[Openid-specs-ab] JWA support

John Bradley ve7jtb at ve7jtb.com
Wed Sep 26 18:40:34 UTC 2012


That is fine.

int, alg and int are all in the same parameter as they originally were distinct.  Now they are not but int and enc are changing,  so I agree with Mike changing it after the changes to JWE.


On 2012-09-26, at 7:06 PM, Mike Jones wrote:

> Looking at http://openid.net/specs/openid-connect-messages-1_0.html#sigenc, I agree that the treatment of advertising supported algorithms is currently inconsistent.  The client has fine-grained control with the parameters
> 	{userinfo,id_token}_signed_response_alg and {userinfo,id_token}_encrypted_response_{alg,enc,int}
> whereas the server jumbles the types of algorithms together with the parameters
> 	{userinfo,id_token,request_object,token_endpoint}_algs_supported.
> 
> I believe that we should give the server the same degree of control as the client.  I would propose these new server parameter names:
> 	{userinfo,id_token,request_object,token_endpoint}_signing_alg_values_supported
> 	{userinfo,id_token,request_object,token_endpoint}_encryption_{alg,enc}_values_supported
> 
> Do people agree with that proposal?
> 
> Notice that I didn't include an "int_values_supported" option.  That's because in the JOSE drafts to be published shortly, the "int" and "kdf" parameters are going away, with the "enc" value representing AEAD algorithms such as "A128CBC+HS256", "A256CBC+HS512", "A128GCM", and "A256GCM" (with combinations such as "A128CBC+HS256" used when the base block encryption algorithm is not already AEAD).
> 
> I don't propose to change the Connect spec until the JOSE changes are published, but I'll plan to do so at that time.  Until then, we can do interop on the current specs.  But implementers should be aware of the upcoming changes.
> 
> 				Best wishes,
> 				-- Mike
> 
> -----Original Message-----
> From: openid-specs-ab-bounces at lists.openid.net [mailto:openid-specs-ab-bounces at lists.openid.net] On Behalf Of Roland Hedberg
> Sent: Wednesday, September 26, 2012 4:37 AM
> To: Roland Hedberg
> Cc: openid-specs-ab at lists.openid.net Group
> Subject: Re: [Openid-specs-ab] JWA support
> 
> 
> 26 sep 2012 kl. 13:09 skrev Roland Hedberg <roland.hedberg at adm.umu.se>:
> 
>> Hi,
>> 
>> an OIC OP can publish which encryption algorithms it supports using userinfo_algs_supported, id_token_algs_supported and request_object_algs_supported respectively.
> 
> 
> or, looking at what the publicly available OPs publish, are you supposed to put alg, enc and int specifications in a jumble in these claims.
> 
> -- Roland
> ------------------------------------------------------
> Roland Hedberg
> IT Architect/Senior Researcher
> ICT Services and System Development (ITS) Umeå University 
> SE-901 87 Umeå, Sweden	
> Phone +46 90 786 68 44
> Mobile +46 70 696 68 44
> www.its.umu.se 
> 
> _______________________________________________
> Openid-specs-ab mailing list
> Openid-specs-ab at lists.openid.net
> http://lists.openid.net/mailman/listinfo/openid-specs-ab
> 
> 
> _______________________________________________
> Openid-specs-ab mailing list
> Openid-specs-ab at lists.openid.net
> http://lists.openid.net/mailman/listinfo/openid-specs-ab



More information about the Openid-specs-ab mailing list