[Openid-specs-fapi] Issue #334: Question regarding metadata (openid/fapi)

Sun Nov 8 11:45:45 UTC 2020

To stop participants from trying to say 'look on our dev portal for the override values for a given configuration'. To enforce 'compliant' providers to use/provide the discovery service in the way that it is intended.

Several Providers in the UK ecosystem are advertising one thing on discovery and then asking for values to be overridden else where.

On 08/11/2020, 09:27, "Openid-specs-fapi on behalf of Daniel Fett via Openid-specs-fapi" <openid-specs-fapi-bounces at lists.openid.net on behalf of openid-specs-fapi at lists.openid.net> wrote:

    New issue 334: Question regarding metadata
    https://bitbucket.org/openid/fapi/issues/334/question-regarding-metadata

    Daniel Fett:

    Part 1 currently says:

    ```
    1. shall support [OIDD] and may support [RFC8414];
    1. shall only distribute discovery metadata (such as the authorization endpoint) via the metadata document as specified in [OIDD] and [RFC8414].
    ```

    What is the meaning of “only” in the second clause? That metadata should not be distributed through other means than the metadata document? What would be the purpose of this?

    _______________________________________________
    Openid-specs-fapi mailing list
    Openid-specs-fapi at lists.openid.net
    http://lists.openid.net/mailman/listinfo/openid-specs-fapi