Archived 2023.08.11. Content moved to Guidance on Dynamic Client Registration (DCR)
Question
For Dynamic Client Registration (DCR), FAPI-RW in section 8.6 for algorithm consideration states:
"For JWS, both clients and authorisation servers shall use PS256 or ES256 algorithms".
Considering this, can a Data Holders (DH) support one of those two algorithms mentioned, or is it mandatory to support both algorithms to be compliant with the Consumer Data Standards (CDS)?
Answer
As per the CDS, a DH has the discretion to choose their preferred algorithm, either PS256 or ES256. The DH may support both algorithms if desired.
DHs must publish their support via id_token_signing_alg_values_supported
and request_object_signing_alg_values_supported
to allow for negotiation with the Accredited Data Recipients (ADR) clients.
If the DH does not publish its algorithm support, it is assumed the DH supports any of the recommended algorithms.
ADRs must support both algorithms because different DHs may support different algorithms.
Comments
0 comments
Please sign in to leave a comment.