<html>
<head>
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
</head>
<body text="#000000" bgcolor="#FFFFFF">
Hi Nat,<br>
<br>
I just read the spec (for the first time) and think the concept is
generally sound. I'm wondering a bit about the way the client
obtains the OP's public key. The GET request on the OpenID 2.0
Identifier URL directly returns the JWK. I would suggest to just
return the jwk_uri, in the same way openid connect discovery does
it. This way this GET request is static (even with key rotation in
place) and the OP can reuse the existing functionality to publish
its public keys (including support for multiple keys in case of
rotation).<br>
<br>
What do you think? <br>
<br>
kind regards,<br>
Torsten.<br>
<br>
<div class="moz-cite-prefix">Am 26.07.2014 07:44, schrieb Nat
Sakimura:<br>
</div>
<blockquote
cite="mid:CABzCy2C=mqKvKyym6N+fhPw=LDcMpJwf1FjuPaVR2eyKJB1hYw@mail.gmail.com"
type="cite">
<div dir="ltr">Thanks to Edmund Jay, the examples are now fixed.
<div>This is to initiate the WG Last Call. </div>
<div>Please review the document and file issues if there are
within a week. </div>
<div>Once all the issues are resolved, we will go to the
implementer's draft public review period for 45 days. </div>
<div><br>
</div>
<div>Nat</div>
<div>
<div><br>
</div>
-- <br>
Nat Sakimura (=nat)
<div>Chairman, OpenID Foundation<br>
<a moz-do-not-send="true" href="http://nat.sakimura.org/"
target="_blank">http://nat.sakimura.org/</a><br>
@_nat_en</div>
</div>
</div>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
Openid-specs-ab mailing list
<a class="moz-txt-link-abbreviated" href="mailto:Openid-specs-ab@lists.openid.net">Openid-specs-ab@lists.openid.net</a>
<a class="moz-txt-link-freetext" href="http://lists.openid.net/mailman/listinfo/openid-specs-ab">http://lists.openid.net/mailman/listinfo/openid-specs-ab</a>
</pre>
</blockquote>
<br>
</body>
</html>