[Openid-specs-ab] Issue #1467: DID resolver method for OIDC Federation (openid/connect)
peppelinux
issues-reply at bitbucket.org
Fri Mar 25 23:01:45 UTC 2022
New issue 1467: DID resolver method for OIDC Federation
https://bitbucket.org/openid/connect/issues/1467/did-resolver-method-for-oidc-federation
Giuseppe De Marco:
In SIOPv2 “[6. ](https://openid.net/specs/openid-connect-self-issued-v2-1_0.html#section-6)[Discovery and Registration](https://openid.net/specs/openid-connect-self-issued-v2-1_0.html#name-discovery-and-registration)” we read
”””
_If_ `client_id` _is a HTTPS URL,_ `client_id` _is resolved to obtain all Relying Party metadata from an Entity Statement as defined in \[_[_OpenID.Federation_](https://openid.net/specs/openid-connect-self-issued-v2-1_0.html#OpenID.Federation)_\]._
”””
I propose to have an OIDC Federation resolution method instead, eg:
`did:openid:example.it:oidc:rp` that resolves to `https://example.it/oidc/rp/.well-known/openid-federation`
The resolution method could be defined in OIDC Federation and referenced in [did-spec-registries](https://www.w3.org/TR/did-spec-registries/#did-methods).
even the sections “[9.2.2.1. ](https://openid.net/specs/openid-connect-self-issued-v2-1_0.html#section-9.2.2.1)[OpenID Federation 1.0 Automatic Registration](https://openid.net/specs/openid-connect-self-issued-v2-1_0.html#name-openid-federation-10-automa)” and “[9.2. ](https://openid.net/specs/openid-connect-self-issued-v2-1_0.html#section-9.2)[Non-Pre-Registered Relying Party](https://openid.net/specs/openid-connect-self-issued-v2-1_0.html#name-non-pre-registered-relying-)” would be renewed by this proposal.
More information about the Openid-specs-ab
mailing list