[Openid-specs-ab] Issue #1494: [Federation][resolve entity endpoint] proof of the jwks collected from jwks_uri or signed_jwks_uri (openid/connect)
peppelinux
issues-reply at bitbucket.org
Fri May 6 09:40:31 UTC 2022
New issue 1494: [Federation][resolve entity endpoint] proof of the jwks collected from jwks_uri or signed_jwks_uri
https://bitbucket.org/openid/connect/issues/1494/federation-resolve-entity-endpoint-proof
Giuseppe De Marco:
Following the requirement exposed here: [https://bitbucket.org/openid/connect/issues/1479/federation-op-metadata-jwks-claim](https://bitbucket.org/openid/connect/issues/1479/federation-op-metadata-jwks-claim)
In view of the impossibility of obtaining the jwks claim within the metadata of the OPs and AS, I would like to propose the possibility of obtaining, optionally, the certificates obtained by jwks\_uri and signed\_jwks\_uri in the resolve entity response.
This would result in a signed proof by a trusted third party of trust marks, final metadata, trust\_chain \(as explained [here](https://bitbucket.org/openid/connect/issues/1489/federation-resolve-entity-endpoint-feat)\) and with this proposal to additionally obtain jwks taken from a url.
More information about the Openid-specs-ab
mailing list