What about the following text: jwks_uri
.... <previous text in Section 2 of http://tools.ietf.org/html/draft-ietf-oauth-dyn-reg-18> ..... "The public key(s) referenced by jwks_uri (or contained in the jwks) can be used in a variety of use cases. For example, the AS can use the indicated public key to verify a request to the token endpoint that utilizes the JWT assertion profile as described in Section 4.2 of [I-D.ietf-oauth-assertions]. Another use case is for the AS to use the public key of a client to encrypt a symmetric proof-of-possession key sent to the client, as described in Section 4.2 of [I-D.bradley-oauth-pop-key-distribution]." Ciao Hannes On 07/08/2014 09:43 PM, Brian Campbell wrote: > +1 to John's #3. The others could maybe be described in somewhat > abstract terms as examples of those "higher level protocols that use > signing or encryption." > > On Tue, Jul 8, 2014 at 12:33 PM, John Bradley <[email protected]> wrote: >> In Connect these public keys are used to: >> 1 verify the signature of request objects (Signed Requests), something not >> in OAuth yet, and part of what the description calls higher level protocols. >> 2 encrypt the responses from the user_info endpoint or id_token (also not >> part of OAuth directly at this point) >> >> 3 validate requests to the token endpoint authenticated by the JWT assertion >> profile I think this is legitimate OAuth use. >> >> Whew for the PoP specs: >> 4 used to encrypt the symmetric proof key in a JWK sent to the client >> http://tools.ietf.org/html/draft-bradley-oauth-pop-key-distribution-01#page-7 >> 5 used to provide a PoP key for the client to the AS as part of registration >> rather than passing the JWK on each request to the token endpoint. >> >> So the keys in the JWK can be used a number of ways by the AS. >> >> I think we could reference 3 and 4 as examples to be safe. >> >> John B. >> >> >> On Jul 8, 2014, at 3:04 PM, Mike Jones <[email protected]> wrote: >> >>> Was there specific language that had been discussed to be added for this? >>> If not, could someone please create some? >>> >>> Thanks, >>> -- Mike >>> >>> -----Original Message----- >>> From: OAuth [mailto:[email protected]] On Behalf Of Hannes Tschofenig >>> Sent: Tuesday, July 08, 2014 5:09 AM >>> To: [email protected] >>> Subject: [OAUTH-WG] Dynamic Client Registration: jwks / jwks_uri >>> >>> Hi all, >>> >>> in my earlier review I had noted that the semantic of the fields is >>> underspecified, i.e., it is not clear what these fields are used for. >>> >>> In private conversations I was told that an informal reference to a >>> potential use case will be added. I don't see such reference with version >>> -18. >>> >>> Ciao >>> Hannes >>> >>> _______________________________________________ >>> OAuth mailing list >>> [email protected] >>> https://www.ietf.org/mailman/listinfo/oauth >> >> _______________________________________________ >> OAuth mailing list >> [email protected] >> https://www.ietf.org/mailman/listinfo/oauth > > _______________________________________________ > OAuth mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/oauth >
signature.asc
Description: OpenPGP digital signature
_______________________________________________ OAuth mailing list [email protected] https://www.ietf.org/mailman/listinfo/oauth
