- edited description
Key Material Proof of Possession
General Comments from TL regarding for pull request #39
How is proof of possession of key material implemented?
Probably related to the text around line 491.
Comments (9)
-
reporter -
reporter - edited description
-
implementation is not part of a protocol spec is it?
-
reporter - edited description
-
for Line 491, are you referring to the text below?
Public private key pairs are used by a requesting IdA to establish a means of binding to the resulting signed claim set. An IdA making a Claims Request to an IA MUST prove control over this binding mechanism during the request, this is accomplished through the extended usage of a [signed request](https://openid.net/specs/openid-connect-core-1_0.html#SignedRequestObject) defined in OpenID Connect Core.
-
i think you need to prevent replay as well - like w/ a nonce or session id.
This is NOT an implementation, it is a component of the protocol.
-
- edited description
-
- edited description
-
Could the authors please clarify “How is proof of possession of key material implemented?“ is it signed request, or is it usage of uid/nonce? we have few ideas but would be good to understand what is the current proposal. Thank you!
Is it sub_jwk? it’s a little confusing since
sub_jwk
is defined in Authorization request, yet it is used in Claims request.. - Log in to comment