Thanks for pointing the working group to this individual submission, David. Here's some initial comments on the document, as you requested.
First, you specify base64 encoding of the JWK, rather than base64url encoding of it. This would result in non-URL-safe characters in the URI, such as /, +, and =. If you're going to encode things, I suggest using the URL-safe base64url encoding. But secondly, I would not re-encode the JWK fields at all. I know that David Waite had an idea for a representation of JWK URIs where the JSON fields are represented as colon-separated pairs in the URI. So for instance, the example JWK at https://datatracker.ietf.org/doc/html/rfc7517#section-3 would be instead represented as: urn:ietf:params:oauth:jwk:kty:EC:crv:P-256:x:f83OJ3D2xF1Bg8vub9tLe1gHMzV76e8Tus9uPHvRVEU:y:x_FEzRu9m36HLN_tue659LNpXW6pCyStikYjKIWI5a0:kid:Public%20key%20used%20in%20JWS%20spec%20Appendix%20A.3%20example This would avoid double base64url-encoding fields, which would prevent unnecessary size expansion. I suggest you work with David if you want to further pursue the idea of a JWK URI specification. Best wishes, -- Mike
_______________________________________________ OAuth mailing list [email protected] https://www.ietf.org/mailman/listinfo/oauth
