Definition of the Entity Statement

Giuseppe De Marco

In the Italian oidc fed 1.0 wg, we found the following difficulties in reading and interpreting the text:

mismatch between metadata and entity statement, the reader tends to confuse the two
creation of the trust chain. This is an essential aspect of the specification and to date is divided into two separate sections, 8.2 and 3.2. Perhaps it would be useful to "consolidate" a single section dedicated to the composition and validation of the chain, without requiring the reader to jump from one section to another to join the pieces.

I share with some notes here.
On point 1, on entity statement vs metadata we preferred this extreme disambiguation, as follows:

“““
In the OIDC Federation we use entity statements instead of metadata, an entity statement is a metadata described in a federative context.
”””

On point 2, we found that the following definition was very effective for our readers
”””
A trust anchor or intermediary may shape its policy on critical parts of the entity statements of its descentants, allowing them to be free to update their configuration without having to update it in a central register, except the public key, which cannot be changed without first being propagated to the trust anchor or intermediary
”””

2021-12-13T09:15:11+00:00

Comments (5)

Giuseppe De Marco
In the Italian oidc fed 1.0 wg, we found the following difficulties in reading and interpreting the text:
1. mismatch between metadata and entity statement, the reader tends to confuse the two
2. creation of the trust chain. This is an essential aspect of the specification and to date is divided into two separate sections, 8.2 and 3.2. Perhaps it would be useful to "consolidate" a single section dedicated to the composition and validation of the chain, without requiring the reader to jump from one section to another to join the pieces.
I share with some notes here.
On point 1, on entity statement vs metadata we preferred this extreme disambiguation, as follows:

“““
In the OIDC Federation we use entity statements instead of metadata, an entity statement is a metadata described in a federative context.
”””

On point 2, we found that the following definition was very effective for our readers
”””
A trust anchor or intermediary may shape its policy on critical parts of the entity statements of its descentants, allowing them to be free to update their configuration without having to update it in a central register, except the public key, which cannot be changed without first being propagated to the trust anchor or intermediary
”””
- 2021-12-13T09:15:11+00:00
Michael Jones
- changed status to open
Mike to propose updated definition text.
- 2021-12-16T19:09:29+00:00
Michael Jones
- assigned issue to
  
  Michael Jones
- 2021-12-16T19:09:51+00:00
Michael Jones
Will be fixed by https://bitbucket.org/openid/connect/pull-requests/159 .
- 2022-04-20T18:42:40+00:00
Michael Jones
- changed status to resolved
Fixed by https://bitbucket.org/openid/connect/pull-requests/159
- 2022-05-02T18:07:00+00:00
Log in to comment