[Openid-specs-risc] SSF security
Atul Tulshibagwale
atultulshi at gmail.com
Thu Apr 13 15:43:37 UTC 2023
How do other specs such as FastFed handle the jwks_uri?
On Thu, Apr 13, 2023 at 7:23 AM Shayne Miel (smiel) via Openid-specs-risc <
openid-specs-risc at lists.openid.net> wrote:
> What are the expectations around the jwks_uri? The
> TransmitterConfiguration must list the URI where you can get the JWKS, but
> nothing is said in the spec about how or whether we should secure that URI.
> Since all of the security of the SETs being sent from the Transmitter is
> held in that JWKS value, should we be specific about how to secure that
> endpoint? Or do we leave that up to the Transmitter to decide?
>
> - Shayne
>
>
> *Shayne Miel*
> / Principal Engineer (he, him, his)
>
> smiel at cisco.com
>
> (919) 923-6230
>
> cisco.com <https://www.cisco.com/site/us/en/products/security/index.html>
>
>
> _______________________________________________
> Openid-specs-risc mailing list
> Openid-specs-risc at lists.openid.net
> https://lists.openid.net/mailman/listinfo/openid-specs-risc
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-risc/attachments/20230413/55209406/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: Outlook-xa12egry.png
Type: image/png
Size: 13713 bytes
Desc: not available
URL: <http://lists.openid.net/pipermail/openid-specs-risc/attachments/20230413/55209406/attachment.png>
More information about the Openid-specs-risc
mailing list