[Openid-specs-ab] Issue #1801: [Federation] Metadata policy - the sake of the essentials (openid/connect)
peppelinux
issues-reply at bitbucket.org
Tue Jan 31 21:29:55 UTC 2023
New issue 1801: [Federation] Metadata policy - the sake of the essentials
https://bitbucket.org/openid/connect/issues/1801/federation-metadata-policy-the-sake-of-the
Giuseppe De Marco:
In this issue is reported how the operator called “essential” is defined in the current draft and how I think we may improve the text
in [5.1.2. Operators](https://openid.net/specs/openid-connect-federation-1_0.html#section-5.1.2)
essential
```
If true, then the parameter MUST have a value.
```
in [5.1.4](https://openid.net/specs/openid-connect-federation-1_0.html#section-5.1.4)
essential
If a superior has specified essential=true, then a subordinate cannot change that. If a superior has specified essential=false, then a subordinate is allowed to change that to essential=true. If a superior has not specified essential, then a subordinate can set essential to true or false.
[5.1.5. Applying Policies](https://openid.net/specs/openid-connect-federation-1_0.html#section-5.1.5)
... If essential is missing as an operator, essential is to be treated as if set to false.
My proposal is to say in the definition of the term: the cases If false … and also If omitted … If this will happen, having said clearly its meaning and behaviour we may remove the duplicated text in section 5.1.5.
I didn’t understand how “a subordinate is allowed to change that to essential=true”
Responsible: Giuseppe De Marco
More information about the Openid-specs-ab
mailing list