The encryption algorithm is the asymmetric key encryption algorithm that is
used to encrypt the CEK with the recipient's public key. I've updated these
in the public docs [1], [2]. I know these two names are confusing a bit. I
just followed the lib for the time being.

I'd be happy to talk about a suitable name pair. :)

[1] - https://docs.wso2.com/display/IS550/Decrypting+OpenID+
Connect+Encrypted+ID+Tokens
[2] -
https://docs.wso2.com/display/IS550/Testing+OIDC+Encrypted+ID+Token+with+IS+5.5.0

On Thu, Mar 8, 2018 at 9:53 AM, Godwin Shrimal <god...@wso2.com> wrote:

> Well, if Encryption Method mentioned is referring to "symmetric key
> encryption algorithm", What is "Encryption Algorithm" on the screen?
>
>
> Thanks
> Godwin
>
> On Thu, Mar 8, 2018 at 9:47 AM, Godwin Shrimal <god...@wso2.com> wrote:
>
>> Can you send me the list of values in that dropdown? Cipher Block
>> Chaining is how we are chaining encrypted values since encryption happens
>> as blocks (8 bit, 6 bit etc.) You can read about it here [1].
>>
>> [1] https://en.wikipedia.org/wiki/Block_cipher_mode_of_operation
>>
>> Thanks
>> Godwin
>>
>> On Wed, Mar 7, 2018 at 10:57 PM, Vihanga Liyanage <viha...@wso2.com>
>> wrote:
>>
>>> The Encryption Method mentioned here is the symmetric key encryption
>>> algorithm that is used to encrypt the JWT claims set. We used the Nimbus
>>> [1] <https://connect2id.com/products/nimbus-jose-jwt> library for the
>>> implementation and within that, they have used the name "Encryption Method"
>>> to identify this algorithm. They have a class defined as
>>> com.nimbusds.jose.EncryptionMethod which wraps all supported symmetric
>>> key encryption algorithms.
>>> I took the name from there. I'm not sure what you mean by "cipher
>>> chaining mode". Is this mentioned in the JWE RFC?
>>>
>>> [1] - https://connect2id.com/products/nimbus-jose-jwt
>>>
>>> On Wed, Mar 7, 2018 at 10:00 PM, Godwin Shrimal <god...@wso2.com> wrote:
>>>
>>>> should be corrected as "Chaining Mode".
>>>>
>>>>
>>>> Thanks
>>>> Godwin
>>>>
>>>> On Wed, Mar 7, 2018 at 5:26 PM, Godwin Shrimal <god...@wso2.com> wrote:
>>>>
>>>>> "Encryption Method" is the correct term/word here? AFAIK It's cipher
>>>>> chaining mode. I know it's a technical word, but still, I feel like we 
>>>>> have
>>>>> to use correct naming. Something  like "Chaning Mode".
>>>>>
>>>>>
>>>>> Thanks
>>>>> Godwin
>>>>>
>>>>> On Wed, Mar 7, 2018 at 11:26 AM, Vihanga Liyanage <viha...@wso2.com>
>>>>> wrote:
>>>>>
>>>>>> Hi all,
>>>>>>
>>>>>> [Update]
>>>>>> I have completed the second phase of the project, providing service
>>>>>> provider level configurations in admin dashboard to configure encryption
>>>>>> algorithm and encryption method. With this update, once you enable
>>>>>> encrypting id tokens for an SP in the admin dashboard, two select boxes
>>>>>> will appear with supported encryption algorithms and supported encryption
>>>>>> methods. These supported algorithms are pulled from the identity.xml 
>>>>>> file.
>>>>>>
>>>>>>
>>>>>>
>>>>>> Respective git issue and pull requests are as follows.
>>>>>>
>>>>>>    - https://github.com/wso2/product-is/issues/2387
>>>>>>    - https://github.com/wso2/carbon-identity-framework/pull/1416
>>>>>>    - https://github.com/wso2-extensions/identity-inbound-auth-oau
>>>>>>    th/pull/832
>>>>>>
>>>>>> I have also updated the docs as well.
>>>>>>
>>>>>> Thanks,
>>>>>> Vihanga.
>>>>>>
>>>>>> On Tue, Feb 20, 2018 at 2:45 PM, Vihanga Liyanage <viha...@wso2.com>
>>>>>> wrote:
>>>>>>
>>>>>>> Hi all,
>>>>>>>
>>>>>>> [Update]
>>>>>>> I was able to complete the initial development of the proposed
>>>>>>> project, encrypted id token support in OIDC flow. Following are the 
>>>>>>> links
>>>>>>> related to the development.
>>>>>>>
>>>>>>>    - An issue was created in product-is repository to track the
>>>>>>>    development.
>>>>>>>       - https://github.com/wso2/product-is/issues/2336
>>>>>>>    - Pull request is made to identity-inbound-auth-oauth repository
>>>>>>>    with required updates.
>>>>>>>    - https://github.com/wso2-extensions/identity-inbound-auth-oau
>>>>>>>       th/pull/798
>>>>>>>    - Pull request is made to product-is repository with updated
>>>>>>>    playground application to test the feature
>>>>>>>    - https://github.com/wso2/product-is/pull/2313
>>>>>>>    - Code review was held to review the code written in both PRs.
>>>>>>>
>>>>>>> All PRs are merged by now.
>>>>>>> Currently, I'm working on integration test to test the newly added
>>>>>>> feature.
>>>>>>>
>>>>>>> Thanks,
>>>>>>> Vihanga
>>>>>>>
>>>>>>> On Fri, Feb 9, 2018 at 5:07 PM, Vihanga Liyanage <viha...@wso2.com>
>>>>>>> wrote:
>>>>>>>
>>>>>>>> Yes, Farasath. As for the offline discussions with Drashana, I came
>>>>>>>> to the same conclusion and exploring the SAML sample app right now.
>>>>>>>>
>>>>>>>> Although I'm not sure about signing JWE. I couldn't find anything
>>>>>>>> specific about that in the RFC. Also, the API in Nimbus only expects 
>>>>>>>> the
>>>>>>>> claims set and the public key of the client to create and encrypt a 
>>>>>>>> JWE.
>>>>>>>> Please do let me know if you find something else.
>>>>>>>>
>>>>>>>> On Fri, Feb 9, 2018 at 4:34 PM, Farasath Ahamed <farasa...@wso2.com
>>>>>>>> > wrote:
>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> On Friday, February 9, 2018, Vihanga Liyanage <viha...@wso2.com>
>>>>>>>>> wrote:
>>>>>>>>>
>>>>>>>>>> [- Engineering, Strategy]
>>>>>>>>>> [+ Architecture, Dev]
>>>>>>>>>>
>>>>>>>>>> Thanks,
>>>>>>>>>> Vihanga
>>>>>>>>>>
>>>>>>>>>> On Fri, Feb 9, 2018 at 8:56 AM, Vihanga Liyanage <
>>>>>>>>>> viha...@wso2.com> wrote:
>>>>>>>>>>
>>>>>>>>>>> Hi Farasath,
>>>>>>>>>>>
>>>>>>>>>>> For the above two points IMO it would be better to provide an
>>>>>>>>>>>> option at Service Provider OAuth/OIDC configuration. This will be 
>>>>>>>>>>>> similar
>>>>>>>>>>>> to what we have done for SAML.
>>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>> That is the initial idea came to me as well. But shouldn't the
>>>>>>>>>>> clients have a choice of deciding that as well? May be through a 
>>>>>>>>>>> request
>>>>>>>>>>> parameter. To use either JWS or JWE, the client have to support 
>>>>>>>>>>> them right?
>>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>> By enabling the option to encrypt id_token in the service provider
>>>>>>>>> configs the client is acknowledging that it can support encrypted
>>>>>>>>> id_tokens.
>>>>>>>>>
>>>>>>>>> AFAIK even for JWE we need to first sign and then encrypt. Also I
>>>>>>>>> couldn't find any reference on a standard approach to allow clients to
>>>>>>>>> switch between JWS and JWE via a request parameter.
>>>>>>>>>
>>>>>>>>> If we take a look at how we handle this is SAML, we have an option
>>>>>>>>> in the SAML configs to say whether the assertion needs to be 
>>>>>>>>> encrypted or
>>>>>>>>> not. Once the option to encrypt assertion is enabled SAML assertions 
>>>>>>>>> will
>>>>>>>>> always be encrypted for the particular service provider (ie. There is 
>>>>>>>>> no
>>>>>>>>> requirement to switch between signed or encrypted assertions)
>>>>>>>>>
>>>>>>>>> IMO we can follow the same approach. WDYT?
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>>>> On a separate note, any specific reason why we are discussing
>>>>>>>>>>>> this in strategy and not in Dev and architecture mailing lists?
>>>>>>>>>>>>
>>>>>>>>>>>> I feel that we need to discuss this feature in architecture
>>>>>>>>>>>> mailing list to get the input from community.
>>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>> No such specific reason at all. On the previous project I did,
>>>>>>>>>>> the mail was asked to sent to engineering and strategy. So I 
>>>>>>>>>>> followed the
>>>>>>>>>>> same protocol. I'll change that now.
>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>> Thanks,
>>>>>>>>>>>>> Vihanga.
>>>>>>>>>>>>>
>>>>>>>>>>>>> --
>>>>>>>>>>>>>
>>>>>>>>>>>>> Vihanga Liyanage
>>>>>>>>>>>>>
>>>>>>>>>>>>> Software Engineer | WS*O₂* Inc.
>>>>>>>>>>>>>
>>>>>>>>>>>>> M : +*94710124103* | http://wso2.com
>>>>>>>>>>>>>
>>>>>>>>>>>>> [image: http://wso2.com/signature] <http://wso2.com/signature>
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>> <https://www.avast.com/sig-email?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=webmail&utm_term=icon>
>>>>>>>>>>>>>  Virus-free.
>>>>>>>>>>>>> www.avast.com
>>>>>>>>>>>>> <https://www.avast.com/sig-email?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=webmail&utm_term=link>
>>>>>>>>>>>>> <#m_8057692432825865838_m_5099748796189052088_m_7870699289905781735_m_5903333062190250635_m_-701407733432389279_m_7594679342619863323_m_4770696490581545647_m_-2123188955827273075_m_6964541531375253954_m_-4836321406318245336_m_-5520087002137875506_m_-4545884336410447238_m_6821664179648888237_DAB4FAD8-2DD7-40BB-A1B8-4E2AA1F9FDF2>
>>>>>>>>>>>>>
>>>>>>>>>>>>> --
>>>>>>>>>>>>> You received this message because you are subscribed to the
>>>>>>>>>>>>> Google Groups "WSO2 Engineering Group" group.
>>>>>>>>>>>>> To unsubscribe from this group and stop receiving emails from
>>>>>>>>>>>>> it, send an email to engineering-group+unsubscr...@wso2.com.
>>>>>>>>>>>>> For more options, visit https://groups.google.com/a/ws
>>>>>>>>>>>>> o2.com/d/optout.
>>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>> --
>>>>>>>>>>>> Farasath Ahamed
>>>>>>>>>>>> Senior Software Engineer, WSO2 Inc.; http://wso2.com
>>>>>>>>>>>> Mobile: +94777603866
>>>>>>>>>>>> Blog: blog.farazath.com
>>>>>>>>>>>> Twitter: @farazath619 <https://twitter.com/farazath619>
>>>>>>>>>>>> <http://wso2.com/signature>
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>> --
>>>>>>>>>>>
>>>>>>>>>>> Vihanga Liyanage
>>>>>>>>>>>
>>>>>>>>>>> Software Engineer | WS*O₂* Inc.
>>>>>>>>>>>
>>>>>>>>>>> M : +*94710124103* | http://wso2.com
>>>>>>>>>>>
>>>>>>>>>>> [image: http://wso2.com/signature] <http://wso2.com/signature>
>>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> --
>>>>>>>>>>
>>>>>>>>>> Vihanga Liyanage
>>>>>>>>>>
>>>>>>>>>> Software Engineer | WS*O₂* Inc.
>>>>>>>>>>
>>>>>>>>>> M : +*94710124103* | http://wso2.com
>>>>>>>>>>
>>>>>>>>>> [image: http://wso2.com/signature] <http://wso2.com/signature>
>>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> --
>>>>>>>>> Farasath Ahamed
>>>>>>>>> Senior Software Engineer, WSO2 Inc.; http://wso2.com
>>>>>>>>> Mobile: +94777603866
>>>>>>>>> Blog: blog.farazath.com
>>>>>>>>> Twitter: @farazath619 <https://twitter.com/farazath619>
>>>>>>>>> <http://wso2.com/signature>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>> --
>>>>>>>>
>>>>>>>> Vihanga Liyanage
>>>>>>>>
>>>>>>>> Software Engineer | WS*O₂* Inc.
>>>>>>>>
>>>>>>>> M : +*94710124103* | http://wso2.com
>>>>>>>>
>>>>>>>> [image: http://wso2.com/signature] <http://wso2.com/signature>
>>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> --
>>>>>>>
>>>>>>> Vihanga Liyanage
>>>>>>>
>>>>>>> Software Engineer | WS*O₂* Inc.
>>>>>>>
>>>>>>> M : +*94710124103* | http://wso2.com
>>>>>>>
>>>>>>> [image: http://wso2.com/signature] <http://wso2.com/signature>
>>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>> --
>>>>>>
>>>>>> Vihanga Liyanage
>>>>>>
>>>>>> Software Engineer | WS*O₂* Inc.
>>>>>>
>>>>>> M : +*94710124103* | http://wso2.com
>>>>>>
>>>>>> [image: http://wso2.com/signature] <http://wso2.com/signature>
>>>>>>
>>>>>> _______________________________________________
>>>>>> Architecture mailing list
>>>>>> architect...@wso2.org
>>>>>> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
>>>>>>
>>>>>>
>>>>>
>>>>>
>>>>> --
>>>>> *Godwin Amila Shrimal*
>>>>> Associate Technical Lead
>>>>> WSO2 Inc.; http://wso2.com
>>>>> lean.enterprise.middleware
>>>>>
>>>>> mobile: *+94772264165*
>>>>> linkedin: *https://www.linkedin.com/in/godwin-amila-2ba26844/
>>>>> <https://www.linkedin.com/in/godwin-amila-2ba26844/>*
>>>>> twitter: https://twitter.com/godwinamila
>>>>> <http://wso2.com/signature>
>>>>>
>>>>
>>>>
>>>>
>>>> --
>>>> *Godwin Amila Shrimal*
>>>> Associate Technical Lead
>>>> WSO2 Inc.; http://wso2.com
>>>> lean.enterprise.middleware
>>>>
>>>> mobile: *+94772264165*
>>>> linkedin: *https://www.linkedin.com/in/godwin-amila-2ba26844/
>>>> <https://www.linkedin.com/in/godwin-amila-2ba26844/>*
>>>> twitter: https://twitter.com/godwinamila
>>>> <http://wso2.com/signature>
>>>>
>>>> _______________________________________________
>>>> Architecture mailing list
>>>> architect...@wso2.org
>>>> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
>>>>
>>>>
>>>
>>>
>>> --
>>>
>>> Vihanga Liyanage
>>>
>>> Software Engineer | WS*O₂* Inc.
>>>
>>> M : +*94710124103* | http://wso2.com
>>>
>>> [image: http://wso2.com/signature] <http://wso2.com/signature>
>>>
>>> _______________________________________________
>>> Dev mailing list
>>> Dev@wso2.org
>>> http://wso2.org/cgi-bin/mailman/listinfo/dev
>>>
>>>
>>
>>
>> --
>> *Godwin Amila Shrimal*
>> Associate Technical Lead
>> WSO2 Inc.; http://wso2.com
>> lean.enterprise.middleware
>>
>> mobile: *+94772264165*
>> linkedin: *https://www.linkedin.com/in/godwin-amila-2ba26844/
>> <https://www.linkedin.com/in/godwin-amila-2ba26844/>*
>> twitter: https://twitter.com/godwinamila
>> <http://wso2.com/signature>
>>
>
>
>
> --
> *Godwin Amila Shrimal*
> Associate Technical Lead
> WSO2 Inc.; http://wso2.com
> lean.enterprise.middleware
>
> mobile: *+94772264165*
> linkedin: *https://www.linkedin.com/in/godwin-amila-2ba26844/
> <https://www.linkedin.com/in/godwin-amila-2ba26844/>*
> twitter: https://twitter.com/godwinamila
> <http://wso2.com/signature>
>



-- 

Vihanga Liyanage

Software Engineer | WS*O₂* Inc.

M : +*94710124103* | http://wso2.com

[image: http://wso2.com/signature] <http://wso2.com/signature>
_______________________________________________
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Reply via email to