5.2 (te) Discovery and the destination RP
Issue #1220
open
In the current 5.2 Discovery, it is stated that the “Relying Party has already obtained configuration information about the OpenID Claims Provider”. In many cases, this is not the case and it probably is an unnecessary pre-condition. The relying party does not have to have the knowledge of where the CPs are.
This discovery text seems to apply to the OP that acts as an RP to the CP that acts as an OP.
Since the claims aggregation model is a combination of two sequential OP-RP relationships, the terminology just in the text gets very confusing. We should probably reserve OP and RP as roles and define distinct actor names of the intermediary OP (e.g. SIOP) and the final destination RP. Perhaps CP (Claims Provider), IdP (Intermediary OP, wallet), SP (Service Provider)?
Comments (2)
-
-
reporter
- changed status to open
PR 17
- Log in to comment
- Assignee
- –
- Type
- Priority
- Status
- open
- Component
- Claims Aggregation
- Milestone
- –
- Version
- –
- Votes
- 0
- Watchers
- 1
I agree with these observations, with the credential provider draft we have found the same issue because the intermediate component acts as both an RP in one flow (obtaining the claims from the CP) and an OP in the other (controlling the release of the claims to the end RP) it becomes confusing. We chose to give this component the name “holder” and clarify during the two flows what core OIDC role (RP/OP) it is assuming in those contexts. We are not married to that term however if there is a better one.