[Openid-specs-ab] Issue #2096: Trust Chain in unsigned Authz request (openid/connect)
peppelinux
issues-reply at bitbucket.org
Wed Nov 29 11:10:38 UTC 2023
New issue 2096: Trust Chain in unsigned Authz request
https://bitbucket.org/openid/connect/issues/2096/trust-chain-in-unsigned-authz-request
Giuseppe De Marco:
In the Authorization Request parameters we have the `trust_chain` defined as following:
OPTIONAL. Array containing the sequence of the statements that compose the Trust Chain between the RP that makes the request and the selected Trust Anchor, sorted as shown in [Section 3.2](https://openid.net/specs/openid-federation-1_0.html#trust_chain). When the RP and the OP are part of the same federation the RP MUST select the Trust Anchor that it has in common with the OP, otherwise the RP is free to select the Trust Anchor it deems most significant.
implementers than may wonder when a Trust Chain should be brought in the authorization request as parameter or as JWS header parameter.
I would say that when the Authorization Requets is signed the trust\_chain is provided in the JWS header parameter, while, in the cases where the Authorization Request may be not signed, it can be provided in the request parameter.WDYT?
More information about the Openid-specs-ab
mailing list