Federation: Jwks not really needed in explicit registration statement returned to RP

Comments (3)

Roland Hedberg

Correct

2020-06-30T08:21:47+00:00

Vladimir Dzhuvinov reporter

Thanks. Here is one suggested wording to update the jwks spec (added a second sentence):

jwks
OPTIONAL. A JSON Web Key Set (JWKS) representing the public part of the subject entity's signing keys. REQUIRED in all entity statements except those issued by an OP for a RP in response to an explicit client registration request as specified in Section 9.2. The corresponding private key is used by leaf entities to sign entity statements about themselves, and intermediate entities to sign statements about other entities. The keys that can be found here are primarily intended to sign entity statements and should not be used in other protocols.

‌

2020-07-01T04:41:00+00:00

Vladimir Dzhuvinov reporter

changed status to resolved

I see an edit was already applied: https://github.com/rohe/oidcfederation/commit/4ff5567e8835ec614139d3581ed576e9904c984f

2020-07-01T04:47:32+00:00

Roland Hedberg
Correct
- 2020-06-30T08:21:47+00:00
Vladimir Dzhuvinov reporter
Thanks. Here is one suggested wording to update the jwks spec (added a second sentence):

jwks
OPTIONAL. A JSON Web Key Set (JWKS) representing the public part of the subject entity's signing keys. REQUIRED in all entity statements except those issued by an OP for a RP in response to an explicit client registration request as specified in Section 9.2. The corresponding private key is used by leaf entities to sign entity statements about themselves, and intermediate entities to sign statements about other entities. The keys that can be found here are primarily intended to sign entity statements and should not be used in other protocols.

‌
- 2020-07-01T04:41:00+00:00
Vladimir Dzhuvinov reporter
- changed status to resolved
I see an edit was already applied: https://github.com/rohe/oidcfederation/commit/4ff5567e8835ec614139d3581ed576e9904c984f
- 2020-07-01T04:47:32+00:00
Log in to comment