Sure, but we know how to run resilient services. My point is that there’s nothing particularly special about cryptographic keys: if you want to control how they are used there is a whole range of normal access control methods you can apply to them without needing to change anything in OAuth.
Neil > On 10 Jan 2020, at 18:50, Dick Hardt <dick.ha...@gmail.com> wrote: > > > There are many other factors to resiliency than multiple instances. > >> On Fri, Jan 10, 2020 at 10:30 AM Neil Madden <neil.mad...@forgerock.com> >> wrote: >> >> >> > On 10 Jan 2020, at 17:22, Dick Hardt <dick.ha...@gmail.com> wrote: >> [...] >> > >> > As to the suggestion of using a JWT-decryption-microservice, another goal >> > would be increased resiliency of the components. If the >> > JWT-decryption-microservice is unavailable, the whole system is >> > unavailable. If there are separate keys, then a failure in one component >> > does not fail the entire system. >> >> Well you can run more than one instance - it’s a completely stateless >> service. You can also run a separate instance (or set of instances) per key >> if you like. >> >> Neil
_______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth