[Openid-specs-ab] Issue #1158: Federation 4 /7.2 - not clear handling when 'metadata' duplicated in the trust chain (openid/connect)
p_kowalik
issues-reply at bitbucket.org
Wed Feb 19 08:50:20 UTC 2020
New issue 1158: Federation 4 /7.2 - not clear handling when 'metadata' duplicated in the trust chain
https://bitbucket.org/openid/connect/issues/1158/federation-4-72-not-clear-handling-when
Pawel Kowalik:
In 2.1 it is allowed, that Entity Statement from an intermediate over a leaf entity also contains “metadata” claim.
In result, in the trust chain for a leaf entity X as per notation in 7.2 we have:
ES\[0\] - self statement of entity X, iss=X, sub=X
ES\[1\] - statement of intermediate Y over X, iss=Y, sub=X
Both ES\[0\] and ES\[1\] can contain “metadata” claim \(as per 2.1\) with the same subject sub=X. The specification is not clear whether in such situation:
* it is intended or allowed to have such duplication
* it shall be verified if the two are identical and if not, whether such statement shall be rejected
More information about the Openid-specs-ab
mailing list