search

italia / spid-cie-oidc-django

The SPID/CIE OIDC Federation SDK, written in Python
Apache License 2.0
22 stars 25 forks source link

Trust Anchor in claim trust_marks_issuers #278

Closed carlotafuro closed 9 months ago

carlotafuro commented 9 months ago

HI, in the claim trust_marks_issuers contained in the Entity Configuration of the Trust Anchor (http://trust-anchor.org:8000/.well-known/openid-federation?format=json) I expected to find Trust Anchor itself among the values listed, like this:

"trust_marks_issuers": {
  "http://trust-anchor.org:8000": [
    "http://trust-anchor.org:8000"
  ],
  "https://www.spid.gov.it/certification/rp/public": [
    "https://registry.spid.agid.gov.it",
    "https://public.intermediary.spid.it"
  ],
  "https://www.spid.gov.it/certification/rp/private": [
    "https://registry.spid.agid.gov.it",
    "https://private.other.intermediary.it"
  ],
  "https://sgd.aa.it/onboarding": [
    "https://sgd.aa.it"
  ]
},

_see file https://github.com/italia/spid-cie-oidc-django/blob/main/examples/federation_authority/dumps/example.json_

Is it implied that the Trust Anchor can issue trust marks?

Thanks for your kind response Carlo Tafuro

peppelinux commented 9 months ago

yes, TM can issue TM and enable other federation entity do so if they are listed in the trust_mark_issuers object