[Openid-specs-ab] Issue #1493: [Federation] Devise mechanism for policy metadata to enforce entity role(s) of subordinates (openid/connect)
Vladimir Dzhuvinov
issues-reply at bitbucket.org
Fri May 6 07:44:52 UTC 2022
New issue 1493: [Federation] Devise mechanism for policy metadata to enforce entity role(s) of subordinates
https://bitbucket.org/openid/connect/issues/1493/federation-devise-mechanism-for-policy
Vladimir Dzhuvinov:
Discussed in person with Roland Hedberg at the OAuth sec workshop in Trondheim:
At present we have a mechanism to enforce policies regarding metadata fields for OPs and RPs \(and other roles\) in a federation trust chain, but no way to enforce what roles subordinates MAY or MUST have, e.g. a rule like “all subordinates must be OPs”. This came up in a discussion on GAIN.
If the existing metadata policy scheme is not suitable perhaps another method could be invented.
More information about the Openid-specs-ab
mailing list