[Openid-specs-ab] Issue #1673: [Federation] Specify resolve response JWT claims (openid/connect)
Vladimir Dzhuvinov
issues-reply at bitbucket.org
Tue Oct 11 08:24:20 UTC 2022
New issue 1673: [Federation] Specify resolve response JWT claims
https://bitbucket.org/openid/connect/issues/1673/federation-specify-resolve-response-jwt
Vladimir Dzhuvinov:
The resolve response spec is missing a formal definition of the claims that go into the JWT:
[https://openid.net/specs/openid-connect-federation-1\_0.html#name-resolve-response](https://openid.net/specs/openid-connect-federation-1_0.html#name-resolve-response)
The example has the following top-level claims:
* iss - REQUIRED, the the resolve entity ID
* sub - REQUIRED, the according to the requested “sub”
* iat - REQUIRED, the JWT issue time or the time when the chain was last refreshed?
* exp - REQUIRED, the expiration of the trust chain?
* metadata - REQUIRED, according to the requested “type”, else for all available types?
* trust\_marks - REQUIRED, the collected and successfully validated trust marks
* trust\_chain - OPTIONAL
More information about the Openid-specs-ab
mailing list