[Openid-specs-risc] openid/sharedsignals: New Issue opened

Mon Mar 17 17:43:16 UTC 2025

openid/sharedsignals event

Issue opened
Issue Title: Support for advertising Transmitter metadata for multiple versions of spec
https://github.com/openid/sharedsignals/issues/241

Current SSF transmitter [metadata](https://openid.github.io/sharedsignals/openid-sharedsignals-framework-1_0.html#name-transmitter-configuration-r) endpoint doesn't allow supporting multiple versions of the spec. If a transmitter wants to support multiple versions of the specification, transmitter has to maintain separate metadata endpoints for each version of the spec. Instead, if the metadata endpoint allows publishing the metadata per spec, that would avoid managing multiple sets of metadata endpoints. This will allow transmitters supporting multiple versions (v1, v2, v3..) of the spec and receivers can get the information just by invoking metadata endpoint `.well-known/ssf-configuration` without having human intervention. Current Transmitter Configuration ` /.well-known/ssf-configuration` response: ``` { "spec_version": "1_0-ID3", "issuer": "https://tr.example.com", "jwks_uri": "https://tr.example.com/jwks.json", "delivery_methods_supported": [ "urn:ietf:rfc:8935", "urn:ietf:rfc:8936"], "events_supported": [ "https://schemas.openid.net/secevent/ssf/event-type/stream-updated", "https://schemas.openid.net/secevent/ssf/event-type/verification", "https://schemas.openid.net/secevent/risc/event-type/sessions-revoked" "https://schemas.openid.net/secevent/caep/event-type/session-revoked"], "configuration_endpoint": "https://tr.example.com/ssf/mgmt/stream", "status_endpoint": "https://tr.example.com/ssf/mgmt/status", "add_subject_endpoint": "https://tr.example.com/ssf/mgmt/subject:add", "remove_subject_endpoint": "https://tr.example.com/ssf/mgmt/subject:remove", "verification_endpoint": "https://tr.example.com/ssf/mgmt/verification", "critical_subject_members": [ "tenant", "user" ], "authorization_schemes":[ { "spec_urn": "urn:ietf:rfc:6749" }, { "spec_urn": "urn:ietf:rfc:8705" } ], "default_subjects": "NONE" } ``` Asking for support for multiple versions: ``` { "1_0-ID3":{ "issuer": "https://tr.example.com", "jwks_uri": "https://tr.example.com/jwks.json", "delivery_methods_supported": [ "urn:ietf:rfc:8935", "urn:ietf:rfc:8936"], "events_supported": [ "https://schemas.openid.net/secevent/ssf/event-type/stream-updated", "https://schemas.openid.net/secevent/ssf/event-type/verification", "https://schemas.openid.net/secevent/risc/event-type/sessions-revoked" "https://schemas.openid.net/secevent/caep/event-type/session-revoked"], "configuration_endpoint": "https://tr.example.com/ssf/mgmt/stream", "status_endpoint": "https://tr.example.com/ssf/mgmt/status", "add_subject_endpoint": "https://tr.example.com/ssf/mgmt/subject:add", "remove_subject_endpoint": "https://tr.example.com/ssf/mgmt/subject:remove", "verification_endpoint": "https://tr.example.com/ssf/mgmt/verification", "critical_subject_members": [ "tenant", "user" ], "authorization_schemes":[ { "spec_urn": "urn:ietf:rfc:6749" }, { "spec_urn": "urn:ietf:rfc:8705" } ], "default_subjects": "NONE" } "1_0-ID1" : { "issuer": "https://tr.example.com", "jwks_uri": "https://tr.example.com/jwks.json", "delivery_methods_supported": [ "https://schemas.openid.net/secevent/risc/delivery-method/push", "https://schemas.openid.net/secevent/risc/delivery-method/poll"], "configuration_endpoint": "https://tr.example.com/sse/mgmt/stream", "status_endpoint": "https://tr.example.com/sse/mgmt/status", "add_subject_endpoint": "https://tr.example.com/sse/mgmt/subject:add", "remove_subject_endpoint": "https://tr.example.com/sse/mgmt/subject:remove", "verification_endpoint": "https://tr.example.com/sse/mgmt/verification", "critical_subject_members": [ "tenant", "user" ] } } ```
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-risc/attachments/20250317/2f58c34e/attachment.htm>