Federation 4 /7.2 - not clear handling when 'metadata' duplicated in the trust chain

Issue #1158 resolved
Pawel Kowalik created an issue

In 2.1 it is allowed, that Entity Statement from an intermediate over a leaf entity also contains “metadata” claim.

In result, in the trust chain for a leaf entity X as per notation in 7.2 we have:

ES[0] - self statement of entity X, iss=X, sub=X

ES[1] - statement of intermediate Y over X, iss=Y, sub=X

Both ES[0] and ES[1] can contain “metadata” claim (as per 2.1) with the same subject sub=X. The specification is not clear whether in such situation:

  • it is intended or allowed to have such duplication
  • it shall be verified if the two are identical and if not, whether such statement shall be rejected

Comments (5)

  1. Roland Hedberg

    An entity statement published by one entity about another entity MUST NOT contain a metadata claim. I will change 2.1 to reflect that. If it does that claim MUST be ignored.

  2. Log in to comment