[Openid-specs-ab] Issue #2095: Are changes to OIDC request protocol in section 10 required (openid/connect)
Stefan Santesson
issues-reply at bitbucket.org
Thu Nov 16 13:27:24 UTC 2023
New issue 2095: Are changes to OIDC request protocol in section 10 required
https://bitbucket.org/openid/connect/issues/2095/are-changes-to-oidc-request-protocol-in
Stefan Santesson:
Section 10 alters requirements on the request protocol relative to OIDC core.
* Passing the structured request parameter MUST be signed JWT
* If the trust\_chain request parameter and trust\_chain header is present. The OP is required to process them and compare them. This means that an OP MUST implement this check, even if they don’t use this \(e.g. they rely on a resolve endpoint\)
Isn’t the basic Idea that any set of OIDC and OAuth services should be able to use OpenID federation just as source of peer metadata, keys and Trust Marks, without changing the way they use OIDC or OAuth.
Are services that implements OIDC according to OIDC core not welcome in the federation unless they change their implementation of OIDC and OAuth?
I have problems understanding why the federation specification chooses to alter requirements on the core protocol. All data is resolvable from the federation by knowing the EnityID of the peer and trusting critical federation keys.
More information about the Openid-specs-ab
mailing list