Thanks for the response Vihanga, So according to your response.

Encryption Algorithm = Asymmetric Key Encryption Algorithm
Encryption Method = Symmetric Key Encryption Algorithm

Yeah, I think its bit confusing. we may use better names than lib. nothing
comes to my mind now :)

Thanks
Godwin

On Thu, Mar 8, 2018 at 10:00 AM, Vihanga Liyanage <viha...@wso2.com> wrote:

> The encryption algorithm is the asymmetric key encryption algorithm that
> is used to encrypt the CEK with the recipient's public key. I've updated
> these in the public docs [1], [2]. I know these two names are confusing a
> bit. I just followed the lib for the time being.
>
> I'd be happy to talk about a suitable name pair. :)
>
> [1] - https://docs.wso2.com/display/IS550/Decrypting+OpenID+Connec
> t+Encrypted+ID+Tokens
> [2] - https://docs.wso2.com/display/IS550/Testing+OIDC+Encrypted+
> ID+Token+with+IS+5.5.0
>
> On Thu, Mar 8, 2018 at 9:53 AM, Godwin Shrimal <god...@wso2.com> wrote:
>
>> Well, if Encryption Method mentioned is referring to "symmetric key
>> encryption algorithm", What is "Encryption Algorithm" on the screen?
>>
>>
>> Thanks
>> Godwin
>>
>> On Thu, Mar 8, 2018 at 9:47 AM, Godwin Shrimal <god...@wso2.com> wrote:
>>
>>> Can you send me the list of values in that dropdown? Cipher Block
>>> Chaining is how we are chaining encrypted values since encryption happens
>>> as blocks (8 bit, 6 bit etc.) You can read about it here [1].
>>>
>>> [1] https://en.wikipedia.org/wiki/Block_cipher_mode_of_operation
>>>
>>> Thanks
>>> Godwin
>>>
>>> On Wed, Mar 7, 2018 at 10:57 PM, Vihanga Liyanage <viha...@wso2.com>
>>> wrote:
>>>
>>>> The Encryption Method mentioned here is the symmetric key encryption
>>>> algorithm that is used to encrypt the JWT claims set. We used the Nimbus
>>>> [1] <https://connect2id.com/products/nimbus-jose-jwt> library for the
>>>> implementation and within that, they have used the name "Encryption Method"
>>>> to identify this algorithm. They have a class defined as
>>>> com.nimbusds.jose.EncryptionMethod which wraps all supported symmetric
>>>> key encryption algorithms.
>>>> I took the name from there. I'm not sure what you mean by "cipher
>>>> chaining mode". Is this mentioned in the JWE RFC?
>>>>
>>>> [1] - https://connect2id.com/products/nimbus-jose-jwt
>>>>
>>>> On Wed, Mar 7, 2018 at 10:00 PM, Godwin Shrimal <god...@wso2.com>
>>>> wrote:
>>>>
>>>>> should be corrected as "Chaining Mode".
>>>>>
>>>>>
>>>>> Thanks
>>>>> Godwin
>>>>>
>>>>> On Wed, Mar 7, 2018 at 5:26 PM, Godwin Shrimal <god...@wso2.com>
>>>>> wrote:
>>>>>
>>>>>> "Encryption Method" is the correct term/word here? AFAIK It's cipher
>>>>>> chaining mode. I know it's a technical word, but still, I feel like we 
>>>>>> have
>>>>>> to use correct naming. Something  like "Chaning Mode".
>>>>>>
>>>>>>
>>>>>> Thanks
>>>>>> Godwin
>>>>>>
>>>>>> On Wed, Mar 7, 2018 at 11:26 AM, Vihanga Liyanage <viha...@wso2.com>
>>>>>> wrote:
>>>>>>
>>>>>>> Hi all,
>>>>>>>
>>>>>>> [Update]
>>>>>>> I have completed the second phase of the project, providing service
>>>>>>> provider level configurations in admin dashboard to configure encryption
>>>>>>> algorithm and encryption method. With this update, once you enable
>>>>>>> encrypting id tokens for an SP in the admin dashboard, two select boxes
>>>>>>> will appear with supported encryption algorithms and supported 
>>>>>>> encryption
>>>>>>> methods. These supported algorithms are pulled from the identity.xml 
>>>>>>> file.
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> Respective git issue and pull requests are as follows.
>>>>>>>
>>>>>>>    - https://github.com/wso2/product-is/issues/2387
>>>>>>>    - https://github.com/wso2/carbon-identity-framework/pull/1416
>>>>>>>    - https://github.com/wso2-extensions/identity-inbound-auth-oau
