Federations 4.3 - Improvements to Trust Marks

As per discussion on the mailing list the Trust Marks feature of OIDC Federations can be used for general purpose trust expressions within a federation.

After reviewing the current writing of the spec the following issues related to trust marks can be addressed:

expression of trusted trust marks issuers. The current writing defines “entity immediately below the trust anchor” which is a very arbitrary and implicit definition, which may not fit real life setups. There should be a way to express it in more explicit and flexible way, which issuers should be trusted. The same for allowance or not of self-issued trust marks.
explicit allowance for extensions (additional claims) withing the trust marks
trust_marks claim is defined twice, differently in entity statement and differently in metadata. If the definition is indeed needed twice, it shall be the same IMHO.

A PR with proposed text: PR 40

‌

Comments (4)