openid / connect / issues / #199 - Messages - 5 underspecified use of signing and encryption

Issue #199 resolved

Former user created an issue 2011-10-10

"OpenID Connect MAY use JWS/JSW"

Unspecified which messages can be signed/encrypted, and how that is supposed to be reconciled with OAuth2 - where JSON (not JWT/JWS/JWE) shows up only for token responses.

Comments (8)

Nat Sakimura
- changed title to Messages - 5 underspecified use of signing and encryption
- 2011-10-18T00:49:42+00:00
Nat Sakimura
- marked as minor
- assigned issue to
  
  Edmund Jay
- marked as enhancement
- changed status to open
Before final, put encryption and signing examples.
- 2011-10-18T00:51:32+00:00
Nat Sakimura
Before final, put encryption and signing examples.
- 2011-10-18T00:51:32+00:00
Nat Sakimura
- changed status to on hold
- 2011-10-18T00:51:55+00:00
Former user Account Deleted
I disagree with type=enhancement, this issue is in my view major or critical -- no idea how to apply signing/encryption, and how to deal with the possible deviations from OAuth. Normative text is expected.
- 2011-10-18T01:00:06+00:00
Michael Jones
- assigned issue to
  
  Nat Sakimura
- changed status to open
The request object can be signed. The code can not be signed. A token request can not be signed. The access token is not signed. The id_token is signed. The user_info response can be signed.

All signed objects can also be encrypted.

The spec should be updated to add this information.
- 2012-04-19T15:49:35+00:00
Michael Jones
- marked as major
- marked as bug
- 2012-04-19T15:49:51+00:00
Nat Sakimura
- changed status to resolved
Fix ~~#199~~

→ e178499cb4ea
- 2012-04-25T13:37:51+00:00
Log in to comment

Assignee: Nat Sakimura

Type: bug

Priority: major

Status: resolved

Component: –

Milestone: –

Version: –

Votes: 0

Watchers: 0