[Openid-specs-ab] Issue #2062: [Federation] Inconsistency between spec and provided examples (openid/connect)
Michael Fraser
issues-reply at bitbucket.org
Thu Sep 14 15:52:09 UTC 2023
New issue 2062: [Federation] Inconsistency between spec and provided examples
https://bitbucket.org/openid/connect/issues/2062/federation-inconsistency-between-spec-and
Michael Fraser:
Inside section 3.1: [https://openid.bitbucket.io/connect/openid-connect-federation-1\_0.html#section-3.1](https://openid.bitbucket.io/connect/openid-connect-federation-1_0.html#section-3.1) metadata is described as the following
> metadata
>
> REQUIRED. JSON object that \(…\) If the Entity Statement is an Entity Configuration, then the Entity Statement SHOULD contain a `metadata` claim. \(…\) If a `metadata` claim appears beside a `metadata_policy` claim in an Entity Statement, then for each Entity Type, claims that appear in `metadata` MUST NOT appear in `metadata_policy`
Specifically, the REQUIRED for non-entity configuration Entity Statements
Whereas the examples provided in section A.2.5 [https://openid.bitbucket.io/connect/openid-connect-federation-1\_0.html#appendix-A.2.5](https://openid.bitbucket.io/connect/openid-connect-federation-1_0.html#appendix-A.2.5) and A.2.7 [https://openid.bitbucket.io/connect/openid-connect-federation-1\_0.html#appendix-A.2.7](https://openid.bitbucket.io/connect/openid-connect-federation-1_0.html#appendix-A.2.7) do not contain a metadata key.
I understand this may be the end result if the metadata key is an empty object given some serializers may choose to omit empty keys, however, I believe the examples should explicitly include this for clarity
More information about the Openid-specs-ab
mailing list