[Openid-specs-ab] Issue #1158: Federation 4 /7.2 - not clear handling when 'metadata' duplicated in the trust chain (openid/connect)

p_kowalik issues-reply at bitbucket.org
Wed Feb 19 08:50:20 UTC 2020


New issue 1158: Federation 4 /7.2 - not clear handling when 'metadata' duplicated in the trust chain
https://bitbucket.org/openid/connect/issues/1158/federation-4-72-not-clear-handling-when

Pawel Kowalik:

In 2.1 it is allowed, that Entity Statement from an intermediate over a leaf entity also contains “metadata” claim.

In result, in the trust chain for a leaf entity X as per notation in 7.2 we have:

ES\[0\] - self statement of entity X, iss=X, sub=X

ES\[1\] - statement of intermediate Y over X, iss=Y, sub=X

Both ES\[0\] and ES\[1\] can contain “metadata” claim \(as per 2.1\) with the same subject sub=X. The specification is not clear whether in such situation:

* it is intended or allowed to have such duplication
* it shall be verified if the two are identical and if not, whether such statement shall be rejected

‌




More information about the Openid-specs-ab mailing list