Well, if Encryption Method mentioned is referring to "symmetric key encryption algorithm", What is "Encryption Algorithm" on the screen?
Thanks Godwin On Thu, Mar 8, 2018 at 9:47 AM, Godwin Shrimal <god...@wso2.com> wrote: > Can you send me the list of values in that dropdown? Cipher Block Chaining > is how we are chaining encrypted values since encryption happens as blocks > (8 bit, 6 bit etc.) You can read about it here [1]. > > [1] https://en.wikipedia.org/wiki/Block_cipher_mode_of_operation > > Thanks > Godwin > > On Wed, Mar 7, 2018 at 10:57 PM, Vihanga Liyanage <viha...@wso2.com> > wrote: > >> The Encryption Method mentioned here is the symmetric key encryption >> algorithm that is used to encrypt the JWT claims set. We used the Nimbus >> [1] <https://connect2id.com/products/nimbus-jose-jwt> library for the >> implementation and within that, they have used the name "Encryption Method" >> to identify this algorithm. They have a class defined as >> com.nimbusds.jose.EncryptionMethod which wraps all supported symmetric >> key encryption algorithms. >> I took the name from there. I'm not sure what you mean by "cipher >> chaining mode". Is this mentioned in the JWE RFC? >> >> [1] - https://connect2id.com/products/nimbus-jose-jwt >> >> On Wed, Mar 7, 2018 at 10:00 PM, Godwin Shrimal <god...@wso2.com> wrote: >> >>> should be corrected as "Chaining Mode". >>> >>> >>> Thanks >>> Godwin >>> >>> On Wed, Mar 7, 2018 at 5:26 PM, Godwin Shrimal <god...@wso2.com> wrote: >>> >>>> "Encryption Method" is the correct term/word here? AFAIK It's cipher >>>> chaining mode. I know it's a technical word, but still, I feel like we have >>>> to use correct naming. Something like "Chaning Mode". >>>> >>>> >>>> Thanks >>>> Godwin >>>> >>>> On Wed, Mar 7, 2018 at 11:26 AM, Vihanga Liyanage <viha...@wso2.com> >>>> wrote: >>>> >>>>> Hi all, >>>>> >>>>> [Update] >>>>> I have completed the second phase of the project, providing service >>>>> provider level configurations in admin dashboard to configure encryption >>>>> algorithm and encryption method. With this update, once you enable >>>>> encrypting id tokens for an SP in the admin dashboard, two select boxes >>>>> will appear with supported encryption algorithms and supported encryption >>>>> methods. These supported algorithms are pulled from the identity.xml file. >>>>> >>>>> >>>>> >>>>> Respective git issue and pull requests are as follows. >>>>> >>>>> - https://github.com/wso2/product-is/issues/2387 >>>>> - https://github.com/wso2/carbon-identity-framework/pull/1416 >>>>> - https://github.com/wso2-extensions/identity-inbound-auth-oau >>>>> th/pull/832 >>>>> >>>>> I have also updated the docs as well. >>>>> >>>>> Thanks, >>>>> Vihanga. >>>>> >>>>> On Tue, Feb 20, 2018 at 2:45 PM, Vihanga Liyanage <viha...@wso2.com> >>>>> wrote: >>>>> >>>>>> Hi all, >>>>>> >>>>>> [Update] >>>>>> I was able to complete the initial development of the proposed >>>>>> project, encrypted id token support in OIDC flow. Following are the links >>>>>> related to the development. >>>>>> >>>>>> - An issue was created in product-is repository to track the >>>>>> development. >>>>>> - https://github.com/wso2/product-is/issues/2336 >>>>>> - Pull request is made to identity-inbound-auth-oauth repository >>>>>> with required updates. >>>>>> - https://github.com/wso2-extensions/identity-inbound-auth-oau >>>>>> th/pull/798 >>>>>> - Pull request is made to product-is repository with updated >>>>>> playground application to test the feature >>>>>> - https://github.com/wso2/product-is/pull/2313 >>>>>> - Code review was held to review the code written in both PRs. >>>>>> >>>>>> All PRs are merged by now. >>>>>> Currently, I'm working on integration test to test the newly added >>>>>> feature. >>>>>> >>>>>> Thanks, >>>>>> Vihanga >>>>>> >>>>>> On Fri, Feb 9, 2018 at 5:07 PM, Vihanga Liyanage <viha...@wso2.com> >>>>>> wrote: >>>>>> >>>>>>> Yes, Farasath. As for the offline discussions with Drashana, I came >>>>>>> to the same conclusion and exploring the SAML sample app right now. >>>>>>> >>>>>>> Although I'm not sure about signing JWE. I couldn't find anything >>>>>>> specific about that in the RFC. Also, the API in Nimbus only expects the >>>>>>> claims set and the public key of the client to create and encrypt a JWE. >>>>>>> Please do let me know if you find something else. >>>>>>> >>>>>>> On Fri, Feb 9, 2018 at 4:34 PM, Farasath Ahamed <farasa...@wso2.com> >>>>>>> wrote: >>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> On Friday, February 9, 2018, Vihanga Liyanage <viha...@wso2.com> >>>>>>>> wrote: >>>>>>>> >>>>>>>>> [- Engineering, Strategy] >>>>>>>>> [+ Architecture, Dev] >>>>>>>>> >>>>>>>>> Thanks, >>>>>>>>> Vihanga >>>>>>>>> >>>>>>>>> On Fri, Feb 9, 2018 at 8:56 AM, Vihanga Liyanage <viha...@wso2.com >>>>>>>>> > wrote: >>>>>>>>> >>>>>>>>>> Hi Farasath, >>>>>>>>>> >>>>>>>>>> For the above two points IMO it would be better to provide an >>>>>>>>>>> option at Service Provider OAuth/OIDC configuration. This will be >>>>>>>>>>> similar >>>>>>>>>>> to what we have done for SAML. >>>>>>>>>>> >>>>>>>>>> >>>>>>>>>> That is the initial idea came to me as well. But shouldn't the >>>>>>>>>> clients have a choice of deciding that as well? May be through a >>>>>>>>>> request >>>>>>>>>> parameter. To use either JWS or JWE, the client have to support them >>>>>>>>>> right? >>>>>>>>>> >>>>>>>>> >>>>>>>> By enabling the option to encrypt id_token in the service provider >>>>>>>> configs the client is acknowledging that it can support encrypted >>>>>>>> id_tokens. >>>>>>>> >>>>>>>> AFAIK even for JWE we need to first sign and then encrypt. Also I >>>>>>>> couldn't find any reference on a standard approach to allow clients to >>>>>>>> switch between JWS and JWE via a request parameter. >>>>>>>> >>>>>>>> If we take a look at how we handle this is SAML, we have an option >>>>>>>> in the SAML configs to say whether the assertion needs to be encrypted >>>>>>>> or >>>>>>>> not. Once the option to encrypt assertion is enabled SAML assertions >>>>>>>> will >>>>>>>> always be encrypted for the particular service provider (ie. There is >>>>>>>> no >>>>>>>> requirement to switch between signed or encrypted assertions) >>>>>>>> >>>>>>>> IMO we can follow the same approach. WDYT? >>>>>>>> >>>>>>>> >>>>>>>>>>> On a separate note, any specific reason why we are discussing >>>>>>>>>>> this in strategy and not in Dev and architecture mailing lists? >>>>>>>>>>> >>>>>>>>>>> I feel that we need to discuss this feature in architecture >>>>>>>>>>> mailing list to get the input from community. >>>>>>>>>>> >>>>>>>>>> >>>>>>>>>> No such specific reason at all. On the previous project I did, >>>>>>>>>> the mail was asked to sent to engineering and strategy. So I >>>>>>>>>> followed the >>>>>>>>>> same protocol. I'll change that now. >>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> Thanks, >>>>>>>>>>>> Vihanga. >>>>>>>>>>>> >>>>>>>>>>>> -- >>>>>>>>>>>> >>>>>>>>>>>> Vihanga Liyanage >>>>>>>>>>>> >>>>>>>>>>>> Software Engineer | WS*O₂* Inc. >>>>>>>>>>>> >>>>>>>>>>>> M : +*94710124103* | http://wso2.com >>>>>>>>>>>> >>>>>>>>>>>> [image: http://wso2.com/signature] <http://wso2.com/signature> >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> <https://www.avast.com/sig-email?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=webmail&utm_term=icon> >>>>>>>>>>>> Virus-free. >>>>>>>>>>>> www.avast.com >>>>>>>>>>>> <https://www.avast.com/sig-email?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=webmail&utm_term=link> >>>>>>>>>>>> <#m_5099748796189052088_m_7870699289905781735_m_5903333062190250635_m_-701407733432389279_m_7594679342619863323_m_4770696490581545647_m_-2123188955827273075_m_6964541531375253954_m_-4836321406318245336_m_-5520087002137875506_m_-4545884336410447238_m_6821664179648888237_DAB4FAD8-2DD7-40BB-A1B8-4E2AA1F9FDF2> >>>>>>>>>>>> >>>>>>>>>>>> -- >>>>>>>>>>>> You received this message because you are subscribed to the >>>>>>>>>>>> Google Groups "WSO2 Engineering Group" group. >>>>>>>>>>>> To unsubscribe from this group and stop receiving emails from >>>>>>>>>>>> it, send an email to engineering-group+unsubscr...@wso2.com. >>>>>>>>>>>> For more options, visit https://groups.google.com/a/ws >>>>>>>>>>>> o2.com/d/optout. >>>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> -- >>>>>>>>>>> Farasath Ahamed >>>>>>>>>>> Senior Software Engineer, WSO2 Inc.; http://wso2.com >>>>>>>>>>> Mobile: +94777603866 >>>>>>>>>>> Blog: blog.farazath.com >>>>>>>>>>> Twitter: @farazath619 <https://twitter.com/farazath619> >>>>>>>>>>> <http://wso2.com/signature> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> -- >>>>>>>>>> >>>>>>>>>> Vihanga Liyanage >>>>>>>>>> >>>>>>>>>> Software Engineer | WS*O₂* Inc. >>>>>>>>>> >>>>>>>>>> M : +*94710124103* | http://wso2.com >>>>>>>>>> >>>>>>>>>> [image: http://wso2.com/signature] <http://wso2.com/signature> >>>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> -- >>>>>>>>> >>>>>>>>> Vihanga Liyanage >>>>>>>>> >>>>>>>>> Software Engineer | WS*O₂* Inc. >>>>>>>>> >>>>>>>>> M : +*94710124103* | http://wso2.com >>>>>>>>> >>>>>>>>> [image: http://wso2.com/signature] <http://wso2.com/signature> >>>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> -- >>>>>>>> Farasath Ahamed >>>>>>>> Senior Software Engineer, WSO2 Inc.; http://wso2.com >>>>>>>> Mobile: +94777603866 >>>>>>>> Blog: blog.farazath.com >>>>>>>> Twitter: @farazath619 <https://twitter.com/farazath619> >>>>>>>> <http://wso2.com/signature> >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>> >>>>>>> >>>>>>> -- >>>>>>> >>>>>>> Vihanga Liyanage >>>>>>> >>>>>>> Software Engineer | WS*O₂* Inc. >>>>>>> >>>>>>> M : +*94710124103* | http://wso2.com >>>>>>> >>>>>>> [image: http://wso2.com/signature] <http://wso2.com/signature> >>>>>>> >>>>>> >>>>>> >>>>>> >>>>>> -- >>>>>> >>>>>> Vihanga Liyanage >>>>>> >>>>>> Software Engineer | WS*O₂* Inc. >>>>>> >>>>>> M : +*94710124103* | http://wso2.com >>>>>> >>>>>> [image: http://wso2.com/signature] <http://wso2.com/signature> >>>>>> >>>>> >>>>> >>>>> >>>>> -- >>>>> >>>>> Vihanga Liyanage >>>>> >>>>> Software Engineer | WS*O₂* Inc. >>>>> >>>>> M : +*94710124103* | http://wso2.com >>>>> >>>>> [image: http://wso2.com/signature] <http://wso2.com/signature> >>>>> >>>>> _______________________________________________ >>>>> Architecture mailing list >>>>> architect...@wso2.org >>>>> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture >>>>> >>>>> >>>> >>>> >>>> -- >>>> *Godwin Amila Shrimal* >>>> Associate Technical Lead >>>> WSO2 Inc.; http://wso2.com >>>> lean.enterprise.middleware >>>> >>>> mobile: *+94772264165* >>>> linkedin: *https://www.linkedin.com/in/godwin-amila-2ba26844/ >>>> <https://www.linkedin.com/in/godwin-amila-2ba26844/>* >>>> twitter: https://twitter.com/godwinamila >>>> <http://wso2.com/signature> >>>> >>> >>> >>> >>> -- >>> *Godwin Amila Shrimal* >>> Associate Technical Lead >>> WSO2 Inc.; http://wso2.com >>> lean.enterprise.middleware >>> >>> mobile: *+94772264165* >>> linkedin: *https://www.linkedin.com/in/godwin-amila-2ba26844/ >>> <https://www.linkedin.com/in/godwin-amila-2ba26844/>* >>> twitter: https://twitter.com/godwinamila >>> <http://wso2.com/signature> >>> >>> _______________________________________________ >>> Architecture mailing list >>> architect...@wso2.org >>> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture >>> >>> >> >> >> -- >> >> Vihanga Liyanage >> >> Software Engineer | WS*O₂* Inc. >> >> M : +*94710124103* | http://wso2.com >> >> [image: http://wso2.com/signature] <http://wso2.com/signature> >> >> _______________________________________________ >> Dev mailing list >> Dev@wso2.org >> http://wso2.org/cgi-bin/mailman/listinfo/dev >> >> > > > -- > *Godwin Amila Shrimal* > Associate Technical Lead > WSO2 Inc.; http://wso2.com > lean.enterprise.middleware > > mobile: *+94772264165* > linkedin: *https://www.linkedin.com/in/godwin-amila-2ba26844/ > <https://www.linkedin.com/in/godwin-amila-2ba26844/>* > twitter: https://twitter.com/godwinamila > <http://wso2.com/signature> > -- *Godwin Amila Shrimal* Associate Technical Lead WSO2 Inc.; http://wso2.com lean.enterprise.middleware mobile: *+94772264165* linkedin: *https://www.linkedin.com/in/godwin-amila-2ba26844/ <https://www.linkedin.com/in/godwin-amila-2ba26844/>* twitter: https://twitter.com/godwinamila <http://wso2.com/signature>
_______________________________________________ Dev mailing list Dev@wso2.org http://wso2.org/cgi-bin/mailman/listinfo/dev