On 14/01/2020 04:25, Justin Richer wrote: > It would’ve been nice if JWK could’ve agreed on a URL-based addressing > format for individual keys within the set, but that ship’s sailed.
For querying / selecting JWKs from a set this would have been a useful addition to the spec. But I don't see how such an URL can help us to identify a single JWK in a set, given the possibility to have multiple JWKs with the same "kid". I.e. if we do "https://example.com/jwks.json?kid=xyz";, there is no guarantee for a single key. Even if we add additional query params, like use, alg, etc, none of them guarantees a unique JWK identification. I like the utility of that though. Vladimir
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
