[Openid-specs-ab] OpenID Connect Federation draft 09 ready for your review

Roland Hedberg roland at catalogix.se
Sun Nov 3 09:18:47 UTC 2019


Hi Marcos,

Two more comments.

> On 29 Oct 2019, at 16:43, Marcos Sanz via Openid-specs-ab <openid-specs-ab at lists.openid.net> wrote:
> 
> 
> - Section 3.6, "max_path_length" and "naming_constraints": this is new and 
> interesting. However, there's no explanation later about when/how these 
> parameters are to be processed. Further: I am not sure these parameters 
> are well-placed as "metadata", since they are not information from the 
> entity about the entity itself, but it's a kind of policy imposed by the 
> relevant entity further down the tree. So: What about moving these two to 
> "metadata_policy"?

I’ve contemplating giving them a section of their own.
As you say they don’t really fit as metadata but also they are not about
metadata policies. They are concerned with trust chain validation.

> - Section 9.2.2.1, step 4: It says "the entity statement is sent to the 
> federation_registration_endpoint" and it left me wondering how. If this is 
> a POST, it has to be clarified (specially since Section 6 says "all 
> operations in the specification make use of a GET request"). An example 
> would also help.

The sentence about GET requests are about the federation API.
The client sends its entity statement to the federation_registration_endpoint 
which is not part of the federation API. 
As you guessed POST is used to send the client registration information.

- Roland

Otium cum dignitate - latin proverb

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20191103/e66b9bac/attachment.html>


More information about the Openid-specs-ab mailing list