+1 to John's #3. The others could maybe be described in somewhat abstract terms as examples of those "higher level protocols that use signing or encryption."
On Tue, Jul 8, 2014 at 12:33 PM, John Bradley <ve7...@ve7jtb.com> wrote: > In Connect these public keys are used to: > 1 verify the signature of request objects (Signed Requests), something not in > OAuth yet, and part of what the description calls higher level protocols. > 2 encrypt the responses from the user_info endpoint or id_token (also not > part of OAuth directly at this point) > > 3 validate requests to the token endpoint authenticated by the JWT assertion > profile I think this is legitimate OAuth use. > > Whew for the PoP specs: > 4 used to encrypt the symmetric proof key in a JWK sent to the client > http://tools.ietf.org/html/draft-bradley-oauth-pop-key-distribution-01#page-7 > 5 used to provide a PoP key for the client to the AS as part of registration > rather than passing the JWK on each request to the token endpoint. > > So the keys in the JWK can be used a number of ways by the AS. > > I think we could reference 3 and 4 as examples to be safe. > > John B. > > > On Jul 8, 2014, at 3:04 PM, Mike Jones <michael.jo...@microsoft.com> wrote: > >> Was there specific language that had been discussed to be added for this? >> If not, could someone please create some? >> >> Thanks, >> -- Mike >> >> -----Original Message----- >> From: OAuth [mailto:oauth-boun...@ietf.org] On Behalf Of Hannes Tschofenig >> Sent: Tuesday, July 08, 2014 5:09 AM >> To: oauth@ietf.org >> Subject: [OAUTH-WG] Dynamic Client Registration: jwks / jwks_uri >> >> Hi all, >> >> in my earlier review I had noted that the semantic of the fields is >> underspecified, i.e., it is not clear what these fields are used for. >> >> In private conversations I was told that an informal reference to a >> potential use case will be added. I don't see such reference with version >> -18. >> >> Ciao >> Hannes >> >> _______________________________________________ >> OAuth mailing list >> OAuth@ietf.org >> https://www.ietf.org/mailman/listinfo/oauth > > _______________________________________________ > OAuth mailing list > OAuth@ietf.org > https://www.ietf.org/mailman/listinfo/oauth _______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
