Right now, the Dynamic Registration draft has four URLs that deal with
registering public keys for the client:
jwk_uri
jwk_encryption_uri
x509_uri
x509_encryption_uri
These are for use in things like JWK-based assertions for client
authentication and signing/encryption with higher-level protocols.
Recent and impending changes in the JWK specification allow it to
specify what a given key can be used for, and provide different formats
for the keys including an x509 encoded certificate. These changes seem
to get rid of the need for specifying for separate URLs for each format
and function in registration.
It's been proposed, from the OIDC working group, to collapse all of
these into a single, new parameter:
jwks_uri
Which would point specifically to a "JWK Set" as defined in the JWK draft.
I'm in favor of this simplifying change, and OIDC has already adopted it
on their end. Thoughts?
-- Justin
_______________________________________________
OAuth mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/oauth
