search

italia / spid-cie-oidc-docs

SPID CIE OIDC technical specifications
Creative Commons Zero v1.0 Universal
6 stars 13 forks source link

Intermediate nel listing endpoint #161

Open fmarino-ipzs opened 1 year ago

fmarino-ipzs commented 1 year ago

Valutare se aggiungere il valore intermediate nel listing edpoint. Attualmente non abbiamo intermediate come tipo di entità.

peppelinux commented 1 year ago

in https://openid.net/specs/openid-connect-federation-1_0.html#section-7.3.1

we don't have any metadata type "intermediate"

The metadata type are defined in https://openid.net/specs/openid-connect-federation-1_0.html#section-4 we have federation_entity but not intermediate

damikael commented 1 year ago

I suggest to keep:

entity_type: {
     federation_entity, 
     openid_provider, 
     relying_party, 
     oauth_resource, 
     oauth_autorization_server
}

and to define:

entity_role: {
     anchor, 
     intermediate, 
     leaf
}

and use both either for trust mark and on the listing endpoint

For example: /list?entity_type=federation_entity&entity_role=intermediate

peppelinux commented 1 year ago

entity_role=anchor is not coerent with entity_type=rp

the best solution would be

is_leaf=false, as it was in draft 22

damikael commented 1 year ago

Or, it could be:

entity_role: {
     intermediate,
     leaf
}

So we can use entity_type + entity_role for trust_mark

peppelinux commented 1 week ago

OpenID Federation has introduced the parameter intermerdiate in the list endpoint

https://openid.net/specs/openid-federation-1_0.html#name-subordinate-listing-request