[Openid-specs-risc] openid/sharedsignals: Comment created on issue 140
github at oidf.org
github at oidf.org
Sun Feb 11 15:05:24 UTC 2024
openid/sharedsignals event
Issue Comment created on issue 140
Issue Title: Proposal to add jwks.json to Receiver
https://github.com/openid/sharedsignals/issues/140
Comment: @TakahikoKawasaki That is a great way to solve this problem! We could add an optional, receiver-supplied field to the StreamConfiguration (to be set by the receiver on stream creation or stream update) that holds the JSON object you described above. I like this solution better because it is a lower burden on the Receiver, especially a poll-based Receiver who might not be hosting _any_ endpoints. @appsdesh I am imagining that the Transmitter would encrypt the entire SET. That is, instead of just signing the JWT (making it a JWS) the Transmitter would encrypt and sign the JWT (making it a JWE). Do you think there would be problems with that approach? Some of the PII is potentially in the top level of the SET (i.e. the `sub_id` claim) so I think we need to encrypt more than just the `events`.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-risc/attachments/20240211/02d79bb9/attachment.html>
More information about the Openid-specs-risc
mailing list