Yeah, that is correct. Apart from explaining what is what in the doc, even I couldn't think of a more descriptive name. Please do share your thoughts if anything came to your mind.
On Thu, Mar 8, 2018 at 10:16 AM, Godwin Shrimal <[email protected]> wrote: > Thanks for the response Vihanga, So according to your response. > > Encryption Algorithm = Asymmetric Key Encryption Algorithm > Encryption Method = Symmetric Key Encryption Algorithm > > Yeah, I think its bit confusing. we may use better names than lib. nothing > comes to my mind now :) > > Thanks > Godwin > > On Thu, Mar 8, 2018 at 10:00 AM, Vihanga Liyanage <[email protected]> > wrote: > >> The encryption algorithm is the asymmetric key encryption algorithm that >> is used to encrypt the CEK with the recipient's public key. I've updated >> these in the public docs [1], [2]. I know these two names are confusing a >> bit. I just followed the lib for the time being. >> >> I'd be happy to talk about a suitable name pair. :) >> >> [1] - https://docs.wso2.com/display/IS550/Decrypting+OpenID+Connec >> t+Encrypted+ID+Tokens >> [2] - https://docs.wso2.com/display/IS550/Testing+OIDC+Encrypted+I >> D+Token+with+IS+5.5.0 >> >> On Thu, Mar 8, 2018 at 9:53 AM, Godwin Shrimal <[email protected]> wrote: >> >>> Well, if Encryption Method mentioned is referring to "symmetric key >>> encryption algorithm", What is "Encryption Algorithm" on the screen? >>> >>> >>> Thanks >>> Godwin >>> >>> On Thu, Mar 8, 2018 at 9:47 AM, Godwin Shrimal <[email protected]> wrote: >>> >>>> Can you send me the list of values in that dropdown? Cipher Block >>>> Chaining is how we are chaining encrypted values since encryption happens >>>> as blocks (8 bit, 6 bit etc.) You can read about it here [1]. >>>> >>>> [1] https://en.wikipedia.org/wiki/Block_cipher_mode_of_operation >>>> >>>> Thanks >>>> Godwin >>>> >>>> On Wed, Mar 7, 2018 at 10:57 PM, Vihanga Liyanage <[email protected]> >>>> wrote: >>>> >>>>> The Encryption Method mentioned here is the symmetric key encryption >>>>> algorithm that is used to encrypt the JWT claims set. We used the Nimbus >>>>> [1] <https://connect2id.com/products/nimbus-jose-jwt> library for the >>>>> implementation and within that, they have used the name "Encryption >>>>> Method" >>>>> to identify this algorithm. They have a class defined as >>>>> com.nimbusds.jose.EncryptionMethod which wraps all supported >>>>> symmetric key encryption algorithms. >>>>> I took the name from there. I'm not sure what you mean by "cipher >>>>> chaining mode". Is this mentioned in the JWE RFC? >>>>> >>>>> [1] - https://connect2id.com/products/nimbus-jose-jwt >>>>> >>>>> On Wed, Mar 7, 2018 at 10:00 PM, Godwin Shrimal <[email protected]> >>>>> wrote: >>>>> >>>>>> should be corrected as "Chaining Mode". >>>>>> >>>>>> >>>>>> Thanks >>>>>> Godwin >>>>>> >>>>>> On Wed, Mar 7, 2018 at 5:26 PM, Godwin Shrimal <[email protected]> >>>>>> wrote: >>>>>> >>>>>>> "Encryption Method" is the correct term/word here? AFAIK It's cipher >>>>>>> chaining mode. I know it's a technical word, but still, I feel like we >>>>>>> have >>>>>>> to use correct naming. Something like "Chaning Mode". >>>>>>> >>>>>>> >>>>>>> Thanks >>>>>>> Godwin >>>>>>> >>>>>>> On Wed, Mar 7, 