[Openid-specs-ab] Issue #1270: Federations 4.3 - Improvements to Trust Marks (openid/connect)

Pawel Kowalik issues-reply at bitbucket.org
Thu Jul 22 15:45:51 UTC 2021

New issue 1270: Federations 4.3 - Improvements to Trust Marks

Pawel Kowalik:

As per discussion on the mailing list the Trust Marks feature of OIDC Federations can be used for general purpose trust expressions within a federation.

After reviewing the current writing of the spec the following issues related to trust marks can be addressed:

* expression of trusted trust marks issuers. The current writing defines “entity immediately below the trust anchor” which is a very arbitrary and implicit definition, which may not fit real life setups. There should be a way to express it in more explicit and flexible way, which issuers should be trusted. The same for allowance or not of self-issued trust marks.
* explicit allowance for extensions \(additional claims\) withing the trust marks
* `trust_marks` claim is defined twice, differently in entity statement and differently in metadata. If the definition is indeed needed twice, it shall be the same IMHO.

A PR with proposed text will be opened shortly.



More information about the Openid-specs-ab mailing list