[Openid-specs-heart] HEART Profiles - Authorization Server OAuth / UMA Clarification
Adrian Gropper
agropper at healthurl.com
Thu Dec 3 09:35:35 UTC 2015
In section 4.1 Discovery of
http://openid.bitbucket.org/HEART/openid-heart-oauth2.html, we have the
requirement for each AS to have a public key ( jwks_uri The fully qualified
URI of the server's public key in JWK Set
<http://openid.bitbucket.org/HEART/openid-heart-oauth2.html#RFC7517>
[RFC7517] format ) This is good and clear.
Correspondingly, in the UMA profile
http://openid.bitbucket.org/HEART/openid-heart-uma.html I might expect a
clearer reference to the resource registration aspects of UMA. As far as I
can tell, this is mentioned in Section 2. Tokens as "It is RECOMMENDED that
the PAT use a user-delegated mechanism for issuance and the AAT use a
non-delegated method for issuance."
Does the HEART UMA profile require that a Resource Server MUST be capable
of storing a separate AS public key (presumably the jwks_uri in OAuth 4.1)
for every registered resource? If so, where is this stated and could it be
made clearer?
Adrian
--
Adrian Gropper MD
PROTECT YOUR FUTURE - RESTORE Health Privacy!
HELP us fight for the right to control personal health data.
DONATE: http://patientprivacyrights.org/donate-2/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-heart/attachments/20151203/2b43c897/attachment.html>
More information about the Openid-specs-heart
mailing list