[Openid-specs-risc] openid/sharedsignals: Comment created on issue 298
github at oidf.org
github at oidf.org
Tue Oct 7 20:54:25 UTC 2025
openid/sharedsignals event
Issue Comment created on issue 298
Issue Title: Well Known Configuration for Receivers
https://github.com/openid/sharedsignals/issues/298
Comment: Even just putting a `jwks_uri` in the Receiver's _.well-known_ configuration will be a great benefit - since it trivializes auth completely. Today, the recommendation is to use OAuth with scopes like ssf.manage and ssf.read. But that means the Administrator must explicitly grant permissions to access the Transmitter endpoints, and that the Receiver must generate/request appropriate tokens. Which increases friction and interop burden. Now imagine if Receiver published a `jwks_uri`: 1. Admin configures the Transmitter jwks_uri in the Receiver Admin Console. 2. Admin configures the Receiver jwks_uri in the Transmitter Admin Console. 3. Thus trust is established. - Just like how the Receiver verifies the signature of SETs sent by the Transmitter, - The Transmitter can verify now that a Stream Management request is coming from an Admin-registered Receiver. (Note: Signing details need to be hashed out)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-risc/attachments/20251007/751eca34/attachment.htm>
More information about the Openid-specs-risc
mailing list