should be corrected as "Chaining Mode".

Thanks
Godwin

On Wed, Mar 7, 2018 at 5:26 PM, Godwin Shrimal <god...@wso2.com> wrote:

> "Encryption Method" is the correct term/word here? AFAIK It's cipher
> chaining mode. I know it's a technical word, but still, I feel like we have
> to use correct naming. Something  like "Chaning Mode".
>
>
> Thanks
> Godwin
>
> On Wed, Mar 7, 2018 at 11:26 AM, Vihanga Liyanage <viha...@wso2.com>
> wrote:
>
>> Hi all,
>>
>> [Update]
>> I have completed the second phase of the project, providing service
>> provider level configurations in admin dashboard to configure encryption
>> algorithm and encryption method. With this update, once you enable
>> encrypting id tokens for an SP in the admin dashboard, two select boxes
>> will appear with supported encryption algorithms and supported encryption
>> methods. These supported algorithms are pulled from the identity.xml file.
>>
>>
>>
>> Respective git issue and pull requests are as follows.
>>
>>    - https://github.com/wso2/product-is/issues/2387
>>    - https://github.com/wso2/carbon-identity-framework/pull/1416
>>    - https://github.com/wso2-extensions/identity-inbound-auth-
>>    oauth/pull/832
>>
>> I have also updated the docs as well.
>>
>> Thanks,
>> Vihanga.
>>
>> On Tue, Feb 20, 2018 at 2:45 PM, Vihanga Liyanage <viha...@wso2.com>
>> wrote:
>>
>>> Hi all,
>>>
>>> [Update]
>>> I was able to complete the initial development of the proposed project,
>>> encrypted id token support in OIDC flow. Following are the links related to
>>> the development.
>>>
>>>    - An issue was created in product-is repository to track the
>>>    development.
>>>       - https://github.com/wso2/product-is/issues/2336
>>>    - Pull request is made to identity-inbound-auth-oauth repository
>>>    with required updates.
>>>    - https://github.com/wso2-extensions/identity-inbound-auth-oau
>>>       th/pull/798
>>>    - Pull request is made to product-is repository with updated
>>>    playground application to test the feature
>>>    - https://github.com/wso2/product-is/pull/2313
>>>    - Code review was held to review the code written in both PRs.
>>>
>>> All PRs are merged by now.
>>> Currently, I'm working on integration test to test the newly added
>>> feature.
>>>
>>> Thanks,
>>> Vihanga
>>>
>>> On Fri, Feb 9, 2018 at 5:07 PM, Vihanga Liyanage <viha...@wso2.com>
>>> wrote:
>>>
>>>> Yes, Farasath. As for the offline discussions with Drashana, I came to
>>>> the same conclusion and exploring the SAML sample app right now.
>>>>
>>>> Although I'm not sure about signing JWE. I couldn't find anything
>>>> specific about that in the RFC. Also, the API in Nimbus only expects the
>>>> claims set and the public key of the client to create and encrypt a JWE.
>>>> Please do let me know if you find something else.
>>>>
>>>> On Fri, Feb 9, 2018 at 4:34 PM, Farasath Ahamed <farasa...@wso2.com>
>>>> wrote:
>>>>
>>>>>
>>>>>
>>>>> On Friday, February 9, 2018, Vihanga Liyanage <viha...@wso2.com>
>>>>> wrote:
>>>>>
>>>>>> [- Engineering, Strategy]
>>>>>> [+ Architecture, Dev]
>>>>>>
>>>>>> Thanks,
>>>>>> Vihanga
>>>>>>
>>>>>> On Fri, Feb 9, 2018 at 8:56 AM, Vihanga Liyanage <viha...@wso2.com>
>>>>>> wrote:
>>>>>>
>>>>>>> Hi Farasath,
>>>>>>>
>>>>>>> For the above two points IMO it would be better to provide an option
>>>>>>>> at Service Provider OAuth/OIDC configuration. This will be similar to 
>>>>>>>> what
>>>>>>>> we have done for SAML.
>>>>>>>>
>>>>>>>
>>>>>>> That is the initial idea came to me as well. But shouldn't the
>>>>>>> clients have a choice of deciding that as well? May be through a request
>>>>>>> parameter. To use either JWS or JWE, the client have to support them 
>>>>>>> right?
>>>>>>>
>>>>>>
>>>>> By enabling the option to encrypt id_token in the service provider
>>>>> configs the client is acknowledging that it can support encrypted
>>>>> id_tokens.
>>>>>
>>>>> AFAIK even for JWE we need to first sign and then encrypt. Also I
>>>>> couldn't find any reference on a standard approach to allow clients to
>>>>> switch between JWS and JWE via a request parameter.
>>>>>
>>>>> If we take a look at how we handle this is SAML, we have an option in
>>>>> the SAML configs to say whether the assertion needs to be encrypted or 
>>>>> not.
>>>>> Once the option to encrypt assertion is enabled SAML assertions will 
>>>>> always
>>>>> be encrypted for the particular service provider (ie. There is no
>>>>> requirement to switch between signed or encrypted assertions)
>>>>>
>>>>> IMO we can follow the same approach. WDYT?
>>>>>
>>>>>
