[Openid-specs-mobile-profile] Issue 52 CIBA Pairwise Identifiers Structuring Text

Axel.Nennker at telekom.de Axel.Nennker at telekom.de
Thu Jun 8 19:02:49 UTC 2017


My hope was that by making sector_identifier_uri mandatory we would get rid of all the special cases with jwks_uri and whatnot.
Isn’t that true?
So if someuses CIBA then there MUST be a siu at registration time and CIBA does not care how that is validated.
Making my life too easy?

Axel


From: John Bradley [mailto:ve7jtb at ve7jtb.com]
Sent: Donnerstag, 8. Juni 2017 18:56
To: Nennker, Axel <Axel.Nennker at telekom.de>
Cc: openid-specs-mobile-profile at lists.openid.net
Subject: Re: [Openid-specs-mobile-profile] Issue 52 CIBA Pairwise Identifiers Structuring Text

Validation of the sector identifier is part of registration.

The client registers its client_notification_endpoint as a new element.  (Shouldn't that be an array vs a single URI if the request allows notification_uri to be specified?  otherwise why send it in the request?)

The registration process needs to check those URI against the URI in the JSON file returned from the sector_identifier_uri.

I dont think registration is going to get updated anytime soon so it probably needs to be explained in this spec for those IDP that allow notifiction_uri to be specified.

All AS should always use the sector_identifier_uri as the key for generating ppid. Nothing in that changes.

I think for the polling we need to specify the client JWKS endpoint in the sector_identifier_uri as well.

It is just a URI so that should not be an issue.

If the registered jwks uri is not in the file then don’t allow polling.
I know this precludes the use of symmetric keys but I think that may be a reasonable trade off if someone wants to use this with polling.

John B.



On Jun 8, 2017, at 3:38 AM, <Axel.Nennker at telekom.de<mailto:Axel.Nennker at telekom.de>> <Axel.Nennker at telekom.de<mailto:Axel.Nennker at telekom.de>> wrote:

Hi all,

can this issue be closed?
https://bitbucket.org/openid/mobile/issues/52/ciba-pairwise-identifiers-structuring-text

The sector_identifier_url is now mandatory to be specified at Client registration time.
Validation of the sector_identifier is out-of-scope for CIBA and should be in Discovery.

Please comment on the issue in bitbucket or here.

Kind regards
Axel





DEUTSCHE TELEKOM AG
T-Labs (Research & Innovation)
Axel Nennker
Winterfeldtstr. 21, 10781 Berlin
+491702275312 (Tel.)
E-Mail: axel.nennker at telekom.de<mailto:axel.nennker at telekom.de>



_______________________________________________
Openid-specs-mobile-profile mailing list
Openid-specs-mobile-profile at lists.openid.net<mailto:Openid-specs-mobile-profile at lists.openid.net>
http://lists.openid.net/mailman/listinfo/openid-specs-mobile-profile

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-mobile-profile/attachments/20170608/706b867a/attachment-0001.html>


More information about the Openid-specs-mobile-profile mailing list