Yeah, that is correct. Apart from explaining what is what in the doc, even
I couldn't think of a more descriptive name. Please do share your thoughts
if anything came to your mind.

On Thu, Mar 8, 2018 at 10:16 AM, Godwin Shrimal <god...@wso2.com> wrote:

> Thanks for the response Vihanga, So according to your response.
>
> Encryption Algorithm = Asymmetric Key Encryption Algorithm
> Encryption Method = Symmetric Key Encryption Algorithm
>
> Yeah, I think its bit confusing. we may use better names than lib. nothing
> comes to my mind now :)
>
> Thanks
> Godwin
>
> On Thu, Mar 8, 2018 at 10:00 AM, Vihanga Liyanage <viha...@wso2.com>
> wrote:
>
>> The encryption algorithm is the asymmetric key encryption algorithm that
>> is used to encrypt the CEK with the recipient's public key. I've updated
>> these in the public docs [1], [2]. I know these two names are confusing a
>> bit. I just followed the lib for the time being.
>>
>> I'd be happy to talk about a suitable name pair. :)
>>
>> [1] - https://docs.wso2.com/display/IS550/Decrypting+OpenID+Connec
>> t+Encrypted+ID+Tokens
>> [2] - https://docs.wso2.com/display/IS550/Testing+OIDC+Encrypted+I
>> D+Token+with+IS+5.5.0
>>
>> On Thu, Mar 8, 2018 at 9:53 AM, Godwin Shrimal <god...@wso2.com> wrote:
>>
>>> Well, if Encryption Method mentioned is referring to "symmetric key
>>> encryption algorithm", What is "Encryption Algorithm" on the screen?
>>>
>>>
>>> Thanks
>>> Godwin
>>>
>>> On Thu, Mar 8, 2018 at 9:47 AM, Godwin Shrimal <god...@wso2.com> wrote:
>>>
>>>> Can you send me the list of values in that dropdown? Cipher Block
>>>> Chaining is how we are chaining encrypted values since encryption happens
>>>> as blocks (8 bit, 6 bit etc.) You can read about it here [1].
>>>>
>>>> [1] https://en.wikipedia.org/wiki/Block_cipher_mode_of_operation
>>>>
>>>> Thanks
>>>> Godwin
>>>>
>>>> On Wed, Mar 7, 2018 at 10:57 PM, Vihanga Liyanage <viha...@wso2.com>
>>>> wrote:
>>>>
>>>>> The Encryption Method mentioned here is the symmetric key encryption
>>>>> algorithm that is used to encrypt the JWT claims set. We used the Nimbus
>>>>> [1] <https://connect2id.com/products/nimbus-jose-jwt> library for the
>>>>> implementation and within that, they have used the name "Encryption 
>>>>> Method"
>>>>> to identify this algorithm. They have a class defined as
>>>>> com.nimbusds.jose.EncryptionMethod which wraps all supported
>>>>> symmetric key encryption algorithms.
>>>>> I took the name from there. I'm not sure what you mean by "cipher
>>>>> chaining mode". Is this mentioned in the JWE RFC?
>>>>>
>>>>> [1] - https://connect2id.com/products/nimbus-jose-jwt
>>>>>
>>>>> On Wed, Mar 7, 2018 at 10:00 PM, Godwin Shrimal <god...@wso2.com>
>>>>> wrote:
>>>>>
>>>>>> should be corrected as "Chaining Mode".
>>>>>>
>>>>>>
>>>>>> Thanks
>>>>>> Godwin
>>>>>>
>>>>>> On Wed, Mar 7, 2018 at 5:26 PM, Godwin Shrimal <god...@wso2.com>
>>>>>> wrote:
>>>>>>
>>>>>>> "Encryption Method" is the correct term/word here? AFAIK It's cipher
>>>>>>> chaining mode. I know it's a technical word, but still, I feel like we 
>>>>>>> have
>>>>>>> to use correct naming. Something  like "Chaning Mode".
>>>>>>>
>>>>>>>
>>>>>>> Thanks
>>>>>>> Godwin
>>>>>>>
>>>>>>> On Wed, Mar 7, 2018 at 11:26 AM, Vihanga Liyanage <viha...@wso2.com>
>>>>>>> wrote:
>>>>>>>
>>>>>>>> Hi all,
>>>>>>>>
>>>>>>>> [Update]
>>>>>>>> I have completed the second phase of the project, providing service
>>>>>>>> provider level configurations in admin dashboard to configure 
>>>>>>>> encryption
>>>>>>>> algorithm and encryption method. With this update, once you enable
>>>>>>>> encrypting id tokens for an SP in the admin dashboard, two select boxes
>>>>>>>> will appear with supported encryption algorithms and supported 
>>>>>>>> encryption
>>>>>>>> methods. These supported algorithms are pulled from the identity.xml 
>>>>>>>> file.
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>> Respective git issue and pull requests are as follows.
>>>>>>>>
>>>>>>>>    - https://github.com/wso2/product-is/issues/2387
>>>>>>>>    - https://github.com/wso2/carbon-identity-framework/pull/1416
>>>>>>>>    - https://github.com/wso2-extensions/identity-inbound-auth-oau
>>>>>>>>    th/pull/832
>>>>>>>>
>>>>>>>> I have also updated the docs as well.
>>>>>>>>
>>>>>>>> Thanks,
>>>>>>>> Vihanga.
>>>>>>>>
>>>>>>>> On Tue, Feb 20, 2018 at 2:45 PM, Vihanga Liyanage <viha...@wso2.com
>>>>>>>> > wrote:
>>>>>>>>
>>>>>>>>> Hi all,
>>>>>>>>>
>>>>>>>>> [Update]
>>>>>>>>> I was able to complete the initial development of the proposed
>>>>>>>>> project, encrypted id token support in OIDC flow. Following are the 
>>>>>>>>> links
>>>>>>>>> related to the development.
>>>>>>>>>
>>>>>>>>>    - An issue was created in product-is repository to track the
>>>>>>>>>    development.
>>>>>>>>>       - https://github.com/wso2/product-is/issues/2336
>>>>>>>>>    - Pull request is made to identity-inbound-auth-oauth
>>>>>>>>>    repository with required updates.
>>>>>>>>>    - https://github.com/wso2-extensions/identity-inbound-auth-oau
>>>>>>>>>       th/pull/798
>>>>>>>>>    - Pull request is made to product-is repository with updated
>>>>>>>>>    playground application to test the feature
>>>>>>>>>    - https://github.com/wso2/product-is/pull/2313
>>>>>>>>>    - Code review was held to review the code written in both PRs.
>>>>>>>>>
>>>>>>>>> All PRs are merged by now.
>>>>>>>>> Currently, I'm working on integration test to test the newly added
>>>>>>>>> feature.
>>>>>>>>>
>>>>>>>>> Thanks,
>>>>>>>>> Vihanga
>>>>>>>>>
>>>>>>>>> On Fri, Feb 9, 2018 at 5:07 PM, Vihanga Liyanage <viha...@wso2.com
>>>>>>>>> > wrote:
>>>>>>>>>
>>>>>>>>>> Yes, Farasath. As for the offline discussions with Drashana, I
>>>>>>>>>> came to the same conclusion and exploring the SAML sample app right 
>>>>>>>>>> now.
>>>>>>>>>>
>>>>>>>>>> Although I'm not sure about signing JWE. I couldn't find anything
>>>>>>>>>> specific about that in the RFC. Also, the API in Nimbus only expects 
>>>>>>>>>> the
>>>>>>>>>> claims set and the public key of the client to create and encrypt a 
>>>>>>>>>> JWE.
>>>>>>>>>> Please do let me know if you find something else.
