You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
This is a very early draft to pose the questions of how we think about versioning OpenPubkey.
This issue exists to think discuss if, and in what places ,we might want to version the OpenPubkey. The primary purpose of such versioning would be simplify our lives. We should take a goal that version must be simple and not introduce complex handshakes or versioning negotiation.
PK Token versioning:
We can version the PK Token using a key in the protected header of each signature we want to version. The OP signature and payload can't be versioned because it is OIDC token and not under our control. Do we want one version for the entire PK Token or instead version the CIC Signature and COS Signature separately.
MFA Cosigner API Versioning
The MFA Cosigner API uses the well-known URI and this provides an excellent point to specify parameters and versions from the cosigner to the client.
OSM and POP Auth versioning
OSM and POP Auth could be versioned at the signature or the API layer.
The text was updated successfully, but these errors were encountered:
This is a very early draft to pose the questions of how we think about versioning OpenPubkey.
This issue exists to think discuss if, and in what places ,we might want to version the OpenPubkey. The primary purpose of such versioning would be simplify our lives. We should take a goal that version must be simple and not introduce complex handshakes or versioning negotiation.
PK Token versioning:
We can version the PK Token using a key in the protected header of each signature we want to version. The OP signature and payload can't be versioned because it is OIDC token and not under our control. Do we want one version for the entire PK Token or instead version the CIC Signature and COS Signature separately.
MFA Cosigner API Versioning
The MFA Cosigner API uses the well-known URI and this provides an excellent point to specify parameters and versions from the cosigner to the client.
OSM and POP Auth versioning
OSM and POP Auth could be versioned at the signature or the API layer.
The text was updated successfully, but these errors were encountered: