"Encryption Method" is the correct term/word here? AFAIK It's cipher
chaining mode. I know it's a technical word, but still, I feel like we have
to use correct naming. Something  like "Chaning Mode".


Thanks
Godwin

On Wed, Mar 7, 2018 at 11:26 AM, Vihanga Liyanage <viha...@wso2.com> wrote:

> Hi all,
>
> [Update]
> I have completed the second phase of the project, providing service
> provider level configurations in admin dashboard to configure encryption
> algorithm and encryption method. With this update, once you enable
> encrypting id tokens for an SP in the admin dashboard, two select boxes
> will appear with supported encryption algorithms and supported encryption
> methods. These supported algorithms are pulled from the identity.xml file.
>
>
>
> Respective git issue and pull requests are as follows.
>
>    - https://github.com/wso2/product-is/issues/2387
>    - https://github.com/wso2/carbon-identity-framework/pull/1416
>    - https://github.com/wso2-extensions/identity-inbound-
>    auth-oauth/pull/832
>
> I have also updated the docs as well.
>
> Thanks,
> Vihanga.
>
> On Tue, Feb 20, 2018 at 2:45 PM, Vihanga Liyanage <viha...@wso2.com>
> wrote:
>
>> Hi all,
>>
>> [Update]
>> I was able to complete the initial development of the proposed project,
>> encrypted id token support in OIDC flow. Following are the links related to
>> the development.
>>
>>    - An issue was created in product-is repository to track the
>>    development.
>>       - https://github.com/wso2/product-is/issues/2336
>>    - Pull request is made to identity-inbound-auth-oauth repository with
>>    required updates.
>>    - https://github.com/wso2-extensions/identity-inbound-auth-oau
>>       th/pull/798
>>    - Pull request is made to product-is repository with updated
>>    playground application to test the feature
>>    - https://github.com/wso2/product-is/pull/2313
>>    - Code review was held to review the code written in both PRs.
>>
>> All PRs are merged by now.
>> Currently, I'm working on integration test to test the newly added
>> feature.
>>
>> Thanks,
>> Vihanga
>>
>> On Fri, Feb 9, 2018 at 5:07 PM, Vihanga Liyanage <viha...@wso2.com>
>> wrote:
>>
>>> Yes, Farasath. As for the offline discussions with Drashana, I came to
>>> the same conclusion and exploring the SAML sample app right now.
>>>
>>> Although I'm not sure about signing JWE. I couldn't find anything
>>> specific about that in the RFC. Also, the API in Nimbus only expects the
>>> claims set and the public key of the client to create and encrypt a JWE.
>>> Please do let me know if you find something else.
>>>
>>> On Fri, Feb 9, 2018 at 4:34 PM, Farasath Ahamed <farasa...@wso2.com>
>>> wrote:
>>>
>>>>
>>>>
>>>> On Friday, February 9, 2018, Vihanga Liyanage <viha...@wso2.com> wrote:
>>>>
>>>>> [- Engineering, Strategy]
>>>>> [+ Architecture, Dev]
>>>>>
>>>>> Thanks,
>>>>> Vihanga
>>>>>
>>>>> On Fri, Feb 9, 2018 at 8:56 AM, Vihanga Liyanage <viha...@wso2.com>
>>>>> wrote:
>>>>>
>>>>>> Hi Farasath,
>>>>>>
>>>>>> For the above two points IMO it would be better to provide an option
>>>>>>> at Service Provider OAuth/OIDC configuration. This will be similar to 
>>>>>>> what
>>>>>>> we have done for SAML.
>>>>>>>
>>>>>>
>>>>>> That is the initial idea came to me as well. But shouldn't the
>>>>>> clients have a choice of deciding that as well? May be through a request
>>>>>> parameter. To use either JWS or JWE, the client have to support them 
>>>>>> right?
>>>>>>
>>>>>
>>>> By enabling the option to encrypt id_token in the service provider
>>>> configs the client is acknowledging that it can support encrypted
>>>> id_tokens.
>>>>
>>>> AFAIK even for JWE we need to first sign and then encrypt. Also I
>>>> couldn't find any reference on a standard approach to allow clients to
>>>> switch between JWS and JWE via a request parameter.
>>>>
>>>> If we take a look at how we handle this is SAML, we have an option in
>>>> the SAML configs to say whether the assertion needs to be encrypted or not.
>>>> Once the option to encrypt assertion is enabled SAML assertions will always
>>>> be encrypted for the particular service provider (ie. There is no
