[Openid-specs-ab] Issue #1705: Not listing federation_entity metadata in metadata. (openid/connect)
rolandh
issues-reply at bitbucket.org
Tue Nov 1 08:37:05 UTC 2022
New issue 1705: Not listing federation_entity metadata in metadata.
https://bitbucket.org/openid/connect/issues/1705/not-listing-federation_entity-metadata-in
Roland Hedberg:
None of the claims in _federation\_entity_ metadata is required. This means that an entity may have a _federation\_entity_ metadata specification that is an empty object. Like this:
“metadata”: \{
“federation\_entity”: \{\},
“openid\_provider”: \{ … \}
\}
In OIDC Core it is stated that claims with no value should not be include in messages. If \{\} is regarded as no value the above should be possible to rewrite as:
“metadata”: \{
“openid\_provider: \{ … \}
\}
Following this process all the way might cause a problem if the entity is only of the entity type _federation\_entity_ since then one should be able to removed the _metadata_ claim completely which goes contrary to what’s specified in section 3.1: “If the Entity Statement is an Entity Configuration, then the Entity Statement MUST contain a `metadata` claim.”.
Responsible: Roland Hedberg
More information about the Openid-specs-ab
mailing list