>>>>>>>    th/pull/832
>>>>>>>
>>>>>>> I have also updated the docs as well.
>>>>>>>
>>>>>>> Thanks,
>>>>>>> Vihanga.
>>>>>>>
>>>>>>> On Tue, Feb 20, 2018 at 2:45 PM, Vihanga Liyanage <viha...@wso2.com>
>>>>>>> wrote:
>>>>>>>
>>>>>>>> Hi all,
>>>>>>>>
>>>>>>>> [Update]
>>>>>>>> I was able to complete the initial development of the proposed
>>>>>>>> project, encrypted id token support in OIDC flow. Following are the 
>>>>>>>> links
>>>>>>>> related to the development.
>>>>>>>>
>>>>>>>>    - An issue was created in product-is repository to track the
>>>>>>>>    development.
>>>>>>>>       - https://github.com/wso2/product-is/issues/2336
>>>>>>>>    - Pull request is made to identity-inbound-auth-oauth
>>>>>>>>    repository with required updates.
>>>>>>>>    - https://github.com/wso2-extensions/identity-inbound-auth-oau
>>>>>>>>       th/pull/798
>>>>>>>>    - Pull request is made to product-is repository with updated
>>>>>>>>    playground application to test the feature
>>>>>>>>    - https://github.com/wso2/product-is/pull/2313
>>>>>>>>    - Code review was held to review the code written in both PRs.
>>>>>>>>
>>>>>>>> All PRs are merged by now.
>>>>>>>> Currently, I'm working on integration test to test the newly added
>>>>>>>> feature.
>>>>>>>>
>>>>>>>> Thanks,
>>>>>>>> Vihanga
>>>>>>>>
>>>>>>>> On Fri, Feb 9, 2018 at 5:07 PM, Vihanga Liyanage <viha...@wso2.com>
>>>>>>>> wrote:
>>>>>>>>
>>>>>>>>> Yes, Farasath. As for the offline discussions with Drashana, I
>>>>>>>>> came to the same conclusion and exploring the SAML sample app right 
>>>>>>>>> now.
>>>>>>>>>
>>>>>>>>> Although I'm not sure about signing JWE. I couldn't find anything
>>>>>>>>> specific about that in the RFC. Also, the API in Nimbus only expects 
>>>>>>>>> the
>>>>>>>>> claims set and the public key of the client to create and encrypt a 
>>>>>>>>> JWE.
>>>>>>>>> Please do let me know if you find something else.
>>>>>>>>>
>>>>>>>>> On Fri, Feb 9, 2018 at 4:34 PM, Farasath Ahamed <
>>>>>>>>> farasa...@wso2.com> wrote:
>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> On Friday, February 9, 2018, Vihanga Liyanage <viha...@wso2.com>
>>>>>>>>>> wrote:
>>>>>>>>>>
>>>>>>>>>>> [- Engineering, Strategy]
>>>>>>>>>>> [+ Architecture, Dev]
>>>>>>>>>>>
>>>>>>>>>>> Thanks,
>>>>>>>>>>> Vihanga
>>>>>>>>>>>
>>>>>>>>>>> On Fri, Feb 9, 2018 at 8:56 AM, Vihanga Liyanage <
>>>>>>>>>>> viha...@wso2.com> wrote:
>>>>>>>>>>>
>>>>>>>>>>>> Hi Farasath,
>>>>>>>>>>>>
>>>>>>>>>>>> For the above two points IMO it would be better to provide an
>>>>>>>>>>>>> option at Service Provider OAuth/OIDC configuration. This will be 
>>>>>>>>>>>>> similar
>>>>>>>>>>>>> to what we have done for SAML.
>>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>> That is the initial idea came to me as well. But shouldn't the
>>>>>>>>>>>> clients have a choice of deciding that as well? May be through a 
>>>>>>>>>>>> request
>>>>>>>>>>>> parameter. To use either JWS or JWE, the client have to support 
>>>>>>>>>>>> them right?
>>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>> By enabling the option to encrypt id_token in the service
>>>>>>>>>> provider configs the client is acknowledging that it can support 
>>>>>>>>>> encrypted
>>>>>>>>>> id_tokens.
>>>>>>>>>>
>>>>>>>>>> AFAIK even for JWE we need to first sign and then encrypt. Also I
>>>>>>>>>> couldn't find any reference on a standard approach to allow clients 
>>>>>>>>>> to
>>>>>>>>>> switch between JWS and JWE via a request parameter.
>>>>>>>>>>
>>>>>>>>>> If we take a look at how we handle this is SAML, we have an
>>>>>>>>>> option in the SAML configs to say whether the assertion needs to be
>>>>>>>>>> encrypted or not. Once the option to encrypt assertion is enabled 
>>>>>>>>>> SAML
>>>>>>>>>> assertions will always be encrypted for the particular service 
