[Openid-specs-ab] Issue #1704: Which entities are metadata and metadata_policy applicable on. (openid/connect)
rolandh
issues-reply at bitbucket.org
Tue Nov 1 07:57:21 UTC 2022
New issue 1704: Which entities are metadata and metadata_policy applicable on.
https://bitbucket.org/openid/connect/issues/1704/which-entities-are-metadata-and
Roland Hedberg:
When a superior issues an entity statement about a subordinate subject it can use **metadata** and **metadata\_policy** claims to specify the policy that should govern the subject’s metadata. Unfortunately the text doesn’t seem to be clear on if both **metadata** and **metadata\_policy** also should be applied to subordinates to the subject.
The intent was that the policy \(whether it’s specified using metadata or metadata\_policy\) should be applicable to the subject as well as all the subject’s subordinates. This has to be made clearer in the text.
Responsible: Roland Hedberg
More information about the Openid-specs-ab
mailing list