[Openid-specs-ab] Issue #1526: [Federation] Treatment of metadata from superior entity (openid/connect)
Vladimir Dzhuvinov
issues-reply at bitbucket.org
Mon Jun 13 11:49:21 UTC 2022
New issue 1526: [Federation] Treatment of metadata from superior entity
https://bitbucket.org/openid/connect/issues/1526/federation-treatment-of-metadata-from
Vladimir Dzhuvinov:
> If iss and sub are not the same, then the entity statement MAY contain a metadata claim containing metadata asserted by a superior about the entity identified by sub.
https://openid.net/specs/openid-connect-federation-1\_0.html#entity-statement
The current spec allows superiors \(anchors and intermediates\) to set metadata fields as well. If a field is set by a superior how is it applied to the subordinate metadata?
Eg if we assume the existing policy operators terminology : value or default?
[https://openid.net/specs/openid-connect-federation-1\_0.html#rfc.section.5.1.1](https://openid.net/specs/openid-connect-federation-1_0.html#rfc.section.5.1.1)
If a policy for the field is also present, which one of the two has precedence? Is the hierarchy in the trust chain also a factor here?
BTW, what was the reason to include this metadata feature in the spec? I couldn't find this change referenced in the doc history.
More information about the Openid-specs-ab
mailing list