[Openid-specs-ab] Issue #1432: Why does resolver sign entity statement? (openid/connect)
tlodderstedt
issues-reply at bitbucket.org
Thu Feb 10 15:24:21 UTC 2022
New issue 1432: Why does resolver sign entity statement?
https://bitbucket.org/openid/connect/issues/1432/why-does-resolver-sign-entity-statement
Torsten Lodderstedt:
PR #122 changed the evaluate endpoint to a resolve endpoint. While I like the idea of a resolver as agent/utility function \(just like in DNS\), I don’t understand why the resolver signs the response. That way the receiver cannot validate the authenticity of the entity statement \(which should have been signed by the respective issuer\).
I also don’t understand the purpose of the `iss` parameter. Why is this supposed to be “The entity identifier of the entity who is requesting the information.“ ?
More information about the Openid-specs-ab
mailing list