Discovery - Specify default Request Object signing algorithm

Issue #721 wontfix
Michael Jones
created an issue

From: openid-specs-ab-bounces@lists.openid.net [mailto:openid-specs-ab-bounces@lists.openid.net] On Behalf Of Roland Hedberg Sent: Saturday, January 26, 2013 9:12 AM To: openid-specs-ab@lists.openid.net Group Subject: [Openid-specs-ab] Default OpenID Request Object signing algorithm

Hi,

in the change log for the discovery document under -09 it says:

  • Changed default OpenID Request Object signing algorithm to RS256, per issue #571

In no later version changes is this default mention, still it's absent from the document. It just says: "Servers SHOULD support none and RS256."

So, how should it be; should there be a default.

-- Roland

Comments (2)

  1. Michael Jones reporter

    The server explicitly advertizes the algorithms it supports. The client then chooses one of them or doesn't sign it. It's not clear that a default makes sense. Where would it be used? A default would only make sense if there was a mandatory-to-implement server side, which there isn't in this case.

  2. Log in to comment