I section 4.1 of http://openid.bitbucket.org/HEART/openid-heart-oauth2.html, we have :

"jwks_uri: The fully qualified URI of the server's public key in JWK Set [RFC7517] format"

One of the reasons for this is to facilitate key rotation by the AS. Do we have or need a profile for how key rotation would be done with the RS?

Thanks,

Adrian

Adrian Gropper MD

PROTECT YOUR FUTURE - RESTORE Health Privacy!
HELP us fight for the right to control personal health data.
DONATE: http://patientprivacyrights.org/donate-2/