<div dir="ltr"><div><div><div><div>Messages §4.2 [1] says an OP's x509_url is the "URL of the OP's X.509 certificates in PEM format
that are used by the Server for Signing the JWT" while a client's x509_url is the "URL for the Client's PEM encoded X.509
Certificate or Certificate chain." Discovery and Registration have text consistent with that in Messages respectively.<br><br></div>I read that as saying that the client can have only a single signing keypair and that its x509_url will have the associated PEM encoded certificate and possibly the certificates in the chain that can be used to "certify" it. While the OP can have multiple singing keypairs and its x509_url can have multiple PEM encoded certificates where each one corresponds direct to one of the keypairs. But an OP doesn't have a way to express a certificate chain. <br>
<br></div><div>Do I read that correctly? If so, why the difference? Why might a client need to present a chain while an OP only the leaf certificates? I can see an argument for not dealing with chains at all and treating the cert as little more than a convenient container for the public key. But I'm confused by the text that seems to support a chain for the client's key but not for the OP's keys. Am I missing something? <br>
<br></div>JWS [2] and JWE [3] have a similarly named parameter (x5u / x.509 URL) that is defined, as far as I can tell, more along the lines of the way the Connect client uses it. Of course they don't all have to be exactly the same but these specs are all pretty closely related and using the same term for different things is potentially confusing.<br>
<br>Messages §4.2 also says that "if keys are specified in both X.509 and JWK formats, they MUST be the same keys." I see how that works based for my understanding of an OP's keys (one element in the "keys" array per cert) but for clients I don't know what it would mean to have a cert chain in JWK? I guess the JWK endpoint would be omitted in such a case? And does this imply that the client's JWK endpoint can have only one key when providing both an x509_url and jwk_url? Or is that always the case? <br>
<br></div>Sorry for rambling but I would greatly appropriate any clarification on the above questions. And if the motivations for the way things are could be explained, that would be very helpful too.<br><br>Thanks,<br></div>
Brian<br><div><div><br><div><div>[1] <a href="http://openid.net/specs/openid-connect-messages-1_0-13.html#sigenc.key">http://openid.net/specs/openid-connect-messages-1_0-13.html#sigenc.key</a><br>[2] <a href="http://tools.ietf.org/html/draft-ietf-jose-json-web-signature-08#section-4.1.4">http://tools.ietf.org/html/draft-ietf-jose-json-web-signature-08#section-4.1.4</a><br>
[3] <a href="http://tools.ietf.org/html/draft-ietf-jose-json-web-encryption-08#section-4.1.7">http://tools.ietf.org/html/draft-ietf-jose-json-web-encryption-08#section-4.1.7</a></div></div></div></div></div>