Can you send me the list of values in that dropdown? Cipher Block Chaining
is how we are chaining encrypted values since encryption happens as blocks
(8 bit, 6 bit etc.) You can read about it here [1].

[1] https://en.wikipedia.org/wiki/Block_cipher_mode_of_operation

Thanks
Godwin

On Wed, Mar 7, 2018 at 10:57 PM, Vihanga Liyanage <viha...@wso2.com> wrote:

> The Encryption Method mentioned here is the symmetric key encryption
> algorithm that is used to encrypt the JWT claims set. We used the Nimbus
> [1] <https://connect2id.com/products/nimbus-jose-jwt> library for the
> implementation and within that, they have used the name "Encryption Method"
> to identify this algorithm. They have a class defined as
> com.nimbusds.jose.EncryptionMethod which wraps all supported symmetric
> key encryption algorithms.
> I took the name from there. I'm not sure what you mean by "cipher chaining
> mode". Is this mentioned in the JWE RFC?
>
> [1] - https://connect2id.com/products/nimbus-jose-jwt
>
> On Wed, Mar 7, 2018 at 10:00 PM, Godwin Shrimal <god...@wso2.com> wrote:
>
>> should be corrected as "Chaining Mode".
>>
>>
>> Thanks
>> Godwin
>>
>> On Wed, Mar 7, 2018 at 5:26 PM, Godwin Shrimal <god...@wso2.com> wrote:
>>
>>> "Encryption Method" is the correct term/word here? AFAIK It's cipher
>>> chaining mode. I know it's a technical word, but still, I feel like we have
>>> to use correct naming. Something  like "Chaning Mode".
>>>
>>>
>>> Thanks
>>> Godwin
>>>
>>> On Wed, Mar 7, 2018 at 11:26 AM, Vihanga Liyanage <viha...@wso2.com>
>>> wrote:
>>>
>>>> Hi all,
>>>>
>>>> [Update]
>>>> I have completed the second phase of the project, providing service
>>>> provider level configurations in admin dashboard to configure encryption
>>>> algorithm and encryption method. With this update, once you enable
>>>> encrypting id tokens for an SP in the admin dashboard, two select boxes
>>>> will appear with supported encryption algorithms and supported encryption
>>>> methods. These supported algorithms are pulled from the identity.xml file.
>>>>
>>>>
>>>>
>>>> Respective git issue and pull requests are as follows.
>>>>
>>>>    - https://github.com/wso2/product-is/issues/2387
>>>>    - https://github.com/wso2/carbon-identity-framework/pull/1416
>>>>    - https://github.com/wso2-extensions/identity-inbound-auth-oau
>>>>    th/pull/832
>>>>
>>>> I have also updated the docs as well.
>>>>
>>>> Thanks,
>>>> Vihanga.
>>>>
>>>> On Tue, Feb 20, 2018 at 2:45 PM, Vihanga Liyanage <viha...@wso2.com>
>>>> wrote:
>>>>
>>>>> Hi all,
>>>>>
>>>>> [Update]
>>>>> I was able to complete the initial development of the proposed
>>>>> project, encrypted id token support in OIDC flow. Following are the links
>>>>> related to the development.
>>>>>
>>>>>    - An issue was created in product-is repository to track the
>>>>>    development.
>>>>>       - https://github.com/wso2/product-is/issues/2336
>>>>>    - Pull request is made to identity-inbound-auth-oauth repository
>>>>>    with required updates.
>>>>>    - https://github.com/wso2-extensions/identity-inbound-auth-oau
>>>>>       th/pull/798
>>>>>    - Pull request is made to product-is repository with updated
>>>>>    playground application to test the feature
>>>>>    - https://github.com/wso2/product-is/pull/2313
>>>>>    - Code review was held to review the code written in both PRs.
>>>>>
>>>>> All PRs are merged by now.
>>>>> Currently, I'm working on integration test to test the newly added
>>>>> feature.
>>>>>
>>>>> Thanks,
>>>>> Vihanga
>>>>>
>>>>> On Fri, Feb 9, 2018 at 5:07 PM, Vihanga Liyanage <viha...@wso2.com>
>>>>> wrote:
>>>>>
>>>>>> Yes, Farasath. As for the offline discussions with Drashana, I came
>>>>>> to the same conclusion and exploring the SAML sample app right now.
>>>>>>
>>>>>> Although I'm not sure about signing JWE. I couldn't find anything
