Key Material Proof of Possession

Comments (9)

1. 

   Edmund Jay reporter

   • edited description

   • 2021-08-17T00:35:34+00:00
2. 

   Edmund Jay reporter

   • edited description

   • 2021-08-17T00:36:22+00:00
3. 

   Tom Jones

   implementation is not part of a protocol spec is it?

   • 2021-08-17T03:27:34+00:00
4. 

   Edmund Jay reporter

   • edited description

   • 2021-08-18T01:19:21+00:00
5. 

   Kristina Yasuda

   for Line 491, are you referring to the text below?

   Public private key pairs are used by a requesting IdA to establish a means of binding to the resulting signed claim set. An IdA making a Claims Request to an IA MUST prove control over this binding mechanism during the request, this is accomplished through the extended usage of a [signed request](https://openid.net/specs/openid-connect-core-1_0.html#SignedRequestObject) defined in OpenID Connect Core.

   ‌

   • 2021-08-18T03:29:24+00:00
6. 

   Tom Jones

   i think you need to prevent replay as well - like w/ a nonce or session id.

   This is NOT an implementation, it is a component of the protocol.

   • 2021-08-18T04:11:29+00:00
7. 

   Nat Sakimura

   • edited description

   • 2021-08-19T02:26:27+00:00
8. 

   Nat Sakimura

   • edited description

   • 2021-08-19T02:27:48+00:00
9. 

   Kristina Yasuda

   Could the authors please clarify “How is proof of possession of key material implemented?“ is it signed request, or is it usage of uid/nonce? we have few ideas but would be good to understand what is the current proposal. Thank you!

   Is it sub_jwk? it’s a little confusing since sub_jwk is defined in Authorization request, yet it is used in Claims request..

   • 2021-11-16T06:17:06+00:00
10. Log in to comment