ECDSA would be a great addition as there should be significant performance improvements over RSA. First thing is we have our own internal utils for signing that relies on BouncyCastle and we would not accept a dependency on "nimbus-jose-jwt". Due to our productization process for RH-SSO we do not easily accept adding new third party dependencies and in this case it's completely pointless as we already have the equivalent libraries internally. To add ECDSA support there is a fair bit of work needed: 1. Add key provider implementations. We'd need providers that correspond to the ones we have for RSA (upload keys, generated keys, etc.) 2. Add option to realm (to set default realm signing algorithm) and clients to be able to override the algorithm to use 3. Update internal signing libraries on the server side to use correct algorithm according to 1 4. Update adapters to support ECDSA signatures - this includes Java and Node.js adapters 5. Loads of testing 6. Documentation updates That's at least what I can think of at the top of my head. On 7 July 2017 at 12:50, Kishan Sagathiya <kishansagathiya(a)gmail.com&gt; wrote: