-03 separated the "jwk" and "jwe" confirmation members; the former represents a
public key as a JWK and the latter represents a symmetric key as a JWE
encrypted JWK. (Yes, in -04 we’ll allow “jwk” to be a symmetric key, provided
the JWT itself is encrypted.)
-- Mike
From: OAuth [mailto:[email protected]] On Behalf Of Brian Campbell
Sent: Sunday, March 22, 2015 11:41 PM
To: oauth
Subject: [OAUTH-WG] jwk as member for both asymmetric and symmetric in
proof-of-possession-02
Is there some reason that the "cnf" claim uses a member named "jwk" for both
the asymmetric case where its value is a JWK with a public key and the
symmetric case where its value is the JWE encrypted oct JWK (sections
3.1<https://tools.ietf.org/html/draft-ietf-oauth-proof-of-possession-02#section-3.1>
and
3.2<https://tools.ietf.org/html/draft-ietf-oauth-proof-of-possession-02#section-3.2>)?
https://tools.ietf.org/html/draft-ietf-oauth-proof-of-possession-02#section-3.2
and
I realize that section 3.2 describes how to distinguish between the two cases
by the type of the member value. But it seems a bit awkward and I kind of
expected two different member names for the two different cases.
Maybe "ewk" or even just "jwe" for the encrypted key case?
Note that 3.2 also mentions the '"jwk" claim' which should probably say the
'"jwk" member". "cnf" is the claim and "jwk" is a member of that claim value.
_______________________________________________
OAuth mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/oauth
