openid / connect / issues / #1863 - JARM JWE-only language is not consistent with JARM — Bitbucket

Issue #1863 resolved

Oliver Terbu created an issue 2023-03-09

The current extension of JARM to use JWE only (with no JWS) is not consistent with the JARM spec. We should omit iss, aud an exp in the JWT Claims Set if only JWE was used. Furthermore, processing rules defined in JARM regarding JWS and these claims don’t apply.

Comments (4)

Oliver Terbu reporter
Updated:

PR is here https://bitbucket.org/openid/connect/pull-requests/478
- 2023-03-09T10:41:34+00:00
Oliver Terbu reporter
`iss`, aud and exp don’t really have value if JWE only is used. We should make: iss, aud and exp optional and explicitly state which processing rules defined in JARM don’t apply for those claims and for checking the JWS signature.
- 2023-03-09T14:38:00+00:00
Oliver Terbu reporter
- changed status to resolved
resolved by merging https://bitbucket.org/openid/connect/pull-requests/478
- 2023-03-09T16:52:11+00:00
Kristina Yasuda
PR merged.
- 2023-03-09T16:52:15+00:00
Log in to comment

Assignee: –

Type: bug

Priority: major

Status: resolved

Component: Verifiable Presentation

Milestone: –

Version: –

Votes: 0

Watchers: 1

Jira: the preferred issue tracker for Bitbucket. Join the team!