[Openid-specs-ab] Issue #2124: [Federation] The entity type constraint should also take into account the roles of intermediate entites (openid/connect)
Vladimir Dzhuvinov
issues-reply at bitbucket.org
Sun Mar 3 17:31:07 UTC 2024
New issue 2124: [Federation] The entity type constraint should also take into account the roles of intermediate entites
https://bitbucket.org/openid/connect/issues/2124/federation-the-entity-type-constraint
Vladimir Dzhuvinov:
The `leaf_entity_types` constraint lets federation authorities control what kind of entity types \(e.g. `openid_relying_parties`\) leaves can assume. Intermediate entities however can also take such roles, i.e. roles other than `federation_entity`. We need to extend this constraint to apply to them as well.
[https://openid.bitbucket.io/connect/openid-federation-1\_0.html#section-6.2](https://openid.bitbucket.io/connect/openid-federation-1_0.html#section-6.2)
[https://openid.bitbucket.io/connect/openid-federation-1\_0.html#section-6.2.3](https://openid.bitbucket.io/connect/openid-federation-1_0.html#section-6.2.3)
The proposal is to rename the constraint to `entity_types` and update its definition to apply to any Subordinate, not just Subordinates that are Leaves.
Responsible: Vladimir Dzhuvinov
More information about the Openid-specs-ab
mailing list