[Openid-specs-ab] Issue #1154: Federation: Explicit defintion of entity identifier (openid/connect)

Vladimir Dzhuvinov issues-reply at bitbucket.org
Mon Feb 10 10:39:09 UTC 2020

New issue 1154: Federation: Explicit defintion of entity identifier

Vladimir Dzhuvinov:

It occurred to me that the Federation spec is missing a clear explicit definition of what an “entity identifier” is.

In the definition of “Entity” we find out that “All entities in an OpenID Connect federation MUST have a globally unique identifier“ [https://openid.net/specs/openid-connect-federation-1\_0.html#rfc.section.1.2](https://openid.net/specs/openid-connect-federation-1_0.html#rfc.section.1.2)

In section 5 we find out that by appending \`/.well-known/openid-federation\` to it a config HTTP request can be made, which implies it should be an URL [https://openid.net/specs/openid-connect-federation-1\_0.html#rfc.section.5](https://openid.net/specs/openid-connect-federation-1_0.html#rfc.section.5)

My suggestion is to add an “Entity identifier” to the Terminology section spelling out that it must be an URI which is globally unique. “Entity identifier” appears 28 times in the spec, so this would make sense to me. 


More information about the Openid-specs-ab mailing list