[Openid-specs-ab] Issue #1823: [Federation] Policy language: disambiguation about one_of and essential operators (openid/connect)

Pasquale Barbaro issues-reply at bitbucket.org
Fri Feb 17 11:59:00 UTC 2023 

New issue 1823: [Federation] Policy language: disambiguation about one_of and essential operators
https://bitbucket.org/openid/connect/issues/1823/federation-policy-language-disambiguation

Pasquale Barbaro:

from [https://openid.net/specs/openid-connect-federation-1\_0.html](https://openid.net/specs/openid-connect-federation-1_0.html), section 5.1.2:

![](https://bitbucket.org/repo/y86Mgrg/images/2921493119-immagine.png)
It is not clear as it is right now.  
The specs for _essential_ operator say: **"if essential is missing an operator, it is treated as if set to false"**  
and the specs for _one\_of_  say **"the presence of metadata parameter becomes optional when the directive occurs in conjunction with an essential set to false"**  
So it almost seems to me that: if I don’t put the essential operator, and thus it is condidered as set to "false" and at the same time i put the one\_of operator, the essential is considered as "false" and so the presence of parameter should be optional.  
  
In my opinion it should be specified that one\_of change its behavior only if you explicitely use **"essential: false"** along with it.

More information about the Openid-specs-ab mailing list