peppelinux
commented
10 months ago We need two different kind of validation:
- schema based, according to this example: https://github.com/italia/spid-cie-oidc-django/tree/main/spid_cie_oidc/entity/schemas
- feature based, according to the metadata member that actually are implemented. Here we may issu a warning during the first execution of the proxy with the list of all the unsupported features
PascalDR
in the current implementation (0.6.0) the metadata is published within the entity configuration in an arbitrary way, while the metadata protocol specific features, requirements and capabilities defined within it are not implemented yet.
We need to implement the followings:
default_acr_values: checks that the LoA during the presentation satisfies the supported valuesdefault_max_age: defines how long an authenticated session, pertaining a presentation, is considered as valid. After this time period the authenticated session must expire. Specifies that the End-User MUST be actively authenticated if the End-User was authenticated longer ago than the specified number of seconds.id_token_ ..., related to SIOPv2. they we'll be implemented when the pseudonyms will be implementedpresentation_definitions, the RP Must check that the disclosed attributes within the presentation matches the one required as definite in the presentation definitionrequire_auth_time, boolean value specifying whether theauth_timeClaim in the ID Token is REQUIRED. Related to SIOPv2.subject_type, already implemented. An additional qualitative check is required.vp_formats, check that the presentation format is compliant to the values defined in this parameter.