So there are two jwks_uri, one for the RS and another for the AS, because each is a Server in OAuth speak at one time or another. Do we need to profile key rotation for either or both servers?<div><br></div><div>Adrian<br><div><br>On Monday, December 7, 2015, Justin Richer &lt;<a href="mailto:jricher@mit.edu">jricher@mit.edu</a>&gt; wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div style="word-wrap:break-word">The RS registers its jwks_uri in §3 of the OAuth profile since it needs to register as an OAuth client at the AS. <div><br></div><div> — Justin</div><div><br><div><blockquote type="cite"><div>On Dec 7, 2015, at 11:15 AM, Adrian Gropper &lt;<a href="javascript:_e(%7B%7D,&#39;cvml&#39;,&#39;agropper@healthurl.com&#39;);" target="_blank">agropper@healthurl.com</a>&gt; wrote:</div><br><div><div dir="ltr"><div><div>I section 4.1 of <a href="http://openid.bitbucket.org/HEART/openid-heart-oauth2.html" target="_blank">http://openid.bitbucket.org/HEART/openid-heart-oauth2.html</a>, we have :<br clear="all"><dl><dt>&quot;jwks_uri</dt><dd style="margin-left:8">The fully qualified URI of the server&#39;s public key in <a href="http://openid.bitbucket.org/HEART/openid-heart-oauth2.html#RFC7517" target="_blank">JWK Set</a> <cite title="NONE">[RFC7517]</cite> format&quot;</dd></dl>
One of the reasons for this is to facilitate key rotation by the AS. Do we have or need a profile for how key rotation would be done with the RS?<br><br></div>Thanks,<br><br></div>Adrian<br><div><div><div>-- <br><div><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div><br><div dir="ltr">Adrian Gropper MD<span style="font-size:11pt"></span><br><br><span style="font-family:&quot;Arial&quot;,sans-serif;color:rgb(31,73,125)">PROTECT YOUR FUTURE - RESTORE Health Privacy!</span><span style="font-family:&quot;Arial&quot;,sans-serif;color:rgb(31,73,125)"><br>HELP us fight for the right to control personal health data.</span><span style="font-family:&quot;Arial&quot;,sans-serif;color:rgb(31,73,125)"></span><span style="font-family:&quot;Arial&quot;,sans-serif;color:rgb(31,73,125)"><br>DONATE:
<a href="http://patientprivacyrights.org/donate-2/" target="_blank"><span style="color:rgb(5,99,193)">http://patientprivacyrights.org/donate-2/</span></a></span><span style="color:rgb(31,73,125)"></span>
</div></div></div></div></div></div></div></div>
</div></div></div></div>
_______________________________________________<br>WG-UMA mailing list<br><a href="javascript:_e(%7B%7D,&#39;cvml&#39;,&#39;WG-UMA@kantarainitiative.org&#39;);" target="_blank">WG-UMA@kantarainitiative.org</a><br><a href="http://kantarainitiative.org/mailman/listinfo/wg-uma" target="_blank">http://kantarainitiative.org/mailman/listinfo/wg-uma</a><br></div></blockquote></div><br></div></div></blockquote></div></div><br><br>-- <br><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div><br><div dir="ltr">Adrian Gropper MD<span style="font-size:11pt"></span><br><br><span style="font-family:&quot;Arial&quot;,sans-serif;color:#1f497d">PROTECT YOUR FUTURE - RESTORE Health Privacy!</span><span style="font-family:&quot;Arial&quot;,sans-serif;color:#1f497d"><br>HELP us fight for the right to control personal health data.</span><span style="font-family:&quot;Arial&quot;,sans-serif;color:#1f497d"></span><span style="font-family:&quot;Arial&quot;,sans-serif;color:#1f497d"><br>DONATE:
<a href="http://patientprivacyrights.org/donate-2/" target="_blank"><span style="color:#0563c1">http://patientprivacyrights.org/donate-2/</span></a></span><span style="color:#1f497d"></span>
</div></div></div></div></div></div></div><br>