2018 at 11:26 AM, Vihanga Liyanage <[email protected]> >>>>>>> wrote: >>>>>>> >>>>>>>> Hi all, >>>>>>>> >>>>>>>> [Update] >>>>>>>> I have completed the second phase of the project, providing service >>>>>>>> provider level configurations in admin dashboard to configure >>>>>>>> encryption >>>>>>>> algorithm and encryption method. With this update, once you enable >>>>>>>> encrypting id tokens for an SP in the admin dashboard, two select boxes >>>>>>>> will appear with supported encryption algorithms and supported >>>>>>>> encryption >>>>>>>> methods. These supported algorithms are pulled from the identity.xml >>>>>>>> file. >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> Respective git issue and pull requests are as follows. >>>>>>>> >>>>>>>> - https://github.com/wso2/product-is/issues/2387 >>>>>>>> - https://github.com/wso2/carbon-identity-framework/pull/1416 >>>>>>>> - https://github.com/wso2-extensions/identity-inbound-auth-oau >>>>>>>> th/pull/832 >>>>>>>> >>>>>>>> I have also updated the docs as well. >>>>>>>> >>>>>>>> Thanks, >>>>>>>> Vihanga. >>>>>>>> >>>>>>>> On Tue, Feb 20, 2018 at 2:45 PM, Vihanga Liyanage <[email protected] >>>>>>>> > wrote: >>>>>>>> >>>>>>>>> Hi all, >>>>>>>>> >>>>>>>>> [Update] >>>>>>>>> I was able to complete the initial development of the proposed >>>>>>>>> project, encrypted id token support in OIDC flow. Following are the >>>>>>>>> links >>>>>>>>> related to the development. >>>>>>>>> >>>>>>>>> - An issue was created in product-is repository to track the >>>>>>>>> development. >>>>>>>>> - https://github.com/wso2/product-is/issues/2336 >>>>>>>>> - Pull request is made to identity-inbound-auth-oauth >>>>>>>>> repository with required updates. >>>>>>>>> - https://github.com/wso2-extensions/identity-inbound-auth-oau >>>>>>>>> th/pull/798 >>>>>>>>> - Pull request is made to product-is repository with updated >>>>>>>>> playground application to test the feature >>>>>>>>> - https://github.com/wso2/product-is/pull/2313 >>>>>>>>> - Code review was held to review the code written in both PRs. >>>>>>>>> >>>>>>>>> All PRs are merged by now. >>>>>>>>> Currently, I'm working on integration test to test the newly added >>>>>>>>> feature. >>>>>>>>> >>>>>>>>> Thanks, >>>>>>>>> Vihanga >>>>>>>>> >>>>>>>>> On Fri, Feb 9, 2018 at 5:07 PM, Vihanga Liyanage <[email protected] >>>>>>>>> > wrote: >>>>>>>>> >>>>>>>>>> Yes, Farasath. As for the offline discussions with Drashana, I >>>>>>>>>> came to the same conclusion and exploring the SAML sample app right >>>>>>>>>> now. >>>>>>>>>> >>>>>>>>>> Although I'm not sure about signing JWE. I couldn't find anything >>>>>>>>>> specific about that in the RFC. Also, the API in Nimbus only expects >>>>>>>>>> the >>>>>>>>>> claims set and the public key of the client to create and encrypt a >>>>>>>>>> JWE. >>>>>>>>>> Please do let me know if you find something else. >>>>>>>>>> >>>>>>>>>> On Fri, Feb 9, 2018 at 4:34 PM, Farasath Ahamed < >>>>>>>>>> [email protected]> wrote: >>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> On Friday, February 9, 2018, Vihanga Liyanage <[email protected]> >>>>>>>>>>> wrote: >>>>>>>>>>> >>>>>>>>>>>> [- Engineering, Strategy] >>>>>>>>>>>> [+ Architecture, Dev] >>>>>>>>>>>> >>>>>>>>>>>> Thanks, >>>>>>>>>>>> Vihanga >>>>>>>>>>>> >>>>>>>>>>>> On Fri, Feb 9, 2018 at 8:56 AM, Vihanga Liyanage < >>>>>>>>>>>> [email protected]> wrote: >>>>>>>>>>>> >>>>>>>>>>>>> Hi Farasath, >>>>>>>>>>>>> >>>>>>>>>>>>> For the above two points IMO it would be better to provide an >>>>>>>>>>>>>> option at Service Provider OAuth/OIDC configuration. This will >>>>>>>>>>>>>> be similar >>>>>>>>>>>>>> to what we have done for SAML. >>>>>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>>>>>> That is the initial idea came to me as well. But shouldn't the >>>>>>>>>>>>> clients have a choice of deciding that as well? May be through a >>>>>>>>>>>>> request >>>>>>>>>>>>> parameter. To use either JWS or JWE, the client have to support >>>>>>>>>>>>> them right? >>>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>> By enabling the option to encrypt id_token in the service >>>>>>>>>>> provider configs the client is acknowledging that it can support >>>>>>>>>>> encrypted >>>>>>>>>>> id_tokens. >>>>>>>>>>> >>>>>>>>>>> AFAIK even for JWE we need to first sign and then encrypt. Also >>>>>>>>>>> I couldn't find any reference on a standard approach to allow >>>>>>>>>>> clients to >>>>>>>>>>> switch between JWS and JWE via a request parameter. >>>>>>>>>>> >>>>>>>>>>> If we take a look at how we handle this is SAML, we have an >>>>>>>>>>> option in the SAML configs to say whether the assertion needs to be >>>>>>>>>>> encrypted or not. Once the option to encrypt assertion is enabled >>>>>>>>>>> SAML >>>>>>>>>>> assertions will always be encrypted for the particular service >>>>>>>>>>> provider >>>>>>>>>>> (ie. There is no requirement to switch between signed or encrypted >>>>>>>>>>> assertions) >>>>>>>>>>> >>>>>>>>>>> IMO we can follow the same approach. WDYT? >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>>>>> On a separate note, any specific reason why we are discussing >>>>>>>>>>>>>> this in strategy and not in Dev and architecture mailing lists? >>>>>>>>>>>>>> >>>>>>>>>>>>>> I feel that we need to discuss this feature in architecture >>>>>>>>>>>>>> mailing list to get the input from community. >>>>>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>>>>>> No such specific reason at all. On the previous project I did, >>>>>>>>>>>>> the mail was asked to sent to engineering and strategy. So I >>>>>>>>>>>>> followed the >>>>>>>>>>>>> same protocol. I'll change that now. >>>>>>>>>>>>> >>>>>>>>>>>>>> >>>>>>>>>>>>>> >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> Thanks, >>>>>>>>>>>>>>> Vihanga. >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> -- >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> Vihanga Liyanage >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> Software Engineer | WS*O₂* Inc. >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> M : +*94710124103* | http://wso2.com >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> [image: http://wso2.com/signature] >>>>>>>>>>>>>>> <http://wso2.com/signature> >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> <https://www.avast.com/sig-email?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=webmail&utm_term=icon> >>>>>>>>>>>>>>> Virus-free. >>>>>>>>>>>>>>> www.avast.com >>>>>>>>>>>>>>> <https://www.avast.com/sig-email?