>>>>>>>> On a separate note, any specific reason why we are discussing this
>>>>>>>> in strategy and not in Dev and architecture mailing lists?
>>>>>>>>
>>>>>>>> I feel that we need to discuss this feature in architecture mailing
>>>>>>>> list to get the input from community.
>>>>>>>>
>>>>>>>
>>>>>>> No such specific reason at all. On the previous project I did, the
>>>>>>> mail was asked to sent to engineering and strategy. So I followed the 
>>>>>>> same
>>>>>>> protocol. I'll change that now.
>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>>
>>>>>>>>> Thanks,
>>>>>>>>> Vihanga.
>>>>>>>>>
>>>>>>>>> --
>>>>>>>>>
>>>>>>>>> Vihanga Liyanage
>>>>>>>>>
>>>>>>>>> Software Engineer | WS*O₂* Inc.
>>>>>>>>>
>>>>>>>>> M : +*94710124103* | http://wso2.com
>>>>>>>>>
>>>>>>>>> [image: http://wso2.com/signature] <http://wso2.com/signature>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> <https://www.avast.com/sig-email?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=webmail&utm_term=icon>
>>>>>>>>>  Virus-free.
>>>>>>>>> www.avast.com
>>>>>>>>> <https://www.avast.com/sig-email?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=webmail&utm_term=link>
>>>>>>>>> <#m_-701407733432389279_m_7594679342619863323_m_4770696490581545647_m_-2123188955827273075_m_6964541531375253954_m_-4836321406318245336_m_-5520087002137875506_m_-4545884336410447238_m_6821664179648888237_DAB4FAD8-2DD7-40BB-A1B8-4E2AA1F9FDF2>
>>>>>>>>>
>>>>>>>>> --
>>>>>>>>> You received this message because you are subscribed to the Google
>>>>>>>>> Groups "WSO2 Engineering Group" group.
>>>>>>>>> To unsubscribe from this group and stop receiving emails from it,
>>>>>>>>> send an email to engineering-group+unsubscr...@wso2.com.
>>>>>>>>> For more options, visit https://groups.google.com/a/ws
>>>>>>>>> o2.com/d/optout.
>>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>> --
>>>>>>>> Farasath Ahamed
>>>>>>>> Senior Software Engineer, WSO2 Inc.; http://wso2.com
>>>>>>>> Mobile: +94777603866
>>>>>>>> Blog: blog.farazath.com
>>>>>>>> Twitter: @farazath619 <https://twitter.com/farazath619>
>>>>>>>> <http://wso2.com/signature>
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> --
>>>>>>>
>>>>>>> Vihanga Liyanage
>>>>>>>
>>>>>>> Software Engineer | WS*O₂* Inc.
>>>>>>>
>>>>>>> M : +*94710124103* | http://wso2.com
>>>>>>>
>>>>>>> [image: http://wso2.com/signature] <http://wso2.com/signature>
>>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>> --
>>>>>>
>>>>>> Vihanga Liyanage
>>>>>>
>>>>>> Software Engineer | WS*O₂* Inc.
>>>>>>
>>>>>> M : +*94710124103* | http://wso2.com
>>>>>>
>>>>>> [image: http://wso2.com/signature] <http://wso2.com/signature>
>>>>>>
>>>>>
>>>>>
>>>>> --
>>>>> Farasath Ahamed
>>>>> Senior Software Engineer, WSO2 Inc.; http://wso2.com
>>>>> Mobile: +94777603866
>>>>> Blog: blog.farazath.com
>>>>> Twitter: @farazath619 <https://twitter.com/farazath619>
>>>>> <http://wso2.com/signature>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>
>>>>
>>>> --
>>>>
>>>> Vihanga Liyanage
>>>>
>>>> Software Engineer | WS*O₂* Inc.
>>>>
>>>> M : +*94710124103* | http://wso2.com
>>>>
>>>> [image: http://wso2.com/signature] <http://wso2.com/signature>
>>>>
>>>
>>>
>>>
>>> --
>>>
>>> Vihanga Liyanage
>>>
>>> Software Engineer | WS*O₂* Inc.
>>>
>>> M : +*94710124103* | http://wso2.com
>>>
>>> [image: http://wso2.com/signature] <http://wso2.com/signature>
>>>
>>
>>
>>
>> --
>>
>> Vihanga Liyanage
>>
>> Software Engineer | WS*O₂* Inc.
>>
>> M : +*94710124103* | http://wso2.com
>>
>> [image: http://wso2.com/signature] <http://wso2.com/signature>
>>
>> _______________________________________________
>> Architecture mailing list
>> Architecture@wso2.org
>> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
>>
>>
>
>
> --
> *Godwin Amila Shrimal*
> Associate Technical Lead
> WSO2 Inc.; http://wso2.com
> lean.enterprise.middleware
>
> mobile: *+94772264165*
> linkedin: *https://www.linkedin.com/in/godwin-amila-2ba26844/
> <https://www.linkedin.com/in/godwin-amila-2ba26844/>*
> twitter: https://twitter.com/godwinamila
> <http://wso2.com/signature>
>



-- 
*Godwin Amila Shrimal*
Associate Technical Lead
WSO2 Inc.; http://wso2.com
lean.enterprise.middleware

mobile: *+94772264165*
linkedin: *https://www.linkedin.com/in/godwin-amila-2ba26844/
<https://www.linkedin.com/in/godwin-amila-2ba26844/>*
twitter: https://twitter.com/godwinamila
<http://wso2.com/signature>
_______________________________________________
Architecture mailing list
Architecture@wso2.org
https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture

Reply via email to