[Openid-specs-ab] Issue #1610: [Federation] max_path_length review (openid/connect)
peppelinux
issues-reply at bitbucket.org
Fri Aug 26 22:49:26 UTC 2022
New issue 1610: [Federation] max_path_length review
https://bitbucket.org/openid/connect/issues/1610/federation-max_path_length-review
Giuseppe De Marco:
I suggest to simplify the meaning of max\_path\_length here [https://openid.net/specs/openid-connect-federation-1\_0.html#section-5.2.1](https://openid.net/specs/openid-connect-federation-1_0.html#section-5.2.1)
When I talk with the implementers I just use the following formula:
max\_path\_length defines the maximum number of Federation Intermediaries between a Leaf and its Trust Anchor.
If equal to 1 it means that only one intermediary is allowed along the path.
If zero, any.
I’d propose to remove all those text with something simple as above, without any examples.
ps = to easily shown an implementation approach: we just have to count the EC in a trust chain, excluding the first \(Leaf’s\) and the TA. The count of the remaining ECs must be minor or equal to max\_path\_length.
More information about the Openid-specs-ab
mailing list