect

Additionally, we're leaning toward picking JWK because it's a raw key format as opposed to a certificate format, which has signing authorities and all other manner of overhead that aren't directly used by the protocols under discussion.

 -- Justin

On Jul 26, 2012, at 6:10 PM, Edmund Jay wrote:


This is in reference to the open issue # 633 at http://hg.openid.net/connect/issue/633/messages-42-jwk-and-x509-format-support
The specs currently support x509 and JWK format for publishing public keys but is silent on which must be supported.
There may be interop problems related to cryptographic aspects of OpenID due to lack of common support between client and server.

-- Edmund

________________________________
From: Anthony Nadalin <tonynad at microsoft.com<mailto:tonynad at microsoft.com>>
To: Edmund Jay <ejay at mgi1.com<mailto:ejay at mgi1.com>>; "openid-specs-ab at lists.openid.net<mailto:openid-specs-ab at lists.openid.net>" <openid-specs-ab at lists.openid.net<mailto:openid-specs-ab at lists.openid.net>>; "openid-connect-interop at googlegroups.com<mailto:openid-connect-interop at googlegroups.com>" <openid-connect-interop at googlegroups.com<mailto:openid-connect-interop at googlegroups.com>>
Sent: Thu, July 26, 2012 1:46:41 PM
Subject: RE: [Openid-specs-ab] Mandatory JWK Support for OpenID Connect
Can you provide the rationale or a pointer to the rationale?

From: openid-specs-ab-bounces at lists.openid.net<mailto:openid-specs-ab-bounces at lists.openid.net> [mailto:openid-specs-ab-bounces at lists.openid.net]<mailto:[mailto:openid-specs-ab-bounces at lists.openid.net]> On Behalf Of Edmund Jay
Sent: Thursday, July 26, 2012 11:58 AM
To: openid-specs-ab at lists.openid.net<mailto:openid-specs-ab at lists.openid.net>; openid-connect-interop at googlegroups.com<mailto:openid-connect-interop at googlegroups.com>
Subject: [Openid-specs-ab] Mandatory JWK Support for OpenID Connect

This is to inform everyone that the Working Group has decided to make JWK support mandatory for both the client and server.
Feedbacks welcome.


-- Edmund

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20120727/3c939b3d/attachment.html>


More information about the Openid-specs-ab mailing list