-
assigned issue to
provide key rollover guidance
As captured in the 07-Jan-13 call notes http://lists.openid.net/pipermail/openid-specs-ab/Week-of-Mon-20130107/002788.html one of the action items (as I understood it) was for Mr. Bradley to draft some text describing how to accomplish rolling keys given the constructs provided by connect. That was nearly three weeks ago, however, so I'm submitting the ticket on his behalf.
I think https://bitbucket.org/openid/connect/issue/703/key-publication-needs-to-be-reworked needs to be resolved first. Then working though the details of how kid (and maybe x5t) and the x509 and jwk endpoints can be used to rotate keys would be a useful exercise to validate that and might help provide some guidance to implementers and deployers too.
Comments (10)
-
-
repo owner -
assigned issue to
-
assigned issue to
-
- changed milestone to Implementor's Draft
-
reporter - edited description
-
- changed milestone to Implementer's Draft
-
reporter Attempting to catalyze some discussion/resolution on the WG mail list: http://lists.openid.net/pipermail/openid-specs-ab/Week-of-Mon-20130204/003088.html
relating to
https://bitbucket.org/openid/connect/issue/740 and https://bitbucket.org/openid/connect/issue/703 and https://bitbucket.org/openid/connect/issue/704
-
- changed status to resolved
Fixed
#703- Added the PKIX JWK key type and consolidated keys into combined "jwk_uri" parameter. Fixed#704- Provided suggested guidance about how to do key rotation.→ <<cset cec07bc9876b>>
-
- changed status to open
Still more to do in the specs other than Messages.
-
reporter -
- changed status to resolved
This is now addressed in the specifications.
- Log in to comment
Brian will write up how key rollover scenarios would work with each of the proposals and then send it to the list