- changed milestone to Implementer's Draft
Discovery - Specify default Request Object signing algorithm
From: openid-specs-ab-bounces@lists.openid.net [mailto:openid-specs-ab-bounces@lists.openid.net] On Behalf Of Roland Hedberg Sent: Saturday, January 26, 2013 9:12 AM To: openid-specs-ab@lists.openid.net Group Subject: [Openid-specs-ab] Default OpenID Request Object signing algorithm
Hi,
in the change log for the discovery document under -09 it says:
- Changed default OpenID Request Object signing algorithm to RS256, per issue
#571
In no later version changes is this default mention, still it's absent from the document. It just says: "Servers SHOULD support none and RS256."
So, how should it be; should there be a default.
-- Roland
Comments (2)
-
-
reporter - changed status to wontfix
The server explicitly advertizes the algorithms it supports. The client then chooses one of them or doesn't sign it. It's not clear that a default makes sense. Where would it be used? A default would only make sense if there was a mandatory-to-implement server side, which there isn't in this case.
- Log in to comment