So there are two jwks_uri, one for the RS and another for the AS, because each is a Server in OAuth speak at one time or another. Do we need to profile key rotation for either or both servers?
The RS registers its jwks_uri in §3 of the OAuth profile since it needs to register as an OAuth client at the AS.— JustinOn Dec 7, 2015, at 11:15 AM, Adrian Gropper <agropper@healthurl.com> wrote:_______________________________________________AdrianI section 4.1 of http://openid.bitbucket.org/HEART/openid-heart-oauth2.html, we have :Thanks,One of the reasons for this is to facilitate key rotation by the AS. Do we have or need a profile for how key rotation would be done with the RS?
- "jwks_uri
- The fully qualified URI of the server's public key in JWK Set [RFC7517] format"
--Adrian Gropper MD
PROTECT YOUR FUTURE - RESTORE Health Privacy!
HELP us fight for the right to control personal health data.
DONATE: http://patientprivacyrights.org/donate-2/
WG-UMA mailing list
WG-UMA@kantarainitiative.org
http://kantarainitiative.org/mailman/listinfo/wg-uma