Key handling

7 views
Skip to first unread message

Roland Hedberg

unread,
Mar 2, 2012, 8:56:48 AM3/2/12
to openid-conn...@googlegroups.com
Hi!

I have some questions on key handling.

1)
If one uses JWK to publish keys it is not possible to specify the lifetime of a key.
Potentially therefor a client could do one provider configuration discovery and then cache and reuse the result forever.

2)
When a client for some reason want to change it's keys it can do a client registration client_update request.

Regarding keys is such an update to be regarded as a replace or an update ?

Let's assume that a client issued a client_associate request with information about one key and then later a client_update request again with one key.

What if in the original request a X509_url was given, pointing to a RSA key and in the update only a jwk_url was provided again about a RSA key.

Should the old key be replace by the new ?

What if the original key was a RSA key and the one in the update was an EC key ?

Again replace ?

Basically are we dealing with update or replace ??

-- Roland

Reply all
Reply to author
Forward
0 new messages