The encryption algorithm is the asymmetric key encryption algorithm that is used to encrypt the CEK with the recipient's public key. I've updated these in the public docs [1], [2]. I know these two names are confusing a bit. I just followed the lib for the time being.
I'd be happy to talk about a suitable name pair. :) [1] - https://docs.wso2.com/display/IS550/Decrypting+OpenID+ Connect+Encrypted+ID+Tokens [2] - https://docs.wso2.com/display/IS550/Testing+OIDC+Encrypted+ID+Token+with+IS+5.5.0 On Thu, Mar 8, 2018 at 9:53 AM, Godwin Shrimal <[email protected]> wrote: > Well, if Encryption Method mentioned is referring to "symmetric key > encryption algorithm", What is "Encryption Algorithm" on the screen? > > > Thanks > Godwin > > On Thu, Mar 8, 2018 at 9:47 AM, Godwin Shrimal <[email protected]> wrote: > >> Can you send me the list of values in that dropdown? Cipher Block >> Chaining is how we are chaining encrypted values since encryption happens >> as blocks (8 bit, 6 bit etc.) You can read about it here [1]. >> >> [1] https://en.wikipedia.org/wiki/Block_cipher_mode_of_operation >> >> Thanks >> Godwin >> >> On Wed, Mar 7, 2018 at 10:57 PM, Vihanga Liyanage <[email protected]> >> wrote: >> >>> The Encryption Method mentioned here is the symmetric key encryption >>> algorithm that is used to encrypt the JWT claims set. We used the Nimbus >>> [1] <https://connect2id.com/products/nimbus-jose-jwt> library for the >>> implementation and within that, they have used the name "Encryption Method" >>> to identify this algorithm. They have a class defined as >>> com.nimbusds.jose.EncryptionMethod which wraps all supported symmetric >>> key encryption algorithms. >>> I took the name from there. I'm not sure what you mean by "cipher >>> chaining mode". Is this mentioned in the JWE RFC? >>> >>> [1] - https://connect2id.com/products/nimbus-jose-jwt >>> >>> On Wed, Mar 7, 2018 at 10:00 PM, Godwin Shrimal <[email protected]> wrote: >>> >>>> should be corrected as "Chaining Mode". >>>> >>>> >>>> Thanks >>>> Godwin >>>> >>>> On Wed, Mar 7, 2018 at 5:26 PM, Godwin Shrimal <[email protected]> wrote: >>>> >>>>> "Encryption Method" is the correct term/word here? AFAIK It's cipher >>>>> chaining mode. I know it's a technical word, but still, I feel like we >>>>> have >>>>> to use correct naming. Something like "Chaning Mode". >>>>> >>>>> >>>>> Thanks >>>>> Godwin >>>>> >>>>> On Wed, Mar 7, 2018 at 11:26 AM, Vihanga Liyanage <[email protected]> >>>>> wrote: >>>>> >>>>>> Hi all, >>>>>> >>>>>> [Update] >>>>>> I have completed the second phase of the project, providing service >>>>>> provider level configurations in admin dashboard to configure encryption >>>>>> algorithm and encryption method. With this update, once you enable >>>>>> encrypting id tokens for an SP in the admin dashboard, two select boxes >>>>>> will appear with supported encryption algorithms and supported encryption >>>>>> methods. These supported algorithms are pulled from the identity.xml >>>>>> file. >>>>>> >>>>>> >>>>>> >>>>>> Respective git issue and pull requests are as follows. >>>>>> >>>>>> - https://github.com/wso2/product-is/issues/2387 >>>>>> - https://github.com/wso2/carbon-identity-framework/pull/1416 >>>>>> - https://github.com/wso2-extensions/identity-inbound-auth-oau >>>>>> th/pull/832 >>>>>> >>>>>> I have also updated the docs as well. >>>>>> >>>>>> Thanks, >>>>>> Vihanga. >>>>>> >>>>>> On Tue, Feb 20, 2018 at 