[Openid-specs-ab] Issue #1394: Trust marks / Links (openid/connect)
tomcjones
issues-reply at bitbucket.org
Thu Jan 13 16:09:28 UTC 2022
New issue 1394: Trust marks / Links
https://bitbucket.org/openid/connect/issues/1394/trust-marks-links
Tom Jones:
1. As Roland points out - with zero trust it MUST be possible to valid trust mark/links at any time.
2. The trust mark and the link to the authorities should be one and the same thing - ie there is no need for the mark, all it is is a link to the authority. \(That implies that there MUST NOT be two authorities per mark. If the user asks someone else for assurance, that other party becomes the trust authority and the RP needs to be able to explain that in a security audit.\)
3. Some people think that the trust mark is static, that it just points to the authority, but that seems to be pointless. if it points to the authority, it should contain the entity id in the link. That makes this point a request for a change to clarify that.
4. If 3 is true, then it answers 1 and the trust mark is recognized as the best possible answer to point one.
More information about the Openid-specs-ab
mailing list