>>>> requirement to switch between signed or encrypted assertions)
>>>>
>>>> IMO we can follow the same approach. WDYT?
>>>>
>>>>
>>>>>>> On a separate note, any specific reason why we are discussing this
>>>>>>> in strategy and not in Dev and architecture mailing lists?
>>>>>>>
>>>>>>> I feel that we need to discuss this feature in architecture mailing
>>>>>>> list to get the input from community.
>>>>>>>
>>>>>>
>>>>>> No such specific reason at all. On the previous project I did, the
>>>>>> mail was asked to sent to engineering and strategy. So I followed the 
>>>>>> same
>>>>>> protocol. I'll change that now.
>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>>
>>>>>>>> Thanks,
>>>>>>>> Vihanga.
>>>>>>>>
>>>>>>>> --
>>>>>>>>
>>>>>>>> Vihanga Liyanage
>>>>>>>>
>>>>>>>> Software Engineer | WS*O₂* Inc.
>>>>>>>>
>>>>>>>> M : +*94710124103* | http://wso2.com
>>>>>>>>
>>>>>>>> [image: http://wso2.com/signature] <http://wso2.com/signature>
>>>>>>>>
>>>>>>>>
>>>>>>>> <https://www.avast.com/sig-email?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=webmail&utm_term=icon>
>>>>>>>>  Virus-free.
>>>>>>>> www.avast.com
>>>>>>>> <https://www.avast.com/sig-email?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=webmail&utm_term=link>
>>>>>>>> <#m_7594679342619863323_m_4770696490581545647_m_-2123188955827273075_m_6964541531375253954_m_-4836321406318245336_m_-5520087002137875506_m_-4545884336410447238_m_6821664179648888237_DAB4FAD8-2DD7-40BB-A1B8-4E2AA1F9FDF2>
>>>>>>>>
>>>>>>>> --
>>>>>>>> You received this message because you are subscribed to the Google
>>>>>>>> Groups "WSO2 Engineering Group" group.
>>>>>>>> To unsubscribe from this group and stop receiving emails from it,
>>>>>>>> send an email to engineering-group+unsubscr...@wso2.com.
>>>>>>>> For more options, visit https://groups.google.com/a/ws
>>>>>>>> o2.com/d/optout.
>>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> --
>>>>>>> Farasath Ahamed
>>>>>>> Senior Software Engineer, WSO2 Inc.; http://wso2.com
>>>>>>> Mobile: +94777603866
>>>>>>> Blog: blog.farazath.com
>>>>>>> Twitter: @farazath619 <https://twitter.com/farazath619>
>>>>>>> <http://wso2.com/signature>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>
>>>>>>
>>>>>> --
>>>>>>
>>>>>> Vihanga Liyanage
>>>>>>
>>>>>> Software Engineer | WS*O₂* Inc.
>>>>>>
>>>>>> M : +*94710124103* | http://wso2.com
>>>>>>
>>>>>> [image: http://wso2.com/signature] <http://wso2.com/signature>
>>>>>>
>>>>>
>>>>>
>>>>>
>>>>> --
>>>>>
>>>>> Vihanga Liyanage
>>>>>
>>>>> Software Engineer | WS*O₂* Inc.
>>>>>
>>>>> M : +*94710124103* | http://wso2.com
>>>>>
>>>>> [image: http://wso2.com/signature] <http://wso2.com/signature>
>>>>>
>>>>
>>>>
>>>> --
>>>> Farasath Ahamed
>>>> Senior Software Engineer, WSO2 Inc.; http://wso2.com
>>>> Mobile: +94777603866
>>>> Blog: blog.farazath.com
>>>> Twitter: @farazath619 <https://twitter.com/farazath619>
>>>> <http://wso2.com/signature>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>
>>>
>>> --
>>>
>>> Vihanga Liyanage
>>>
>>> Software Engineer | WS*O₂* Inc.
>>>
>>> M : +*94710124103* | http://wso2.com
>>>
>>> [image: http://wso2.com/signature] <http://wso2.com/signature>
>>>
>>
>>
>>
>> --
>>
>> Vihanga Liyanage
>>
>> Software Engineer | WS*O₂* Inc.
>>
>> M : +*94710124103* | http://wso2.com
>>
>> [image: http://wso2.com/signature] <http://wso2.com/signature>
>>
>
>
>
> --
>
> Vihanga Liyanage
>
> Software Engineer | WS*O₂* Inc.
>
> M : +*94710124103* | http://wso2.com
>
> [image: http://wso2.com/signature] <http://wso2.com/signature>
>
> _______________________________________________
> Architecture mailing list
> Architecture@wso2.org
> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
>
>


-- 
*Godwin Amila Shrimal*
Associate Technical Lead
WSO2 Inc.; http://wso2.com
lean.enterprise.middleware

mobile: *+94772264165*
linkedin: *https://www.linkedin.com/in/godwin-amila-2ba26844/
<https://www.linkedin.com/in/godwin-amila-2ba26844/>*
twitter: https://twitter.com/godwinamila
<http://wso2.com/signature>
_______________________________________________
Architecture mailing list
Architecture@wso2.org
https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture

Reply via email to