[Openid-specs-ab] Issue #1489: [Federation][Resolve entity endpoint] feat: trust_chain claim as OPTIONAL (openid/connect)
peppelinux
issues-reply at bitbucket.org
Sun May 1 22:17:55 UTC 2022
New issue 1489: [Federation][Resolve entity endpoint] feat: trust_chain claim as OPTIONAL
https://bitbucket.org/openid/connect/issues/1489/federation-resolve-entity-endpoint-feat
Giuseppe De Marco:
`trust_chain` can be a new OPTIONAL claim to include in the resolve entity statement response.
With this claim the resolver make clear how It has build the final metadata.
trust\_chain claim could contain an Array of signed jwt, the original entity statements collected during the Metadata Discovery.
This may improve the trust in the resolver, because its result \(final metadata and trust marks\) is verifiable with the original statements that makes the chain.
The response would be verifiable and would offer the path to be taken with metadata discovery, this would offer a shortcut for all the metadata discovery to calculate for each leaf that has multiple authority\_hints.
This mechanism would suggest the path from the leaf to a trust anchor, from the resolver point of view.
More information about the Openid-specs-ab
mailing list