[Openid-specs-risc] SSF security
Shayne Miel (smiel)
smiel at cisco.com
Thu Apr 13 14:22:51 UTC 2023
What are the expectations around the jwks_uri? The TransmitterConfiguration must list the URI where you can get the JWKS, but nothing is said in the spec about how or whether we should secure that URI. Since all of the security of the SETs being sent from the Transmitter is held in that JWKS value, should we be specific about how to secure that endpoint? Or do we leave that up to the Transmitter to decide?
- Shayne
[cid:168a1c43-b2ae-49fa-ada4-ff44041b08be]
[https://duo.com/assets/img/email/spacer.gif]
Shayne Miel
/ Principal Engineer (he, him, his)
smiel at cisco.com<mailto:smiel at cisco.com>
(919) 923-6230
cisco.com<https://www.cisco.com/site/us/en/products/security/index.html>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-risc/attachments/20230413/c49928aa/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: Outlook-xa12egry.png
Type: image/png
Size: 13713 bytes
Desc: Outlook-xa12egry.png
URL: <http://lists.openid.net/pipermail/openid-specs-risc/attachments/20230413/c49928aa/attachment-0001.png>
More information about the Openid-specs-risc
mailing list