So there are two jwks_uri, one for the RS and another for the AS, because each is a Server in OAuth speak at one time or another. Do we need to profile key rotation for either or both servers? Adrian On Monday, December 7, 2015, Justin Richer <jricher@mit.edu> wrote:
The RS registers its jwks_uri in §3 of the OAuth profile since it needs to register as an OAuth client at the AS.
— Justin
On Dec 7, 2015, at 11:15 AM, Adrian Gropper <agropper@healthurl.com <javascript:_e(%7B%7D,'cvml','agropper@healthurl.com');>> wrote:
I section 4.1 of http://openid.bitbucket.org/HEART/openid-heart-oauth2.html, we have : "jwks_uriThe fully qualified URI of the server's public key in JWK Set <http://openid.bitbucket.org/HEART/openid-heart-oauth2.html#RFC7517> [RFC7517] format" One of the reasons for this is to facilitate key rotation by the AS. Do we have or need a profile for how key rotation would be done with the RS?
Thanks,
Adrian --
Adrian Gropper MD
PROTECT YOUR FUTURE - RESTORE Health Privacy! HELP us fight for the right to control personal health data. DONATE: http://patientprivacyrights.org/donate-2/ _______________________________________________ WG-UMA mailing list WG-UMA@kantarainitiative.org <javascript:_e(%7B%7D,'cvml','WG-UMA@kantarainitiative.org');> http://kantarainitiative.org/mailman/listinfo/wg-uma
-- Adrian Gropper MD PROTECT YOUR FUTURE - RESTORE Health Privacy! HELP us fight for the right to control personal health data. DONATE: http://patientprivacyrights.org/donate-2/