[Openid-specs-ab] Mandatory JWK Support for OpenID Connect

Anthony Nadalin tonynad at microsoft.com
Fri Jul 27 04:43:26 UTC 2012


This creates problems with folks that already have a PIK infrastructure and want to use existing keys

From: Edmund Jay [mailto:ejay at mgi1.com]
Sent: Thursday, July 26, 2012 3:11 PM
To: Anthony Nadalin; openid-specs-ab at lists.openid.net; openid-connect-interop at googlegroups.com
Subject: Re: [Openid-specs-ab] Mandatory JWK Support for OpenID Connect

This is in reference to the open issue # 633 at http://hg.openid.net/connect/issue/633/messages-42-jwk-and-x509-format-support
The specs currently support x509 and JWK format for publishing public keys but is silent on which must be supported.
There may be interop problems related to cryptographic aspects of OpenID due to lack of common support between client and server.

-- Edmund

________________________________
From: Anthony Nadalin <tonynad at microsoft.com<mailto:tonynad at microsoft.com>>
To: Edmund Jay <ejay at mgi1.com<mailto:ejay at mgi1.com>>; "openid-specs-ab at lists.openid.net<mailto:openid-specs-ab at lists.openid.net>" <openid-specs-ab at lists.openid.net<mailto:openid-specs-ab at lists.openid.net>>; "openid-connect-interop at googlegroups.com<mailto:openid-connect-interop at googlegroups.com>" <openid-connect-interop at googlegroups.com<mailto:openid-connect-interop at googlegroups.com>>
Sent: Thu, July 26, 2012 1:46:41 PM
Subject: RE: [Openid-specs-ab] Mandatory JWK Support for OpenID Connect
Can you provide the rationale or a pointer to the rationale?

From: openid-specs-ab-bounces at lists.openid.net<mailto:openid-specs-ab-bounces at lists.openid.net> [mailto:openid-specs-ab-bounces at lists.openid.net]<mailto:[mailto:openid-specs-ab-bounces at lists.openid.net]> On Behalf Of Edmund Jay
Sent: Thursday, July 26, 2012 11:58 AM
To: openid-specs-ab at lists.openid.net<mailto:openid-specs-ab at lists.openid.net>; openid-connect-interop at googlegroups.com<mailto:openid-connect-interop at googlegroups.com>
Subject: [Openid-specs-ab] Mandatory JWK Support for OpenID Connect

This is to inform everyone that the Working Group has decided to make JWK support mandatory for both the client and server.
Feedbacks welcome.


-- Edmund
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20120727/6847fbea/attachment-0001.html>


More information about the Openid-specs-ab mailing list