[Openid-specs-ab] Issue #2161: Error in Trust Mark status response (8.4.2) (openid/connect)
Stefan Santesson
issues-reply at bitbucket.org
Wed Jul 24 20:00:59 UTC 2024
New issue 2161: Error in Trust Mark status response (8.4.2)
https://bitbucket.org/openid/connect/issues/2161/error-in-trust-mark-status-response-842
Stefan Santesson:
The description of the Trust Mark status response is not logically consistent.
The text states:
> A successful response MUST use the HTTP status code 200 with the content type `application/json`. The response body is a JSON object containing the data below:
>
> active
>
> REQUIRED. Boolean. Whether the Trust Mark is active or not.
>
> If the response is negative, the response is as defined in [Section 8.9](https://openid.net/specs/openid-federation-1_0.html#error_response).
This is not consistent.
It is stated that the “active” parameter indicates if the Trust Mark is active or not. This implies that it is valid to respond with a value of “false” if the Trust Mark is not valid.
Then it is stated that a negative response should be provided as defined in section 8.9 \(Error responses\).
However, the error responses has no means to provide the “active” result. It only returns an error code and a description. And no error code is relevant to a non-active response.
This text should either specify that a negative response \(active = false\) is a normal response and not according to 8.9. Or it should state that “active” only is used to indicate a successful response if the Trust Mark is valid. The current text makes no sense.
I suggest that a negative response or a positive response are both normal responses and not according to 8.9. 8.9 responses is only applicable if there is some error in the processing of the request.
More information about the Openid-specs-ab
mailing list