[Openid-specs-fapi] Issue #605: JARM for signed authZ responses seems to allow MACs (openid/fapi)
SECtim
issues-reply at bitbucket.org
Tue Jun 13 09:33:17 UTC 2023
New issue 605: JARM for signed authZ responses seems to allow MACs
https://bitbucket.org/openid/fapi/issues/605/jarm-for-signed-authz-responses-seems-to
Tim Würtele:
FAPI 2.0 MS points to JARM to sign authorization responses. Maybe I’ve overlooked something, but it seems that neither FAPI 2.0 MS, nor JARM explicitly prohibit the use of symmetric signatures, i.e., MACs. That would of course defeat the whole idea of non-repudiation.
More information about the Openid-specs-fapi
mailing list