>>>>>>>>>>
>>>>>>>>>> On Fri, Feb 9, 2018 at 4:34 PM, Farasath Ahamed <
>>>>>>>>>> farasa...@wso2.com> wrote:
>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>> On Friday, February 9, 2018, Vihanga Liyanage <viha...@wso2.com>
>>>>>>>>>>> wrote:
>>>>>>>>>>>
>>>>>>>>>>>> [- Engineering, Strategy]
>>>>>>>>>>>> [+ Architecture, Dev]
>>>>>>>>>>>>
>>>>>>>>>>>> Thanks,
>>>>>>>>>>>> Vihanga
>>>>>>>>>>>>
>>>>>>>>>>>> On Fri, Feb 9, 2018 at 8:56 AM, Vihanga Liyanage <
>>>>>>>>>>>> viha...@wso2.com> wrote:
>>>>>>>>>>>>
>>>>>>>>>>>>> Hi Farasath,
>>>>>>>>>>>>>
>>>>>>>>>>>>> For the above two points IMO it would be better to provide an
>>>>>>>>>>>>>> option at Service Provider OAuth/OIDC configuration. This will 
>>>>>>>>>>>>>> be similar
>>>>>>>>>>>>>> to what we have done for SAML.
>>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>> That is the initial idea came to me as well. But shouldn't the
>>>>>>>>>>>>> clients have a choice of deciding that as well? May be through a 
>>>>>>>>>>>>> request
>>>>>>>>>>>>> parameter. To use either JWS or JWE, the client have to support 
>>>>>>>>>>>>> them right?
>>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>> By enabling the option to encrypt id_token in the service
>>>>>>>>>>> provider configs the client is acknowledging that it can support 
>>>>>>>>>>> encrypted
>>>>>>>>>>> id_tokens.
>>>>>>>>>>>
>>>>>>>>>>> AFAIK even for JWE we need to first sign and then encrypt. Also
>>>>>>>>>>> I couldn't find any reference on a standard approach to allow 
>>>>>>>>>>> clients to
>>>>>>>>>>> switch between JWS and JWE via a request parameter.
>>>>>>>>>>>
>>>>>>>>>>> If we take a look at how we handle this is SAML, we have an
>>>>>>>>>>> option in the SAML configs to say whether the assertion needs to be
>>>>>>>>>>> encrypted or not. Once the option to encrypt assertion is enabled 
>>>>>>>>>>> SAML
>>>>>>>>>>> assertions will always be encrypted for the particular service 
>>>>>>>>>>> provider
>>>>>>>>>>> (ie. There is no requirement to switch between signed or encrypted
>>>>>>>>>>> assertions)
>>>>>>>>>>>
>>>>>>>>>>> IMO we can follow the same approach. WDYT?
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>>>> On a separate note, any specific reason why we are discussing
>>>>>>>>>>>>>> this in strategy and not in Dev and architecture mailing lists?
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> I feel that we need to discuss this feature in architecture
>>>>>>>>>>>>>> mailing list to get the input from community.
>>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>> No such specific reason at all. On the previous project I did,
>>>>>>>>>>>>> the mail was asked to sent to engineering and strategy. So I 
>>>>>>>>>>>>> followed the
>>>>>>>>>>>>> same protocol. I'll change that now.
>>>>>>>>>>>>>
>>>>>>>>>>>>>>
>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> Thanks,
>>>>>>>>>>>>>>> Vihanga.
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> --
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> Vihanga Liyanage
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> Software Engineer | WS*O₂* Inc.
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> M : +*94710124103* | http://wso2.com
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> [image: http://wso2.com/signature]
>>>>>>>>>>>>>>> <http://wso2.com/signature>
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> <https://www.avast.com/sig-email?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=webmail&utm_term=icon>
>>>>>>>>>>>>>>>  Virus-free.
>>>>>>>>>>>>>>> www.avast.com
>>>>>>>>>>>>>>> <https://www.avast.com/sig-email?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=webmail&utm_term=link>
>>>>>>>>>>>>>>> <#m_6985717467396111665_m_6332394846254301198_m_8057692432825865838_m_5099748796189052088_m_7870699289905781735_m_5903333062190250635_m_-701407733432389279_m_7594679342619863323_m_4770696490581545647_m_-2123188955827273075_m_6964541531375253954_m_-4836321406318245336_m_-5520087002137875506_m_-4545884336410447238_m_6821664179648888237_DAB4FAD8-2DD7-40BB-A1B8-4E2AA1F9FDF2>
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> --
>>>>>>>>>>>>>>> You received this message because you are subscribed to the
>>>>>>>>>>>>>>> Google Groups "WSO2 Engineering Group" group.
