I section 4.1 of http://openid.bitbucket.org/HEART/openid-heart-oauth2.html, we have : "jwks_uriThe fully qualified URI of the server's public key in JWK Set http://openid.bitbucket.org/HEART/openid-heart-oauth2.html#RFC7517 [RFC7517] format" One of the reasons for this is to facilitate key rotation by the AS. Do we have or need a profile for how key rotation would be done with the RS? Thanks, Adrian -- Adrian Gropper MD PROTECT YOUR FUTURE - RESTORE Health Privacy! HELP us fight for the right to control personal health data. DONATE: http://patientprivacyrights.org/donate-2/
The RS registers its jwks_uri in §3 of the OAuth profile since it needs to register as an OAuth client at the AS. — Justin
On Dec 7, 2015, at 11:15 AM, Adrian Gropper
wrote: I section 4.1 of http://openid.bitbucket.org/HEART/openid-heart-oauth2.html http://openid.bitbucket.org/HEART/openid-heart-oauth2.html, we have : "jwks_uri The fully qualified URI of the server's public key in JWK Set http://openid.bitbucket.org/HEART/openid-heart-oauth2.html#RFC7517 [RFC7517] format" One of the reasons for this is to facilitate key rotation by the AS. Do we have or need a profile for how key rotation would be done with the RS?
Thanks,
Adrian --
Adrian Gropper MD
PROTECT YOUR FUTURE - RESTORE Health Privacy! HELP us fight for the right to control personal health data. DONATE: http://patientprivacyrights.org/donate-2/ http://patientprivacyrights.org/donate-2/_______________________________________________ WG-UMA mailing list WG-UMA@kantarainitiative.org http://kantarainitiative.org/mailman/listinfo/wg-uma
So there are two jwks_uri, one for the RS and another for the AS, because
each is a Server in OAuth speak at one time or another. Do we need to
profile key rotation for either or both servers?
Adrian
On Monday, December 7, 2015, Justin Richer
The RS registers its jwks_uri in §3 of the OAuth profile since it needs to register as an OAuth client at the AS.
— Justin
On Dec 7, 2015, at 11:15 AM, Adrian Gropper
javascript:_e(%7B%7D,'cvml','agropper@healthurl.com');> wrote: I section 4.1 of http://openid.bitbucket.org/HEART/openid-heart-oauth2.html, we have : "jwks_uriThe fully qualified URI of the server's public key in JWK Set http://openid.bitbucket.org/HEART/openid-heart-oauth2.html#RFC7517 [RFC7517] format" One of the reasons for this is to facilitate key rotation by the AS. Do we have or need a profile for how key rotation would be done with the RS?
Thanks,
Adrian --
Adrian Gropper MD
PROTECT YOUR FUTURE - RESTORE Health Privacy! HELP us fight for the right to control personal health data. DONATE: http://patientprivacyrights.org/donate-2/ _______________________________________________ WG-UMA mailing list WG-UMA@kantarainitiative.org javascript:_e(%7B%7D,'cvml','WG-UMA@kantarainitiative.org'); http://kantarainitiative.org/mailman/listinfo/wg-uma
-- Adrian Gropper MD PROTECT YOUR FUTURE - RESTORE Health Privacy! HELP us fight for the right to control personal health data. DONATE: http://patientprivacyrights.org/donate-2/
participants (2)
-
Adrian Gropper
-
Justin Richer