ok, this is a full circle to my original comment "Would not kid do? " 2015年3月23日(月) 13:52 Brian Campbell <bcampb...@pingidentity.com>:
> I wasn't necessarily suggesting to drop the kid one. > > On Mon, Mar 23, 2015 at 1:00 PM, Nat Sakimura <sakim...@gmail.com> wrote: > >> +1 for dropping kid in favor of thumbprint. >> 2015年3月23日(月) 12:56 Brian Campbell <bcampb...@pingidentity.com>: >> >> Yeah, it could be done with kid. But that would require a bit more >>> out-of-band understanding between the parties to know that the kid is, in >>> fact, a thumbprint. Seems like it'd be better to outright support a >>> thumbprint rather than overloading kid, if thumbprint representation of the >>> key for confirmation is desirable. >>> >>> And yes, a thumbprint does have some nice properties. But I am also very >>> sympathetic to the "too many ways is not good for interop" point. That's >>> kind of why I asked what others thought of it rather than just making a >>> suggestion. I'm not sure one way or the other myself. >>> >>> On Mon, Mar 23, 2015 at 2:11 AM, Nat Sakimura <sakim...@gmail.com> >>> wrote: >>> >>>> Would not kid do? >>>> Right, thumbprint has more semantics and has nice properties, but >>>> having too many ways is not good for interop. >>>> >>>> Nat >>>> >>>> 2015-03-23 15:40 GMT+09:00 Brian Campbell <bcampb...@pingidentity.com>: >>>> >>>>> Do folks in the WG think there'd be utility in having a way to >>>>> identity the finger/thumbprint of a key in the cnf claim. A presenter >>>>> might, for example, present the JWT along with a public JWK and some >>>>> proof-of-possession of that JWK. And the JWK would be bound to the JWT >>>>> via >>>>> the thumbprint, which is more space efficient (with respect to the JWT >>>>> anyway) than the full JWK. >>>>> >>>>> >>>>> >>>>> _______________________________________________ >>>>> OAuth mailing list >>>>> OAuth@ietf.org >>>>> https://www.ietf.org/mailman/listinfo/oauth >>>>> >>>>> >>>> >>>> >>>> -- >>>> Nat Sakimura (=nat) >>>> Chairman, OpenID Foundation >>>> http://nat.sakimura.org/ >>>> @_nat_en >>>> >>> >>> >
_______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