>>>>>>>>>> provider
>>>>>>>>>> (ie. There is no requirement to switch between signed or encrypted
>>>>>>>>>> assertions)
>>>>>>>>>>
>>>>>>>>>> IMO we can follow the same approach. WDYT?
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>>>> On a separate note, any specific reason why we are discussing
>>>>>>>>>>>>> this in strategy and not in Dev and architecture mailing lists?
>>>>>>>>>>>>>
>>>>>>>>>>>>> I feel that we need to discuss this feature in architecture
>>>>>>>>>>>>> mailing list to get the input from community.
>>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>> No such specific reason at all. On the previous project I did,
>>>>>>>>>>>> the mail was asked to sent to engineering and strategy. So I 
>>>>>>>>>>>> followed the
>>>>>>>>>>>> same protocol. I'll change that now.
>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> Thanks,
>>>>>>>>>>>>>> Vihanga.
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> --
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> Vihanga Liyanage
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> Software Engineer | WS*O₂* Inc.
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> M : +*94710124103* | http://wso2.com
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> [image: http://wso2.com/signature]
>>>>>>>>>>>>>> <http://wso2.com/signature>
>>>>>>>>>>>>>>
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> <https://www.avast.com/sig-email?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=webmail&utm_term=icon>
>>>>>>>>>>>>>>  Virus-free.
>>>>>>>>>>>>>> www.avast.com
>>>>>>>>>>>>>> <https://www.avast.com/sig-email?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=webmail&utm_term=link>
>>>>>>>>>>>>>> <#m_6332394846254301198_m_8057692432825865838_m_5099748796189052088_m_7870699289905781735_m_5903333062190250635_m_-701407733432389279_m_7594679342619863323_m_4770696490581545647_m_-2123188955827273075_m_6964541531375253954_m_-4836321406318245336_m_-5520087002137875506_m_-4545884336410447238_m_6821664179648888237_DAB4FAD8-2DD7-40BB-A1B8-4E2AA1F9FDF2>
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> --
>>>>>>>>>>>>>> You received this message because you are subscribed to the
>>>>>>>>>>>>>> Google Groups "WSO2 Engineering Group" group.
>>>>>>>>>>>>>> To unsubscribe from this group and stop receiving emails from
>>>>>>>>>>>>>> it, send an email to engineering-group+unsubscr...@wso2.com.
>>>>>>>>>>>>>> For more options, visit https://groups.google.com/a/ws
>>>>>>>>>>>>>> o2.com/d/optout.
>>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>> --
>>>>>>>>>>>>> Farasath Ahamed
>>>>>>>>>>>>> Senior Software Engineer, WSO2 Inc.; http://wso2.com
>>>>>>>>>>>>> Mobile: +94777603866
>>>>>>>>>>>>> Blog: blog.farazath.com
>>>>>>>>>>>>> Twitter: @farazath619 <https://twitter.com/farazath619>
>>>>>>>>>>>>> <http://wso2.com/signature>
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>> --
>>>>>>>>>>>>
>>>>>>>>>>>> Vihanga Liyanage
>>>>>>>>>>>>
>>>>>>>>>>>> Software Engineer | WS*O₂* Inc.
>>>>>>>>>>>>
>>>>>>>>>>>> M : +*94710124103* | http://wso2.com
>>>>>>>>>>>>
>>>>>>>>>>>> [image: http://wso2.com/signature] <http://wso2.com/signature>
>>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>> --
>>>>>>>>>>>
>>>>>>>>>>> Vihanga Liyanage
>>>>>>>>>>>
>>>>>>>>>>> Software Engineer | WS*O₂* Inc.
>>>>>>>>>>>
>>>>>>>>>>> M : +*94710124103* | http://wso2.com
>>>>>>>>>>>
>>>>>>>>>>> [image: http://wso2.com/signature] <http://wso2.com/signature>
>>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> --
>>>>>>>>>> Farasath Ahamed
>>>>>>>>>> Senior Software Engineer, WSO2 Inc.; http://wso2.com
>>>>>>>>>> Mobile: +94777603866
>>>>>>>>>> Blog: blog.farazath.com
>>>>>>>>>> Twitter: @farazath619 <https://twitter.com/farazath619>
