Just dropped our paper on eprint: OpenPubkey

#OpenPubkey adds user-held public keys into OpenID Connect without breaking compatibility. This means users can create digital signatures on the web that are associated with their ID Tokens. Fully signed APIs here we come.

Our protocol is so compatible with existing IDPs that not only have we been using it in production with Google, Okta, and Microsoft IDPs for over a year, but that IDPs can't even tell that OpenPubkey is being used!

#OIDC #JSON #JWS #websec

https://eprint.iacr.org/2023/296.pdf