>>>>>> specific about that in the RFC. Also, the API in Nimbus only expects the
>>>>>> claims set and the public key of the client to create and encrypt a JWE.
>>>>>> Please do let me know if you find something else.
>>>>>>
>>>>>> On Fri, Feb 9, 2018 at 4:34 PM, Farasath Ahamed <farasa...@wso2.com>
>>>>>> wrote:
>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> On Friday, February 9, 2018, Vihanga Liyanage <viha...@wso2.com>
>>>>>>> wrote:
>>>>>>>
>>>>>>>> [- Engineering, Strategy]
>>>>>>>> [+ Architecture, Dev]
>>>>>>>>
>>>>>>>> Thanks,
>>>>>>>> Vihanga
>>>>>>>>
>>>>>>>> On Fri, Feb 9, 2018 at 8:56 AM, Vihanga Liyanage <viha...@wso2.com>
>>>>>>>> wrote:
>>>>>>>>
>>>>>>>>> Hi Farasath,
>>>>>>>>>
>>>>>>>>> For the above two points IMO it would be better to provide an
>>>>>>>>>> option at Service Provider OAuth/OIDC configuration. This will be 
>>>>>>>>>> similar
>>>>>>>>>> to what we have done for SAML.
>>>>>>>>>>
>>>>>>>>>
>>>>>>>>> That is the initial idea came to me as well. But shouldn't the
>>>>>>>>> clients have a choice of deciding that as well? May be through a 
>>>>>>>>> request
>>>>>>>>> parameter. To use either JWS or JWE, the client have to support them 
>>>>>>>>> right?
>>>>>>>>>
>>>>>>>>
>>>>>>> By enabling the option to encrypt id_token in the service provider
>>>>>>> configs the client is acknowledging that it can support encrypted
>>>>>>> id_tokens.
>>>>>>>
>>>>>>> AFAIK even for JWE we need to first sign and then encrypt. Also I
>>>>>>> couldn't find any reference on a standard approach to allow clients to
>>>>>>> switch between JWS and JWE via a request parameter.
>>>>>>>
>>>>>>> If we take a look at how we handle this is SAML, we have an option
>>>>>>> in the SAML configs to say whether the assertion needs to be encrypted 
>>>>>>> or
>>>>>>> not. Once the option to encrypt assertion is enabled SAML assertions 
>>>>>>> will
>>>>>>> always be encrypted for the particular service provider (ie. There is no
>>>>>>> requirement to switch between signed or encrypted assertions)
>>>>>>>
>>>>>>> IMO we can follow the same approach. WDYT?
>>>>>>>
>>>>>>>
>>>>>>>>>> On a separate note, any specific reason why we are discussing
>>>>>>>>>> this in strategy and not in Dev and architecture mailing lists?
>>>>>>>>>>
>>>>>>>>>> I feel that we need to discuss this feature in architecture
>>>>>>>>>> mailing list to get the input from community.
>>>>>>>>>>
>>>>>>>>>
>>>>>>>>> No such specific reason at all. On the previous project I did, the
>>>>>>>>> mail was asked to sent to engineering and strategy. So I followed the 
>>>>>>>>> same
>>>>>>>>> protocol. I'll change that now.
>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>> Thanks,
>>>>>>>>>>> Vihanga.
>>>>>>>>>>>
>>>>>>>>>>> --
>>>>>>>>>>>
>>>>>>>>>>> Vihanga Liyanage
>>>>>>>>>>>
>>>>>>>>>>> Software Engineer | WS*O₂* Inc.
>>>>>>>>>>>
>>>>>>>>>>> M : +*94710124103* | http://wso2.com
>>>>>>>>>>>
>>>>>>>>>>> [image: http://wso2.com/signature] <http://wso2.com/signature>
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>> <https://www.avast.com/sig-email?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=webmail&utm_term=icon>
>>>>>>>>>>>  Virus-free.
>>>>>>>>>>> www.avast.com
>>>>>>>>>>> <https://www.avast.com/sig-email?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=webmail&utm_term=link>
>>>>>>>>>>> <#m_7870699289905781735_m_5903333062190250635_m_-701407733432389279_m_7594679342619863323_m_4770696490581545647_m_-2123188955827273075_m_6964541531375253954_m_-4836321406318245336_m_-5520087002137875506_m_-4545884336410447238_m_6821664179648888237_DAB4FAD8-2DD7-40BB-A1B8-4E2AA1F9FDF2>
>>>>>>>>>>>
>>>>>>>>>>> --
>>>>>>>>>>> You received this message because you are subscribed to the
>>>>>>>>>>> Google Groups "WSO2 Engineering Group" group.
>>>>>>>>>>> To unsubscribe from this group and stop receiving emails from
>>>>>>>>>>> it, send an email to engineering-group+unsubscr...@wso2.com.
>>>>>>>>>>> For more options, visit https://groups.google.com/a/ws
>>>>>>>>>>> o2.com/d/optout.
>>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> --
>>>>>>>>>> Farasath Ahamed
>>>>>>>>>> Senior Software Engineer, WSO2 Inc.; http://wso2.com
>>>>>>>>>> Mobile: +94777603866
>>>>>>>>>> Blog: blog.farazath.com
>>>>>>>>>> Twitter: @farazath619 <https://twitter.com/farazath619>
>>>>>>>>>> <http://wso2.com/signature>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> --
>>>>>>>>>
>>>>>>>>> Vihanga Liyanage
>>>>>>>>>
>>>>>>>>> Software Engineer | WS*O₂* Inc.
>>>>>>>>>
>>>>>>>>> M : +*94710124103* | http://wso2.com
>>>>>>>>>
>>>>>>>>> [image: http://wso2.com/signature] <http://wso2.com/signature>
>>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>> --
>>>>>>>>
>>>>>>>> Vihanga Liyanage
>>>>>>>>
>>>>>>>> Software Engineer | WS*O₂* Inc.
>>>>>>>>
>>>>>>>> M : +*94710124103* | http://wso2.com
>>>>>>>>
>>>>>>>> [image: http://wso2.com/signature] <http://wso2.com/signature>
>>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> --
>>>>>>> Farasath Ahamed
>>>>>>> Senior Software Engineer, WSO2 Inc.; http://wso2.com
>>>>>>> Mobile: +94777603866
>>>>>>> Blog: blog.farazath.com
>>>>>>> Twitter: @farazath619 <https://twitter.com/farazath619>
>>>>>>> <http://wso2.com/signature>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>
>>>>>>
>>>>>> --
>>>>>>
>>>>>> Vihanga Liyanage
>>>>>>
>>>>>> Software Engineer | WS*O₂* Inc.
>>>>>>
>>>>>> M : +*94710124103* | http://wso2.com
>>>>>>
>>>>>> [image: http://wso2.com/signature] <http://wso2.com/signature>
>>>>>>
>>>>>
>>>>>
>>>>>
>>>>> --
>>>>>
>>>>> Vihanga Liyanage
>>>>>
>>>>> Software Engineer | WS*O₂* Inc.
>>>>>
>>>>> M : +*94710124103* | http://wso2.com
>>>>>
>>>>> [image: http://wso2.com/signature] <http://wso2.com/signature>
>>>>>
>>>>
>>>>
>>>>
>>>> --
>>>>
>>>> Vihanga Liyanage
>>>>
>>>> Software Engineer | WS*O₂* Inc.
>>>>
>>>> M : +*94710124103* | http://wso2.com
>>>>
>>>> [image: http://wso2.com/signature] <http://wso2.com/signature>
>>>>
>>>> _______________________________________________
>>>> Architecture mailing list
>>>> architect...@wso2.org
>>>> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
>>>>
>>>>
>>>
>>>
>>> --
>>> *Godwin Amila Shrimal*
>>> Associate Technical Lead
>>> WSO2 Inc.; http://wso2.com
>>> lean.enterprise.middleware
>>>
>>> mobile: *+94772264165*
>>> linkedin: *https://www.linkedin.com/in/godwin-amila-2ba26844/
>>> <https://www.linkedin.com/in/godwin-amila-2ba26844/>*
>>> twitter: https://twitter.com/godwinamila
>>> <http://wso2.com/signature>
>>>
>>
>>
>>
>> --
>> *Godwin Amila Shrimal*
>> Associate Technical Lead
>> WSO2 Inc.; http://wso2.com
>> lean.enterprise.middleware
>>
>> mobile: *+94772264165*
>> linkedin: *https://www.linkedin.com/in/godwin-amila-2ba26844/
>> <https://www.linkedin.com/in/godwin-amila-2ba26844/>*
>> twitter: https://twitter.com/godwinamila
>> <http://wso2.com/signature>
>>
>> _______________________________________________
>> Architecture mailing list
>> architect...@wso2.org
>> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
>>
>>
>
>
> --
>
> Vihanga Liyanage
>
> Software Engineer | WS*O₂* Inc.
>
> M : +*94710124103* | http://wso2.com
>
> [image: http://wso2.com/signature] <http://wso2.com/signature>
>
> _______________________________________________
> Dev mailing list
> Dev@wso2.org
> http://wso2.org/cgi-bin/mailman/listinfo/dev
>
>


-- 
*Godwin Amila Shrimal*
Associate Technical Lead
WSO2 Inc.; http://wso2.com
lean.enterprise.middleware

mobile: *+94772264165*
linkedin: *https://www.linkedin.com/in/godwin-amila-2ba26844/
<https://www.linkedin.com/in/godwin-amila-2ba26844/>*
twitter: https://twitter.com/godwinamila
<http://wso2.com/signature>
_______________________________________________
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Reply via email to