>>>>>>>>>>>>>>> To unsubscribe from this group and stop receiving emails
>>>>>>>>>>>>>>> from it, send an email to engineering-group+unsubscribe@
>>>>>>>>>>>>>>> wso2.com.
>>>>>>>>>>>>>>> For more options, visit https://groups.google.com/a/ws
>>>>>>>>>>>>>>> o2.com/d/optout.
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> --
>>>>>>>>>>>>>> Farasath Ahamed
>>>>>>>>>>>>>> Senior Software Engineer, WSO2 Inc.; http://wso2.com
>>>>>>>>>>>>>> Mobile: +94777603866
>>>>>>>>>>>>>> Blog: blog.farazath.com
>>>>>>>>>>>>>> Twitter: @farazath619 <https://twitter.com/farazath619>
>>>>>>>>>>>>>> <http://wso2.com/signature>
>>>>>>>>>>>>>>
>>>>>>>>>>>>>>
>>>>>>>>>>>>>>
>>>>>>>>>>>>>>
>>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>> --
>>>>>>>>>>>>>
>>>>>>>>>>>>> Vihanga Liyanage
>>>>>>>>>>>>>
>>>>>>>>>>>>> Software Engineer | WS*O₂* Inc.
>>>>>>>>>>>>>
>>>>>>>>>>>>> M : +*94710124103* | http://wso2.com
>>>>>>>>>>>>>
>>>>>>>>>>>>> [image: http://wso2.com/signature] <http://wso2.com/signature>
>>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>> --
>>>>>>>>>>>>
>>>>>>>>>>>> Vihanga Liyanage
>>>>>>>>>>>>
>>>>>>>>>>>> Software Engineer | WS*O₂* Inc.
>>>>>>>>>>>>
>>>>>>>>>>>> M : +*94710124103* | http://wso2.com
>>>>>>>>>>>>
>>>>>>>>>>>> [image: http://wso2.com/signature] <http://wso2.com/signature>
>>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>> --
>>>>>>>>>>> Farasath Ahamed
>>>>>>>>>>> Senior Software Engineer, WSO2 Inc.; http://wso2.com
>>>>>>>>>>> Mobile: +94777603866
>>>>>>>>>>> Blog: blog.farazath.com
>>>>>>>>>>> Twitter: @farazath619 <https://twitter.com/farazath619>
>>>>>>>>>>> <http://wso2.com/signature>
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> --
>>>>>>>>>>
>>>>>>>>>> Vihanga Liyanage
>>>>>>>>>>
>>>>>>>>>> Software Engineer | WS*O₂* Inc.
>>>>>>>>>>
>>>>>>>>>> M : +*94710124103* | http://wso2.com
>>>>>>>>>>
>>>>>>>>>> [image: http://wso2.com/signature] <http://wso2.com/signature>
>>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> --
>>>>>>>>>
>>>>>>>>> Vihanga Liyanage
>>>>>>>>>
>>>>>>>>> Software Engineer | WS*O₂* Inc.
>>>>>>>>>
>>>>>>>>> M : +*94710124103* | http://wso2.com
>>>>>>>>>
>>>>>>>>> [image: http://wso2.com/signature] <http://wso2.com/signature>
>>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>> --
>>>>>>>>
>>>>>>>> Vihanga Liyanage
>>>>>>>>
>>>>>>>> Software Engineer | WS*O₂* Inc.