2:45 PM, Vihanga Liyanage <[email protected]> >>>>>> wrote: >>>>>> >>>>>>> Hi all, >>>>>>> >>>>>>> [Update] >>>>>>> I was able to complete the initial development of the proposed >>>>>>> project, encrypted id token support in OIDC flow. Following are the >>>>>>> links >>>>>>> related to the development. >>>>>>> >>>>>>> - An issue was created in product-is repository to track the >>>>>>> development. >>>>>>> - https://github.com/wso2/product-is/issues/2336 >>>>>>> - Pull request is made to identity-inbound-auth-oauth repository >>>>>>> with required updates. >>>>>>> - https://github.com/wso2-extensions/identity-inbound-auth-oau >>>>>>> th/pull/798 >>>>>>> - Pull request is made to product-is repository with updated >>>>>>> playground application to test the feature >>>>>>> - https://github.com/wso2/product-is/pull/2313 >>>>>>> - Code review was held to review the code written in both PRs. >>>>>>> >>>>>>> All PRs are merged by now. >>>>>>> Currently, I'm working on integration test to test the newly added >>>>>>> feature. >>>>>>> >>>>>>> Thanks, >>>>>>> Vihanga >>>>>>> >>>>>>> On Fri, Feb 9, 2018 at 5:07 PM, Vihanga Liyanage <[email protected]> >>>>>>> wrote: >>>>>>> >>>>>>>> Yes, Farasath. As for the offline discussions with Drashana, I came >>>>>>>> to the same conclusion and exploring the SAML sample app right now. >>>>>>>> >>>>>>>> Although I'm not sure about signing JWE. I couldn't find anything >>>>>>>> specific about that in the RFC. Also, the API in Nimbus only expects >>>>>>>> the >>>>>>>> claims set and the public key of the client to create and encrypt a >>>>>>>> JWE. >>>>>>>> Please do let me know if you find something else. >>>>>>>> >>>>>>>> On Fri, Feb 9, 2018 at 4:34 PM, Farasath Ahamed <[email protected] >>>>>>>> > wrote: >>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> On Friday, February 9, 2018, Vihanga Liyanage <[email protected]> >>>>>>>>> wrote: >>>>>>>>> >>>>>>>>>> [- Engineering, Strategy] >>>>>>>>>> [+ Architecture, Dev] >>>>>>>>>> >>>>>>>>>> Thanks, >>>>>>>>>> Vihanga >>>>>>>>>> >>>>>>>>>> On Fri, Feb 9, 2018 at 8:56 AM, Vihanga Liyanage < >>>>>>>>>> [email protected]> wrote: >>>>>>>>>> >>>>>>>>>>> Hi Farasath, >>>>>>>>>>> >>>>>>>>>>> For the above two points IMO it would be better to provide an >>>>>>>>>>>> option at Service Provider OAuth/OIDC configuration. This will be >>>>>>>>>>>> similar >>>>>>>>>>>> to what we have done for SAML. >>>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> That is the initial idea came to me as well. But shouldn't the >>>>>>>>>>> clients have a choice of deciding that as well? May be through a >>>>>>>>>>> request >>>>>>>>>>> parameter. To use either JWS or JWE, the client have to support >>>>>>>>>>> them right? >>>>>>>>>>> >>>>>>>>>> >>>>>>>>> By enabling the option to encrypt id_token in the service provider >>>>>>>>> configs the client is acknowledging that it can support encrypted >>>>>>>>> id_tokens. >>>>>>>>> >>>>>>>>> AFAIK even for JWE we need to first sign and then encrypt. Also I >>>>>>>>> couldn't find any reference on a standard approach to allow clients to >>>>>>>>> switch between JWS and JWE via a request parameter. >>>>>>>>> >>>>>>>>> If we take a look at how we handle this is SAML, we have an option >>>>>>>>> in the SAML configs to say whether the assertion needs to be >>>>>>>>> encrypted or >>>>>>>>> not. Once the option to encrypt assertion is enabled SAML assertions >>>>>>>>> will >>>>>>>>> always be encrypted for the particular service provider (ie. There is >>>>>>>>> no >>>>>>>>> requirement to switch between signed or encrypted assertions) >>>>>>>>> >>>>>>>>> IMO we can follow the same approach. WDYT? >>>>>>>>> >>>>>>>>> >>>>>>>>>>>> On a separate note, any specific reason why we are discussing >>>>>>>>>>>> this in strategy and not in Dev and architecture mailing lists? >>>>>>>>>>>> >>>>>>>>>>>> I feel that we need to discuss this feature in architecture >>>>>>>>>>>> mailing list to get the input from community. >>>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> No such specific reason at all. On the previous project I did, >>>>>>>>>>> the mail was asked to sent to engineering and strategy. So I >>>>>>>>>>> followed the >>>>>>>>>>> same protocol. I'll change that now. >>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>>>>>> Thanks, >>>>>>>>>>>>> Vihanga. >>>>>>>>>>>>> >>>>>>>>>>>>> -- >>>>>>>>>>>>> >>>>>>>>>>>>> Vihanga Liyanage >>>>>>>>>>>>> >>>>>>>>>>>>> Software Engineer | WS*O₂* Inc. >>>>>>>>>>>>> >>>>>>>>>>>>> M : +*94710124103* | http://wso2.com >>>>>>>>>>>>> >>>>>>>>>>>>> [image: http://wso2.com/signature] <http://wso2.com/signature> >>>>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>>>>>> <https://www.avast.com/sig-email?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=webmail&utm_term=icon> >>>>>>>>>>>>> Virus-free. >>>>>>>>>>>>> www.avast.com >>>>>>>>>>>>> <https://www.avast.com/sig-email?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=webmail&utm_term=link> >>>>>>>>>>>>> <#m_8057692432825865838_m_5099748796189052088_m_7870699289905781735_m_5903333062190250635_m_-701407733432389279_m_7594679342619863323_m_4770696490581545647_m_-2123188955827273075_m_6964541531375253954_m_-4836321406318245336_m_-5520087002137875506_m_-4545884336410447238_m_6821664179648888237_DAB4FAD8-2DD7-40BB-A1B8-4E2AA1F9FDF2> >>>>>>>>>>>>> >>>>>>>>>>>>> -- >>>>>>>>>>>>> You received this message because you are subscribed to the >>>>>>>>>>>>> Google Groups "WSO2 Engineering Group" group. >>>>>>>>>>>>> To unsubscribe from this group and stop receiving emails from >>>>>>>>>>>>> it, send an email to [email protected]. >>>>>>>>>>>>> For more options, visit https://groups.google.com/a/ws >>>>>>>>>>>>> o2.com/d/optout. >>>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> -- >>>>>>>>>>>> Farasath Ahamed >>>>>>>>>>>> Senior Software Engineer, WSO2 Inc.; http://wso2.com >>>>>>>>>>>> Mobile: +94777603866 >>>>>>>>>>>> Blog: blog.farazath.com >>>>>>>>>>>> Twitter: @farazath619 <https://twitter.com/farazath619> >>>>>>>>>>>> <http://wso2.com/signature> >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> -- >>>>>>>>>>> >>>>>>>>>>> Vihanga Liyanage >>>>>>>>>>> >>>>>>>>>>> Software Engineer | WS*O₂* Inc. >>>>>>>>>>> >>>>>>>>>>> M : +*94710124103* | http://wso2.com >>>>>>>>>>> >>>>>>>>>>> [image: http://wso2.com/signature] <http://wso2.com/signature> >>>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> -- >>>>>>>>>> >>>>>>>>>> Vihanga Liyanage >>>>>>>>>> >>>>>>>>>> Software Engineer | WS*O₂* Inc. >>>>>>>>>> >>>>>>>>>> M : +*94710124103* | http://wso2.com >>>>>>>>>> >>>>>>>>>> [image: http://wso2.com/signature] <http://wso2.com/signature> >>>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> -- >>>>>>>>> Farasath Ahamed >>>>>>>>> Senior Software Engineer, WSO2 Inc.; http://wso2.com >>>>>>>>> Mobile: +94777603866 >>>>>>>>> Blog: blog.farazath.com >>>>>>>>> Twitter: @farazath619 <https://twitter.com/farazath619> >>>>>>>>> <http://wso2.com/signature> >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> -- >>>>>>>> >>>>>>>> Vihanga Liyanage >>>>>>>> >>>>>>>> Software Engineer | WS*O₂* Inc. >>>>>>>> >>>>>>>> M : +*94710124103* | http://wso2.com >>>>>>>> >>>>>>>> [image: http://wso2.com/signature] <http://wso2.com/signature> >>>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>> -- >>>>>>> >>>>>>> Vihanga Liyanage >>>>>>> >>>>>>> Software Engineer | WS*O₂* Inc. >>>>>>> >>>>>>> M : +*94710124103* | http://wso2.com >>>>>>> >>>>>>> [image: http://wso2.com/signature] <http://wso2.com/signature> >>>>>>> >>>>>> >>>>>> >>>>>> >>>>>> -- >>>>>> >>>>>> Vihanga Liyanage >>>>>> >>>>>> Software Engineer | WS*O₂* Inc. >>>>>> >>>>>> M : +*94710124103* | http://wso2.com >>>>>> >>>>>> [image: http://wso2.com/signature] <http://wso2.com/signature> >>>>>> >>>>>> _______________________________________________ >>>>>> Architecture mailing list >>>>>> [email protected] >>>>>> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture >>>>>> >>>>>> >>>>> >>>>> >>>>> -- >>>>> *Godwin Amila Shrimal* >>>>> Associate Technical Lead >>>>> WSO2 Inc.; http://wso2.com >>>>> lean.enterprise.middleware >>>>> >>>>> mobile: *+94772264165* >>>>> linkedin: *https://www.linkedin.com/in/godwin-amila-2ba26844/ >>>>> <https://www.linkedin.com/in/godwin-amila-2ba26844/>* >>>>> twitter: https://twitter.com/godwinamila >>>>> <http://wso2.com/signature> >>>>> >>>> >>>> >>>> >>>> -- >>>> *Godwin Amila Shrimal* >>>> Associate Technical Lead >>>> WSO2 Inc.; http://wso2.com >>>> lean.enterprise.middleware >>>> >>>> mobile: *+94772264165* >>>> linkedin: *https://www.linkedin.com/in/godwin-amila-2ba26844/ >>>> <https://www.linkedin.com/in/godwin-amila-2ba26844/>* >>>> twitter: https://twitter.com/godwinamila >>>> <http://wso2.com/signature> >>>> >>>> _______________________________________________ >>>> Architecture mailing list >>>> [email protected] >>>> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture >>>> >>>> >>> >>> >>> -- >>> >>> Vihanga Liyanage >>> >>> Software Engineer | WS*O₂* Inc. >>> >>> M : +*94710124103* | http://wso2.com >>> >>> [image: http://wso2.com/signature] <http://wso2.com/signature> >>> >>> _______________________________________________ >>> Dev mailing list >>> [email protected] >>> http://wso2.org/cgi-bin/mailman/listinfo/dev >>> >>> >> >> >> -- >> *Godwin Amila Shrimal* >> Associate Technical Lead >> WSO2 Inc.; http://wso2.com >> lean.enterprise.middleware >> >> mobile: *+94772264165* >> linkedin: *https://www.linkedin.com/in/godwin-amila-2ba26844/ >> <https://www.linkedin.com/in/godwin-amila-2ba26844/>* >> twitter: https://twitter.com/godwinamila >> <http://wso2.com/signature> >> > > > > -- > *Godwin Amila Shrimal* > Associate Technical Lead > WSO2 Inc.; http://wso2.com > lean.enterprise.middleware > > mobile: *+94772264165* > linkedin: *https://www.linkedin.com/in/godwin-amila-2ba26844/ > <https://www.linkedin.com/in/godwin-amila-2ba26844/>* > twitter: https://twitter.com/godwinamila > <http://wso2.com/signature> > -- Vihanga Liyanage Software Engineer | WS*O₂* Inc. M : +*94710124103* | http://wso2.com [image: http://wso2.com/signature] <http://wso2.com/signature>
_______________________________________________ Architecture mailing list [email protected] https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
