This repository houses the interactions, consultations and work management to support the maintenance of baselined components of the Consumer Data Right API Standards and Information Security profile.
41
stars
9
forks
source link
Re-examine how Data Holder Brand JWKS endpoints are to be referenced #528
GetDataHolderBrands > RegisterDataHolderAuth - JWKS endpoint used for authentication by the Data Holder with the Data Recipient. Issue #441 / Register Issue 189 provided clarification on how this endpoint is used,
There is an opportunity to re-evaluate how these fields are being used in production and whether the facilty of two JWKS endpoint configurations adds value or is redundant.
Description
There are two areas in the standards where a data holder can describe their JWKS endpoints:
Security Endpoints > JSON Web Key Set End Point - Used to expose public keys to meet OIDC requirements
GetDataHolderBrands > RegisterDataHolderAuth - JWKS endpoint used for authentication by the Data Holder with the Data Recipient. Issue #441 / Register Issue 189 provided clarification on how this endpoint is used,
There is an opportunity to re-evaluate how these fields are being used in production and whether the facilty of two JWKS endpoint configurations adds value or is redundant.