[Openid-specs-ab] Issue #2148: Say what endpoints cannot come from Superiors (openid/connect)
mbj
issues-reply at bitbucket.org
Thu May 2 16:23:26 UTC 2024
New issue 2148: Say what endpoints cannot come from Superiors
https://bitbucket.org/openid/connect/issues/2148/say-what-endpoints-cannot-come-from
Michael Jones:
It’s clear that the federation\_fetch\_endpoint, federation\_list\_endpoint, and the federation\_resolve\_endpoint, when present, must come directly from the Entity Configuration and not from Subordinate Statements, as they are used in building Trust Chains. They must be known before applying metadata to trust chains, and therefore, be in the federation\_entity metadata of Entity Configurations. We currently do not say that in the spec.
For consistency, I would propose that we also require the other federation\_entity endpoints to be in Entity Configurations, but would be open to hearing reasons why this should not be the case.
More information about the Openid-specs-ab
mailing list