[Openid-specs-ab] Issue #1220: 5.2 (te) Discovery and the destination RP (openid/connect)

Nat issues-reply at bitbucket.org
Tue Apr 20 17:08:58 UTC 2021

New issue 1220: 5.2 (te) Discovery and the destination RP

Nat Sakimura:

In the current 5.2 Discovery, it is stated that the “Relying Party has already obtained configuration information about the OpenID Claims Provider”. In many cases, this is not the case and it probably is an unnecessary pre-condition. The relying party does not have to have the knowledge of where the CPs are. 

This discovery text seems to apply to the OP that acts as an RP to the CP that acts as an OP. 

Since the claims aggregation model is a combination of two sequential OP-RP relationships, the terminology just in the text gets very confusing. We should probably reserve OP and RP as roles and define distinct actor names of the intermediary OP \(e.g. SIOP\) and the final destination RP. Perhaps CP \(Claims Provider\), IdP \(Intermediary OP, wallet\), SP \(Service Provider\)?

More information about the Openid-specs-ab mailing list