+1 for dropping kid in favor of thumbprint. 2015年3月23日(月) 12:56 Brian Campbell <bcampb...@pingidentity.com>:
> Yeah, it could be done with kid. But that would require a bit more > out-of-band understanding between the parties to know that the kid is, in > fact, a thumbprint. Seems like it'd be better to outright support a > thumbprint rather than overloading kid, if thumbprint representation of the > key for confirmation is desirable. > > And yes, a thumbprint does have some nice properties. But I am also very > sympathetic to the "too many ways is not good for interop" point. That's > kind of why I asked what others thought of it rather than just making a > suggestion. I'm not sure one way or the other myself. > > On Mon, Mar 23, 2015 at 2:11 AM, Nat Sakimura <sakim...@gmail.com> wrote: > >> Would not kid do? >> Right, thumbprint has more semantics and has nice properties, but having >> too many ways is not good for interop. >> >> Nat >> >> 2015-03-23 15:40 GMT+09:00 Brian Campbell <bcampb...@pingidentity.com>: >> >>> Do folks in the WG think there'd be utility in having a way to identity >>> the finger/thumbprint of a key in the cnf claim. A presenter might, for >>> example, present the JWT along with a public JWK and some >>> proof-of-possession of that JWK. And the JWK would be bound to the JWT via >>> the thumbprint, which is more space efficient (with respect to the JWT >>> anyway) than the full JWK. >>> >>> >>> >>> _______________________________________________ >>> OAuth mailing list >>> OAuth@ietf.org >>> https://www.ietf.org/mailman/listinfo/oauth >>> >>> >> >> >> -- >> Nat Sakimura (=nat) >> Chairman, OpenID Foundation >> http://nat.sakimura.org/ >> @_nat_en >> > >
_______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth