[Openid-specs-ab] Issue #1583: Semantics of One-of (openid/connect)
David Chadwick
issues-reply at bitbucket.org
Sun Jul 31 16:56:49 UTC 2022
New issue 1583: Semantics of One-of
https://bitbucket.org/openid/connect/issues/1583/semantics-of-one-of
David Chadwick:
The latest version of OpenID Connect Federation \(draft 20, June 14\) defines the “one\_of” policy operator. However, if more than one value is specified by the trust anchor, and the leaf entity does not specify this metadata claim, then which of the one\_of values should be used by the entity that has retrieved the metadata and metadata policies? The example given in the specification uses logo\_uri with two values in the policy, and none in the leaf entity, and then lists just one of them in the resulting leaf entity’s metadata. No text defines how this value was chosen.
Suggest add clarifying text that if multiple values remain then the first one from the one\_of set should be used. This would then agree with the example.
More information about the Openid-specs-ab
mailing list