>>>>>>>>>> <http://wso2.com/signature>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> --
>>>>>>>>>
>>>>>>>>> Vihanga Liyanage
>>>>>>>>>
>>>>>>>>> Software Engineer | WS*O₂* Inc.
>>>>>>>>>
>>>>>>>>> M : +*94710124103* | http://wso2.com
>>>>>>>>>
>>>>>>>>> [image: http://wso2.com/signature] <http://wso2.com/signature>
>>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>> --
>>>>>>>>
>>>>>>>> Vihanga Liyanage
>>>>>>>>
>>>>>>>> Software Engineer | WS*O₂* Inc.
>>>>>>>>
>>>>>>>> M : +*94710124103* | http://wso2.com
>>>>>>>>
>>>>>>>> [image: http://wso2.com/signature] <http://wso2.com/signature>
>>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> --
>>>>>>>
>>>>>>> Vihanga Liyanage
>>>>>>>
>>>>>>> Software Engineer | WS*O₂* Inc.
>>>>>>>
>>>>>>> M : +*94710124103* | http://wso2.com
>>>>>>>
>>>>>>> [image: http://wso2.com/signature] <http://wso2.com/signature>
>>>>>>>
>>>>>>> _______________________________________________
>>>>>>> Architecture mailing list
>>>>>>> Architecture@wso2.org
>>>>>>> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
>>>>>>>
>>>>>>>
>>>>>>
>>>>>>
>>>>>> --
>>>>>> *Godwin Amila Shrimal*
>>>>>> Associate Technical Lead
>>>>>> WSO2 Inc.; http://wso2.com
>>>>>> lean.enterprise.middleware
>>>>>>
>>>>>> mobile: *+94772264165*
>>>>>> linkedin: *https://www.linkedin.com/in/godwin-amila-2ba26844/
>>>>>> <https://www.linkedin.com/in/godwin-amila-2ba26844/>*
>>>>>> twitter: https://twitter.com/godwinamila
>>>>>> <http://wso2.com/signature>
>>>>>>
>>>>>
>>>>>
>>>>>
>>>>> --
>>>>> *Godwin Amila Shrimal*
>>>>> Associate Technical Lead
>>>>> WSO2 Inc.; http://wso2.com
>>>>> lean.enterprise.middleware
>>>>>
>>>>> mobile: *+94772264165*
>>>>> linkedin: *https://www.linkedin.com/in/godwin-amila-2ba26844/
>>>>> <https://www.linkedin.com/in/godwin-amila-2ba26844/>*
>>>>> twitter: https://twitter.com/godwinamila
>>>>> <http://wso2.com/signature>
>>>>>
>>>>> _______________________________________________
>>>>> Architecture mailing list
>>>>> Architecture@wso2.org
>>>>> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
>>>>>
>>>>>
>>>>
>>>>
>>>> --
>>>>
>>>> Vihanga Liyanage
>>>>
>>>> Software Engineer | WS*O₂* Inc.
>>>>
>>>> M : +*94710124103* | http://wso2.com
>>>>
>>>> [image: http://wso2.com/signature] <http://wso2.com/signature>
>>>>
>>>> _______________________________________________
>>>> Dev mailing list
>>>> d...@wso2.org
>>>> http://wso2.org/cgi-bin/mailman/listinfo/dev
>>>>
>>>>
>>>
>>>
>>> --
>>> *Godwin Amila Shrimal*
>>> Associate Technical Lead
>>> WSO2 Inc.; http://wso2.com
>>> lean.enterprise.middleware
>>>
>>> mobile: *+94772264165*
>>> linkedin: *https://www.linkedin.com/in/godwin-amila-2ba26844/
>>> <https://www.linkedin.com/in/godwin-amila-2ba26844/>*
>>> twitter: https://twitter.com/godwinamila
>>> <http://wso2.com/signature>
>>>
>>
>>
>>
>> --
>> *Godwin Amila Shrimal*
>> Associate Technical Lead
>> WSO2 Inc.; http://wso2.com
>> lean.enterprise.middleware
>>
>> mobile: *+94772264165*
>> linkedin: *https://www.linkedin.com/in/godwin-amila-2ba26844/
>> <https://www.linkedin.com/in/godwin-amila-2ba26844/>*
>> twitter: https://twitter.com/godwinamila
>> <http://wso2.com/signature>
>>
>
>
>
> --
>
> Vihanga Liyanage
>
> Software Engineer | WS*O₂* Inc.
>
> M : +*94710124103* | http://wso2.com
>
> [image: http://wso2.com/signature] <http://wso2.com/signature>
>



-- 
*Godwin Amila Shrimal*
Associate Technical Lead
WSO2 Inc.; http://wso2.com
lean.enterprise.middleware

mobile: *+94772264165*
linkedin: *https://www.linkedin.com/in/godwin-amila-2ba26844/
<https://www.linkedin.com/in/godwin-amila-2ba26844/>*
twitter: https://twitter.com/godwinamila
<http://wso2.com/signature>
_______________________________________________
Architecture mailing list
Architecture@wso2.org
https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture

Reply via email to