[Openid-specs-ab] OpenID Connect Federation draft 09 ready for your review

Marcos Sanz sanz at denic.de
Tue Nov 5 13:13:36 UTC 2019


Hi Roland,

> > - Section 2.1, "metadata": It says "If the entity is a non-leaf entity 
it 
> > MUST contain a metadata object with a federation_entity object 
inside". 
> > This leaves open if a _leaf entity_ is allowed to publish a metadata 
with 
> > a "federation_entity' inside. This is specially relevant now that 
section 
> > 3.6 has defined leaf entities to be also participants of the 
federation. 
> > Btw: the example in section 2.1 is lacking the now mandatory metadata 
> > element.
> 
> This has to be rewritten.
> 
> First, I think we better refer to the ’subject’ instead of the ’entity’.
> 
> Secondly, whether there MUST be an ’metadata’ claim or not depends on 
the relationship between the
> issuer and the subject. Two cases:

that is much clearer now. Thanks.

Best regards,
Marcos


More information about the Openid-specs-ab mailing list