[Openid-specs-ab] Issue #1533: [Federation] trust path hint in the authz request (openid/connect)
peppelinux
issues-reply at bitbucket.org
Thu Jun 16 15:18:09 UTC 2022
New issue 1533: [Federation] trust path hint in the authz request
https://bitbucket.org/openid/connect/issues/1533/federation-trust-path-hint-in-the-authz
Giuseppe De Marco:
Assuming that a RP may belongs to more then a Federation and also an OP could do that, I’m considering the possibility to have a `trust_path_hint` parameter in the request object \(or in the RAR JSON object\) that simply suggest to a verifier \(OP\) the path to adopt to resolve the trust.
Eg,
```
trust_path_hint = ["https://intermediary-one.org", "https://intermediary-two.org", "https://trust-anchor.org"]
```
this hint may be used by the OP to avoid to follow all the authority\_hints found in the Entity Configuration \(and along the path of the metadata discovery procedure\).
this feature would be completely optional and the OP may follow it or not, it’s just an hint.
More information about the Openid-specs-ab
mailing list