This document <https://goo.gl/6uWxT7>[0] was something done during the course of some work a few months ago - it briefly proposes how a JWK Key ID can be used within an XML Signature to convey to the recipient what key was used to sign the XML and thusly what key to use to verify the signature. It's not rocket surgery but maybe a useful thing to codify, which might help with migration and coexistence of older and newer protocols.
Anyway, no action required or even suggested here. I just wanted to put the idea out there and the mailing lists of a few of these (sorta) related WGs seemed as good a place as any. [0] https://goo.gl/6uWxT7
_______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth