- changed status to open
[federation_api] fetch entity statement - issuer paramenter is really required?
In the federation_api, as described in ”7.1.1. Fetch Entity Statements Request”, it’s required to use the iss parameter.
I’m wondering instead that the iss parameter wouldn’t be mandatory in the fetch request.
The issuer should be the endpoint where request has been submitted. A federation entity, through its fetch endpoint, COULD support the response on behalf of other issuers. The verifier need to obtain the relevant information related to the sub, if available. The issuer is therefore not so relevant to be known a priori, during the request but only in the response.
I believe that only the sub parameter is necessary for fetch operations and that the iss paramenth should be optional if not possibly removed.
Last but not least, an issuer can answer for many subjects. having said that by asking for an iss and omitting the sub, in the url paramenter, shouldn’t we get more than one entity statement, according to a many to one model? This could be no less interesting, but not being able to get this result it might be as well to remove iss as mandatory.
If I have misinterpreted the text, have patience if anything
Comments (7)
-
-
-
assigned issue to
-
assigned issue to
-
reporter -
This was extensively discussed on the 27-Jan-22 working group call. It was decided that “issuer” was the wrong term for the party that's proxying the request and “resolver” would be a better term.
Roland agreed to make these changes. After that, we should re-review the descriptions.
-
-
assigned issue to
- marked as bug
-
assigned issue to
-
reporter -
reporter - changed status to resolved
- Log in to comment
This was discussed during the 16-Dec-21 working group call. Mike wants @John Bradley to do a security review of the possibility of this being optional.