[Openid-specs-fapi] #OBEDocument: OBE JWS Profile [revised draft for review]

Mike Jones Michael.Jones at microsoft.com
Tue Feb 4 10:46:26 UTC 2020


This spec seems to be generally solid and well-reasoned.

I am a bit surprised by the requirement to use keys from X.509 certificates in Section 5.3, rather than keys from JWKs.  But I understand that that may be the reality of the targeted deployment environments.

I understand the reference to draft-cavage-http-signatures but everyone should be aware that this is a work in progress and is likely to change.  If you want to keep the reference, the draft should probably explicitly say that the specification uses draft-cavage-http-signatures-10 – even though subsequent and potentially incompatible versions may be published.

The x5t#o header parameter is pretty strange.  If new thumbprint algorithms are needed, it would be better to register new values, like x5t#S256 was, rather than to introduce a level of indirection to determine the digest algorithm.  It’s not the end of the world, but it’s certainly not how the JOSE working group would have added additional digest algorithms.

Thanks for asking for the review.

                                                       -- Mike

From: Openid-specs-fapi <openid-specs-fapi-bounces at lists.openid.net> On Behalf Of Ralph Bragg via Openid-specs-fapi
Sent: Wednesday, January 29, 2020 6:46 AM
To: openid-specs-fapi at lists.openid.net
Cc: Ralph Bragg <ralph.bragg at raidiam.com>
Subject: [EXTERNAL] Re: [Openid-specs-fapi] #OBEDocument: OBE JWS Profile [revised draft for review]

Hi All,

Please see the proposed initial draft for JWS signatures, comments back to me if you’d like to influence the standard.

Kind Regards,
Ralph

From: Joao Daniel Parracho <j.parracho at openbankingeurope.eu<mailto:j.parracho at openbankingeurope.eu>>
Date: Friday, 24 January 2020 at 13:41
Subject: #OBEDocument: OBE JWS Profile [revised draft for review]

Dear colleagues,

As agreed, please find attached the OBE JWS Profile document draft for review. We kindly ask you to submit any comments by 14th February.

Kind regards,
João
João Parracho
Communications & Engagement Consultant | Open Banking Europe
j.parracho at openbankingeurope.eu<mailto:j.parracho at openbankingeurope.eu>

[A close up of a logo  Description automatically generated]
40 rue de Courcelles | F-75008 Paris, France
https://www.openbankingeurope.eu/<https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.openbankingeurope.eu%2F&data=02%7C01%7CMichael.Jones%40microsoft.com%7Cf538e368c09746a5065508d7a4c9f5d7%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637159059632442685&sdata=xjkww%2Fl4qZQNCtXUE1T%2B4iGS%2B%2BygTM9tRHM7RaVsp%2Bc%3D&reserved=0>

Open Banking Europe is owned by PRETA S.A.S. a wholly-owned subsidiary of ABE/EBA CLEARING S.A.S.
PRETA S.A.S. is registered with RCS PARIS under no. 798 483 053 | VAT no. FR 27 798 483 053
This message and any attachments (the "message") are confidential and intended solely for the addressees. Any unauthorized use or dissemination is prohibited. E-mails are susceptible to alteration. PRETA shall not be liable for the message if altered, changed or falsified.
Ce message est confidentiel; son contenu ne représente en aucun cas un engagement de la part de PRETA sous réserve de tout accord conclu par écrit entre vous et PRETA. Toute publication, utilisation ou diffusion, même partielle, doit être autorisée préalablement.
Si vous n'êtes pas destinataire de ce message, merci d'en avertir immédiatement l'expéditeur.

P Please consider the environment before printing this email

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-fapi/attachments/20200204/28325865/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.png
Type: image/png
Size: 10580 bytes
Desc: image001.png
URL: <http://lists.openid.net/pipermail/openid-specs-fapi/attachments/20200204/28325865/attachment-0001.png>


More information about the Openid-specs-fapi mailing list