[Openid-specs-fastfed] Feedback on FastFed Core
nov matake
nov at matake.jp
Fri Mar 20 01:30:23 UTC 2020
Hi, FastFed authors
I read thorough FastFed Core.
I'm looking forward to see many IdPs & SaaS Apps support it in near future.
As below, I have 3 comments on Core.
#1. Sample request/response on section 4.1.2.1.2 & 4.1.3
In 4.1.2.1.2, IdP returns "https://tenant-12345.idp.example.com/fastfed <https://tenant-12345.idp.example.com/fastfed>" as its FastFed URL.
However, in 4.1.3, Application Provider accesses to "https://provider.example.com/fastfed/provider-metadata <https://provider.example.com/fastfed/provider-metadata>".
If it's not intended, using same endpoint seems more easy to understand.
#2. Undefined terminology in 4.1.2.1.2
4.1.2.1.2 uses "Issuer location".
I read it as FastFed URL, but couldn't find the terminology definition of "Issuer" anywhere.
#3. Missing explicit JWT typing
As RFC 8725 recommends, it would be nicer if you use explicit JWT typing (e.g., application/fastfed-xxx+jwt) for each FastFed JWT messages.
https://tools.ietf.org/html/rfc8725#section-3.11 <https://tools.ietf.org/html/rfc8725#section-3.11>
Especially, finalization request JWT format seems very simple so that any other JWT messages can be cross-used for it.
Thanks,
nov
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-fastfed/attachments/20200320/4afdbe3e/attachment.html>
More information about the Openid-specs-fastfed
mailing list