[Openid-specs-ab] Issue #2144: Issue when building an entity chain from entity to trust anchor when entity is trusted by multiple intermediates (openid/connect)

Michael Fraser issues-reply at bitbucket.org
Thu Apr 11 09:59:35 UTC 2024 

New issue 2144: Issue when building an entity chain from entity to trust anchor when entity is trusted by multiple intermediates
https://bitbucket.org/openid/connect/issues/2144/issue-when-building-an-entity-chain-from

Michael Fraser:

In the below example, we have a set of entities that are both trusted and can have entities issued for by the Banking Authority and the Insurance Authority. In this scenario, the banking authority will issue a metadata policy dictating what is allowed/needed to act as a bank and the insurance provider will do the same providing what's required to act as an insurance provider. 

The concern arises when an entity wishes to produce a statement when its acting as both. Currently, the spec requires two chains to be built either manually or through the use of the resolve endpoint and then manually combined to produce the final entity statement.

How should this be best addressed/communicated?

![](https://bitbucket.org/repo/y86Mgrg/images/1957314977-Screenshot%202024-04-11%20at%2011.13.49.png)
‌

More information about the Openid-specs-ab mailing list