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=webmail&utm_term=link> >>>>>>>>>>>>>>> <#m_6985717467396111665_m_6332394846254301198_m_8057692432825865838_m_5099748796189052088_m_7870699289905781735_m_5903333062190250635_m_-701407733432389279_m_7594679342619863323_m_4770696490581545647_m_-2123188955827273075_m_6964541531375253954_m_-4836321406318245336_m_-5520087002137875506_m_-4545884336410447238_m_6821664179648888237_DAB4FAD8-2DD7-40BB-A1B8-4E2AA1F9FDF2> >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> -- >>>>>>>>>>>>>>> You received this message because you are subscribed to the >>>>>>>>>>>>>>> Google Groups "WSO2 Engineering Group" group. >>>>>>>>>>>>>>> To unsubscribe from this group and stop receiving emails >>>>>>>>>>>>>>> from it, send an email to engineering-group+unsubscribe@ >>>>>>>>>>>>>>> wso2.com. >>>>>>>>>>>>>>> For more options, visit https://groups.google.com/a/ws >>>>>>>>>>>>>>> o2.com/d/optout. >>>>>>>>>>>>>>> >>>>>>>>>>>>>> >>>>>>>>>>>>>> >>>>>>>>>>>>>> -- >>>>>>>>>>>>>> Farasath Ahamed >>>>>>>>>>>>>> Senior Software Engineer, WSO2 Inc.; http://wso2.com >>>>>>>>>>>>>> Mobile: +94777603866 >>>>>>>>>>>>>> Blog: blog.farazath.com >>>>>>>>>>>>>> Twitter: @farazath619 <https://twitter.com/farazath619> >>>>>>>>>>>>>> <http://wso2.com/signature> >>>>>>>>>>>>>> >>>>>>>>>>>>>> >>>>>>>>>>>>>> >>>>>>>>>>>>>> >>>>>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>>>>>> -- >>>>>>>>>>>>> >>>>>>>>>>>>> Vihanga Liyanage >>>>>>>>>>>>> >>>>>>>>>>>>> Software Engineer | WS*O₂* Inc. >>>>>>>>>>>>> >>>>>>>>>>>>> M : +*94710124103* | http://wso2.com >>>>>>>>>>>>> >>>>>>>>>>>>> [image: http://wso2.com/signature] <http://wso2.com/signature> >>>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> -- >>>>>>>>>>>> >>>>>>>>>>>> Vihanga Liyanage >>>>>>>>>>>> >>>>>>>>>>>> Software Engineer | WS*O₂* Inc. >>>>>>>>>>>> >>>>>>>>>>>> M : +*94710124103* | http://wso2.com >>>>>>>>>>>> >>>>>>>>>>>> [image: http://wso2.com/signature] <http://wso2.com/signature> >>>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> -- >>>>>>>>>>> Farasath Ahamed >>>>>>>>>>> Senior Software Engineer, WSO2 Inc.; http://wso2.com >>>>>>>>>>> Mobile: +94777603866 >>>>>>>>>>> Blog: blog.farazath.com >>>>>>>>>>> Twitter: @farazath619 <https://twitter.com/farazath619> >>>>>>>>>>> <http://wso2.com/signature> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> -- >>>>>>>>>> >>>>>>>>>> Vihanga Liyanage >>>>>>>>>> >>>>>>>>>> Software Engineer | WS*O₂* Inc. >>>>>>>>>> >>>>>>>>>> M : +*94710124103* | http://wso2.com >>>>>>>>>> >>>>>>>>>> [image: http://wso2.com/signature] <http://wso2.com/signature> >>>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> -- >>>>>>>>> >>>>>>>>> Vihanga Liyanage >>>>>>>>> >>>>>>>>> Software Engineer | WS*O₂* Inc. >>>>>>>>> >>>>>>>>> M : +*94710124103* | http://wso2.com >>>>>>>>> >>>>>>>>> [image: http://wso2.com/signature] <http://wso2.com/signature> >>>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> -- >>>>>>>> >>>>>>>> Vihanga Liyanage >>>>>>>> >>>>>>>> Software Engineer | WS*O₂* Inc. >>>>>>>> >>>>>>>> M : +*94710124103* | http://wso2.com >>>>>>>> >>>>>>>> [image: http://wso2.com/signature] <http://wso2.com/signature> >>>>>>>> >>>>>>>> _______________________________________________ >>>>>>>> Architecture mailing list >>>>>>>> [email protected] >>>>>>>> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture >>>>>>>> >>>>>>>> >>>>>>> >>>>>>> >>>>>>> -- >>>>>>> *Godwin Amila Shrimal* >>>>>>> Associate Technical Lead >>>>>>> WSO2 Inc.; http://wso2.com >>>>>>> lean.enterprise.middleware >>>>>>> >>>>>>> mobile: *+94772264165* >>>>>>> linkedin: *https://www.linkedin.com/in/godwin-amila-2ba26844/ >>>>>>> <https://www.linkedin.com/in/godwin-amila-2ba26844/>* >>>>>>> twitter: https://twitter.com/godwinamila >>>>>>> <http://wso2.com/signature> >>>>>>> >>>>>> >>>>>> >>>>>> >>>>>> -- >>>>>> *Godwin Amila Shrimal* >>>>>> Associate Technical Lead >>>>>> WSO2 Inc.; http://wso2.com >>>>>> lean.enterprise.middleware >>>>>> >>>>>> mobile: *+94772264165* >>>>>> linkedin: *https://www.linkedin.com/in/godwin-amila-2ba26844/ >>>>>> <https://www.linkedin.com/in/godwin-amila-2ba26844/>* >>>>>> twitter: https://twitter.com/godwinamila >>>>>> <http://wso2.com/signature> >>>>>> >>>>>> _______________________________________________ >>>>>> Architecture mailing list >>>>>> [email protected] >>>>>> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture >>>>>> >>>>>> >>>>> >>>>> >>>>> -- >>>>> >>>>> Vihanga Liyanage >>>>> >>>>> Software Engineer | WS*O₂* Inc. >>>>> >>>>> M : +*94710124103* | http://wso2.com >>>>> >>>>> [image: http://wso2.com/signature] <http://wso2.com/signature> >>>>> >>>>> _______________________________________________ >>>>> Dev mailing list >>>>> [email protected] >>>>> http://wso2.org/cgi-bin/mailman/listinfo/dev >>>>> >>>>> >>>> >>>> >>>> -- >>>> *Godwin Amila Shrimal* >>>> Associate Technical Lead >>>> WSO2 Inc.; http://wso2.com >>>> lean.enterprise.middleware >>>> >>>> mobile: *+94772264165* >>>> linkedin: *https://www.linkedin.com/in/godwin-amila-2ba26844/ >>>> <https://www.linkedin.com/in/godwin-amila-2ba26844/>* >>>> twitter: https://twitter.com/godwinamila >>>> <http://wso2.com/signature> >>>> >>> >>> >>> >>> -- >>> *Godwin Amila Shrimal* >>> Associate Technical Lead >>> WSO2 Inc.; http://wso2.com >>> lean.enterprise.middleware >>> >>> mobile: *+94772264165* >>> linkedin: *https://www.linkedin.com/in/godwin-amila-2ba26844/ >>> <https://www.linkedin.com/in/godwin-amila-2ba26844/>* >>> twitter: https://twitter.com/godwinamila >>> <http://wso2.com/signature> >>> >> >> >> >> -- >> >> Vihanga Liyanage >> >> Software Engineer | WS*O₂* Inc. >> >> M : +*94710124103* | http://wso2.com >> >> [image: http://wso2.com/signature] <http://wso2.com/signature> >> > > > > -- > *Godwin Amila Shrimal* > Associate Technical Lead > WSO2 Inc.; http://wso2.com > lean.enterprise.middleware > > mobile: *+94772264165* > linkedin: *https://www.linkedin.com/in/godwin-amila-2ba26844/ > <https://www.linkedin.com/in/godwin-amila-2ba26844/>* > twitter: https://twitter.com/godwinamila > <http://wso2.com/signature> > -- Vihanga Liyanage Software Engineer | WS*O₂* Inc. M : +*94710124103* | http://wso2.com [image: http://wso2.com/signature] <http://wso2.com/signature>
_______________________________________________ Architecture mailing list [email protected] https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
