[Openid-specs-ab] Issue #1508: [Federation] trivial editorial issues (openid/connect)

Takahiko Kawasaki issues-reply at bitbucket.org
Wed May 25 20:00:53 UTC 2022 

New issue 1508: [Federation] trivial editorial issues
https://bitbucket.org/openid/connect/issues/1508/federation-trivial-editorial-issues

Takahiko Kawasaki:

#### Section 1.1

* `<xref target="RFC2119">RFC 2119</xref>` → `<xref target="RFC2119"/>`

‌

#### Section 3.1, sub

* Add a period at the end of the paragraph.

‌

#### Section 3.1, iat

* `<xref target="RFC3339">RFC 3339</xref>` → `<xref target="RFC3339"/>`

‌

#### Section 3.1, jwks

* Key ID \(kid\) → Key ID \(**<spanx style=”verb”>**kid**</spanx>**\)

‌

#### Section 4.2, request\_authentication\_methods\_supported

* Therefor → Therefor**e**

‌

#### Section 4.2, signed\_jwks\_uri

* included in the JWK that → included in the JWK **Set** that

‌

#### Section 4.2, jwks

* unable to use the signed\_jwks\_uri parameter → unable to use the **<spanx style=”verb”>**signed\_jwks\_uri**</spanx>** parameter
* One significant downside of jwks is that it does not enable key rotation \(which signed\_jwks\_uri and jwks\_uri does\). → One significant downside of **<spanx style=”verb”>**jwks**</spanx>** is that it does not enable key rotation \(which **<spanx style=”verb”>**signed\_jwks\_uri**</spanx>** and **<spanx style=”verb”>**jwks\_uri**</spanx>** **do**\).

‌

#### Section 4.2, OP’s entity statement

* `signed_jwks.json` → `signed_jwks.jose`

‌

#### Section 5.1.1, superset\_of

* We define superset the mathematical way → We define superset **in a** mathematical way

‌

#### Section 5.1.1, the last paragraph

* subset\_of, superset\_of and default**~~s~~** are still expressed → **<spanx style=”verb”>**subset\_of**</spanx>**, **<spanx style=”verb”>**superset\_of**</spanx>** and **<spanx style=”verb”>default</spanx>** are still expressed

‌

#### Section 5.1.4, the third bullet

* If the parameter still has no value apply the `default` if there is one. → If the parameter still has no value**,** apply the `default` if there is one. \(insert a comma between “value” and “apply”\)

‌

#### Section 5.1.4, the fourth bullet

* If `essential` is missing as an operator `essential` is to be treated → If `essential` is missing as an operator**,** `essential` is to be treated \(insert a comma between “operator” and “essential”\)

‌

#### Section 5.1.4, the fifth bullet

* Verified that → **Verify** that

‌

#### Section 5.1.5, the first paragraph

* OAUth2 → OA**u**th2

‌

#### Section 5.3.3, example of a trust mark claim inside an entity statemenT

* Entries in `openid_relying_party` are not properly indented.

‌

#### Section 6.1

* request to the Entity `https://example.com` → request to the Entity `https://openid.sunet.se`

‌

#### Section 7.1.1, iss

* which issuer we want entity statements from → which issuer **you** want entity statements from

‌

#### Section 7.2.2, the first paragraph

* The response MAY also contain**~~s~~** → The response MAY also **contain**

‌

#### Section 7.3.1, the first paragraph

* https scheme to a **~~resolve~~** list endpoint. → https scheme to a list endpoint.

‌

#### Section 7.3.1, the second paragraph

* an API request for trust negotiation → an API request for **a list of entities**

‌

#### Section 7.4.1, the first paragraph

* https scheme to a **~~resolved~~** status endpoint → https scheme to a status endpoint
* with the following query **~~string~~** parameters → with the following query parameters

‌

#### Section 7.4.1, sub

* The entity\_id for the entity to which → The ID of the entity to which

‌

#### Section 7.4.1, iat

* by `sub`. **~~Then~~** the last **~~last~~** one → by `sub`, the last one

‌

#### Section 7.4.1, trust\_mark

* Add a period at the end of the paragraph.

‌

#### Section 8, the first paragraph

* with a remote peer**,** MUST have → with a remote peer MUST have \(remove the comma\)

‌

#### Section 8.2, the third last paragraph

* a much more expensive operation then → a much more expensive operation **than**
* An implementer MAY therefore chose to not verify → An implementer MAY therefore **choose** to not verify

‌

#### Section 8.4

* expiration time \(exp\) → expiration time \(**<spanx style=”verb”>**exp**</spanx>**\)
* minimum value of exp → minimum value of **<spanx style=”verb”>**exp**</spanx>**

‌

#### Section 9.1

* updated version of the public key. → updated version of the public key**s**.

‌

#### Section 10.2.1.1, the third bullet

* influenced by the OPs metadata → influenced by the OP's metadata

‌

#### Section 11.1.1, client\_registration\_types\_supported, metadata description

* Federation Types Supported → Client Registration Types Supported

‌

#### Section 11.2.1, client\_registration\_type, metadata description

* Federation Type → Client Registration Type

‌

#### A.1, the second last paragraph

* a one-layer federation like Internet2 → a one-layer federation like **InCommon**

‌

#### A.3.1, authorization request

* `GET /authorize?` → `GET /openid/authorization?`

‌

#### A.3.2

* `https://wiki.ligo.org/callback` → `https://wiki.ligo.org/openid/callback` \(modify `redirect_uris` in the examples in A.3.2, or modify `redirect_uri` and the content of `request` of the authorization request in A.3.1\)
* `metadata_policy/openid_relying_party` should include `redirect_uris` because OIDC servers reject authentication requests including an unregistered `redirect_uri` unless PAR is used. \(cf. RFC 9126 [Section 2.4](https://www.rfc-editor.org/rfc/rfc9126.html#section-2.4)\) 

‌

More information about the Openid-specs-ab mailing list