>>>>>>>>
>>>>>>>> M : +*94710124103* | http://wso2.com
>>>>>>>>
>>>>>>>> [image: http://wso2.com/signature] <http://wso2.com/signature>
>>>>>>>>
>>>>>>>> _______________________________________________
>>>>>>>> Architecture mailing list
>>>>>>>> Architecture@wso2.org
>>>>>>>> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
>>>>>>>>
>>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> --
>>>>>>> *Godwin Amila Shrimal*
>>>>>>> Associate Technical Lead
>>>>>>> WSO2 Inc.; http://wso2.com
>>>>>>> lean.enterprise.middleware
>>>>>>>
>>>>>>> mobile: *+94772264165*
>>>>>>> linkedin: *https://www.linkedin.com/in/godwin-amila-2ba26844/
>>>>>>> <https://www.linkedin.com/in/godwin-amila-2ba26844/>*
>>>>>>> twitter: https://twitter.com/godwinamila
>>>>>>> <http://wso2.com/signature>
>>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>> --
>>>>>> *Godwin Amila Shrimal*
>>>>>> Associate Technical Lead
>>>>>> WSO2 Inc.; http://wso2.com
>>>>>> lean.enterprise.middleware
>>>>>>
>>>>>> mobile: *+94772264165*
>>>>>> linkedin: *https://www.linkedin.com/in/godwin-amila-2ba26844/
>>>>>> <https://www.linkedin.com/in/godwin-amila-2ba26844/>*
>>>>>> twitter: https://twitter.com/godwinamila
>>>>>> <http://wso2.com/signature>
>>>>>>
>>>>>> _______________________________________________
>>>>>> Architecture mailing list
>>>>>> Architecture@wso2.org
>>>>>> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
>>>>>>
>>>>>>
>>>>>
>>>>>
>>>>> --
>>>>>
>>>>> Vihanga Liyanage
>>>>>
>>>>> Software Engineer | WS*O₂* Inc.
>>>>>
>>>>> M : +*94710124103* | http://wso2.com
>>>>>
>>>>> [image: http://wso2.com/signature] <http://wso2.com/signature>
>>>>>
>>>>> _______________________________________________
>>>>> Dev mailing list
>>>>> d...@wso2.org
>>>>> http://wso2.org/cgi-bin/mailman/listinfo/dev
>>>>>
>>>>>
>>>>
>>>>
>>>> --
>>>> *Godwin Amila Shrimal*
>>>> Associate Technical Lead
>>>> WSO2 Inc.; http://wso2.com
>>>> lean.enterprise.middleware
>>>>
>>>> mobile: *+94772264165*
>>>> linkedin: *https://www.linkedin.com/in/godwin-amila-2ba26844/
>>>> <https://www.linkedin.com/in/godwin-amila-2ba26844/>*
>>>> twitter: https://twitter.com/godwinamila
>>>> <http://wso2.com/signature>
>>>>
>>>
>>>
>>>
>>> --
>>> *Godwin Amila Shrimal*
>>> Associate Technical Lead
>>> WSO2 Inc.; http://wso2.com
>>> lean.enterprise.middleware
>>>
>>> mobile: *+94772264165*
>>> linkedin: *https://www.linkedin.com/in/godwin-amila-2ba26844/
>>> <https://www.linkedin.com/in/godwin-amila-2ba26844/>*
>>> twitter: https://twitter.com/godwinamila
>>> <http://wso2.com/signature>
>>>
>>
>>
>>
>> --
>>
>> Vihanga Liyanage
>>
>> Software Engineer | WS*O₂* Inc.
>>
>> M : +*94710124103* | http://wso2.com
>>
>> [image: http://wso2.com/signature] <http://wso2.com/signature>
>>
>
>
>
> --
> *Godwin Amila Shrimal*
> Associate Technical Lead
> WSO2 Inc.; http://wso2.com
> lean.enterprise.middleware
>
> mobile: *+94772264165*
> linkedin: *https://www.linkedin.com/in/godwin-amila-2ba26844/
> <https://www.linkedin.com/in/godwin-amila-2ba26844/>*
> twitter: https://twitter.com/godwinamila
> <http://wso2.com/signature>
>



-- 

Vihanga Liyanage

Software Engineer | WS*O₂* Inc.

M : +*94710124103* | http://wso2.com

[image: http://wso2.com/signature] <http://wso2.com/signature>
_______________________________________________
Architecture mailing list
Architecture@wso2.org
https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture

Reply via email to