[Openid-specs-ab] Issue #1387: Operations -> endpoints (openid/connect)
rolandh
issues-reply at bitbucket.org
Wed Dec 29 10:17:30 UTC 2021
New issue 1387: Operations -> endpoints
https://bitbucket.org/openid/connect/issues/1387/operations-endpoints
Roland Hedberg:
The specification now defines a Federation API that supports several operations \(fetch, resolve\_metadata and listing\).
Two more operations has been discussed \(search and trust mark introspection\).
Only fetch is mandatory to implement, the rest is optional to implement. Regarding the new trust mark introspection operation it would probably make sense to make it mandatory for a trust mark issuer to implement.
When it comes to the different operations it’s quite clear that they will have different needs when it comes to authentication of the operation requester. fetch anyone should be able to use, not so with for instance resolve\_metadata. One could also imaging listing returning slightly different sets of data dependent on who’s asking. Which then means that the who must be authenticated.
This leads me to the conclusion that we should move from one endpoint supporting several operations to one endpoint per operation.
Using unique endpoints would also make it simple to signal which operations/endpoints an entity supports in the same way OIDC Discovery does it.
Responsible: Roland Hedberg
More information about the Openid-specs-ab
mailing list