Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Improve Entity Statement jwks claim description #97

Merged
merged 2 commits into from
Oct 2, 2024
Merged

Improve Entity Statement jwks claim description #97

Changes from 1 commit
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
2dbc917
Improve Entity Statement jwks claim description
selfissued Sep 22, 2024
c9e56c3
Merge branch 'main' into mbj-entity-statement-jwks
selfissued Oct 2, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
24 changes: 16 additions & 8 deletions openid-federation-1_0.xml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -523,17 +523,25 @@
representing the public part of the subject's Federation Entity
signing keys. The corresponding private key is
used by the Entity to sign the Entity Configuration about itself,
and by Trust Anchors and Intermediate Entities to sign Subordinate Statements about their Immediate Subordinates.
The public keys are used to verify the signatures of the
issued Entity Statements and Trust Marks and SHOULD NOT be used in other protocols.
(Keys to be used in other protocols, such as OpenID Connect, are conveyed
in the <spanx style="verb">metadata</spanx> elements of the respective Entity Statements.)
by Trust Anchors and Intermediate Entities
to sign Subordinate Statements about their Immediate Subordinates,
and for other signatures made by Federation Entities,
such as Trust Mark signatures.
This claim is only OPTIONAL for the Entity Statement returned
from an OP when the client is doing Explicit Registration.
In all other cases, it is REQUIRED.
from an OP when the client is doing Explicit Registration;
in all other cases, it is REQUIRED.
Every JWK in the JWK Set MUST have a unique <spanx style="verb">kid</spanx> (Key ID) value.
It is RECOMMENDED that the Key ID be the JWK Thumbprint <xref target="RFC7638"/>
using the SHA-256 hash function of the key.
<vspace blankLines="1"/>
These Federation Entity Keys SHOULD NOT be used in other protocols.
(Keys to be used in other protocols, such as OpenID Connect,
are conveyed in the <spanx style="verb">metadata</spanx> elements
for the protocol's Entity Type Identifiers,
such as the metadata under the
<spanx style="verb">openid_provider</spanx> and
<spanx style="verb">openid_relying_party</spanx>
Entity Type Identifiers.)
</t>
<t hangText="authority_hints" anchor="authority_hints">
<vspace/>
Expand Down Expand Up @@ -9825,7 +9833,7 @@ Host: op.umu.se
-40
<list style="symbols">
<t>
TBD
Fixed #89: Improved Entity Statement <spanx style="verb">jwks</spanx> claim description.
</t>
</list>
</t>
Expand Down