Registration - 2.1 x509_encryption_url makes references to x509_signing_url, jwk_signing_url, and x509_signing_url which do no exist
Issue #414
resolved
Currently, it's written as {{{ x509_encryption_url OPTIONAL. URL for the Client's PEM encoded X.509 Certificate or Certificate chain, used for JWE [JWE] encryption of JWT [JWT] to the Client. If both x509_signing_url and jwk_signing_url are specified x509_signing_url the keys MUST be the same. }}}
x509_signing_url and jwk_signing_url do not exist.
It should be changed to {{{ x509_encryption_url OPTIONAL. URL for the Client's PEM encoded X.509 Certificate or Certificate chain, used for JWE [JWE] encryption of JWT [JWT] to the Client. If both x509_url and jwk_url are specified, the keys MUST be the same. }}}
Comments (3)
-
-
-
assigned issue to
John Bradley
The idea is that if the client is making a key available in multiple formats it MUST be the same key.
The Authorization server doesn't need to check.
They may want to do that so that the retriever can select there preferred format.
It should be jwk_encryption_url and x509_encryption_url
-
assigned issue to
-
- changed status to resolved
Fixes
#4142.1 clean up language where client registers keys in both JWK and X509 format - Log in to comment
The text about the keys being the same sounds like unnecessary complexity, as it effectively forces implementations to retrieve both and check that they are the same. Why not just say that both can not be specified?