[Openid-specs-ab] Issue #1270: Federations 4.3 - Improvements to Trust Marks (openid/connect)
issues-reply at bitbucket.org
Thu Jul 22 15:45:51 UTC 2021
New issue 1270: Federations 4.3 - Improvements to Trust Marks
As per discussion on the mailing list the Trust Marks feature of OIDC Federations can be used for general purpose trust expressions within a federation.
After reviewing the current writing of the spec the following issues related to trust marks can be addressed:
* expression of trusted trust marks issuers. The current writing defines “entity immediately below the trust anchor” which is a very arbitrary and implicit definition, which may not fit real life setups. There should be a way to express it in more explicit and flexible way, which issuers should be trusted. The same for allowance or not of self-issued trust marks.
* explicit allowance for extensions \(additional claims\) withing the trust marks
* `trust_marks` claim is defined twice, differently in entity statement and differently in metadata. If the definition is indeed needed twice, it shall be the same IMHO.
A PR with proposed text will be opened shortly.
More information about the Openid-specs-ab