-
assigned issue to
definition of jwks
https://openid.net/specs/openid-connect-federation-1_0.html#name-entity-statement (draft 24) in section 3.1 tells us
REQUIRED Conditional. A JSON Web Key Set (JWKS) [RFC7517] representing the public part of the subject Entity's signing keys. The corresponding private key is used by Leaf Entities to sign Entity Statements about themselves, and intermediate entities to sign statements about other entities. The keys that can be found here are intended to sign Entity Statements and SHOULD NOT be used in other protocols.
The keys available in JWKS are the public keys, and they are used to verify Entity Statements. I understand the intent and suggest improving the wording in the last sentence.
Comments (3)
-
-
The PR below closes this issue
https://bitbucket.org/openid/connect/pull-requests/347/fix-federation-federation-entity-jwks -
- changed status to resolved
- Log in to comment