[Openid-specs-ab] Issue #1508: [Federation] trivial editorial issues (openid/connect)
Takahiko Kawasaki
issues-reply at bitbucket.org
Wed May 25 20:00:53 UTC 2022
New issue 1508: [Federation] trivial editorial issues
https://bitbucket.org/openid/connect/issues/1508/federation-trivial-editorial-issues
Takahiko Kawasaki:
#### Section 1.1
* `<xref target="RFC2119">RFC 2119</xref>` → `<xref target="RFC2119"/>`
#### Section 3.1, sub
* Add a period at the end of the paragraph.
#### Section 3.1, iat
* `<xref target="RFC3339">RFC 3339</xref>` → `<xref target="RFC3339"/>`
#### Section 3.1, jwks
* Key ID \(kid\) → Key ID \(**<spanx style=”verb”>**kid**</spanx>**\)
#### Section 4.2, request\_authentication\_methods\_supported
* Therefor → Therefor**e**
#### Section 4.2, signed\_jwks\_uri
* included in the JWK that → included in the JWK **Set** that
#### Section 4.2, jwks
* unable to use the signed\_jwks\_uri parameter → unable to use the **<spanx style=”verb”>**signed\_jwks\_uri**</spanx>** parameter
* One significant downside of jwks is that it does not enable key rotation \(which signed\_jwks\_uri and jwks\_uri does\). → One significant downside of **<spanx style=”verb”>**jwks**</spanx>** is that it does not enable key rotation \(which **<spanx style=”verb”>**signed\_jwks\_uri**</spanx>** and **<spanx style=”verb”>**jwks\_uri**</spanx>** **do**\).
#### Section 4.2, OP’s entity statement
* `signed_jwks.json` → `signed_jwks.jose`
#### Section 5.1.1, superset\_of
* We define superset the mathematical way → We define superset **in a** mathematical way
#### Section 5.1.1, the last paragraph
* subset\_of, superset\_of and default**~~s~~** are still expressed → **<spanx style=”verb”>**subset\_of**</spanx>**, **<spanx style=”verb”>**superset\_of**</spanx>** and **<spanx style=”verb”>default</spanx>** are still expressed
#### Section 5.1.4, the third bullet
* If the parameter still has no value apply the `default` if there is one. → If the parameter still has no value**,** apply the `default` if there is one. \(insert a comma between “value” and “apply”\)
#### Section 5.1.4, the fourth bullet
* If `essential` is missing as an operator `essential` is to be treated → If `essential` is missing as an operator**,** `essential` is to be treated \(insert a comma between “operator” and “essential”\)
#### Section 5.1.4, the fifth bullet
* Verified that → **Verify** that
#### Section 5.1.5, the first paragraph
* OAUth2 → OA**u**th2
#### Section 5.3.3, example of a trust mark claim inside an entity statemenT
* Entries in `openid_relying_party` are not properly indented.
#### Section 6.1
* request to the Entity `https://example.com` → request to the Entity `https://openid.sunet.se`
#### Section 7.1.1, iss
* which issuer we want entity statements from → which issuer **you** want entity statements from
#### Section 7.2.2, the first paragraph
* The response MAY also contain**~~s~~** → The response MAY also **contain**
#### Section 7.3.1, the first paragraph
* https scheme to a **~~resolve~~** list endpoint. → https scheme to a list endpoint.
#### Section 7.3.1, the second paragraph
* an API request for trust negotiation → an API request for **a list of entities**
#### Section 7.4.1, the first paragraph
* https scheme to a **~~resolved~~** status endpoint → https scheme to a status endpoint
* with the following query **~~string~~** parameters → with the following query parameters
#### Section 7.4.1, sub
* The entity\_id for the entity to which → The ID of the entity to which
#### Section 7.4.1, iat
* by `sub`. **~~Then~~** the last **~~last~~** one → by `sub`, the last one
#### Section 7.4.1, trust\_mark
* Add a period at the end of the paragraph.
#### Section 8, the first paragraph
* with a remote peer**,** MUST have → with a remote peer MUST have \(remove the comma\)
#### Section 8.2, the third last paragraph
* a much more expensive operation then → a much more expensive operation **than**
* An implementer MAY therefore chose to not verify → An implementer MAY therefore **choose** to not verify
#### Section 8.4
* expiration time \(exp\) → expiration time \(**<spanx style=”verb”>**exp**</spanx>**\)
* minimum value of exp → minimum value of **<spanx style=”verb”>**exp**</spanx>**
#### Section 9.1
* updated version of the public key. → updated version of the public key**s**.
#### Section 10.2.1.1, the third bullet
* influenced by the OPs metadata → influenced by the OP's metadata
#### Section 11.1.1, client\_registration\_types\_supported, metadata description
* Federation Types Supported → Client Registration Types Supported
#### Section 11.2.1, client\_registration\_type, metadata description
* Federation Type → Client Registration Type
#### A.1, the second last paragraph
* a one-layer federation like Internet2 → a one-layer federation like **InCommon**
#### A.3.1, authorization request
* `GET /authorize?` → `GET /openid/authorization?`
#### A.3.2
* `https://wiki.ligo.org/callback` → `https://wiki.ligo.org/openid/callback` \(modify `redirect_uris` in the examples in A.3.2, or modify `redirect_uri` and the content of `request` of the authorization request in A.3.1\)
* `metadata_policy/openid_relying_party` should include `redirect_uris` because OIDC servers reject authentication requests including an unregistered `redirect_uri` unless PAR is used. \(cf. RFC 9126 [Section 2.4](https://www.rfc-editor.org/rfc/rfc9126.html#section-2.4)\)
More information about the Openid-specs-ab
mailing list