"Self-Issued OP Request" may deserve a definition

Issue #1407 resolved
Nat Sakimura created an issue

The term “Self-Issued OP Request” appears 13 times in this document. However, it is not formally defined and only described at the beginning of Clause 5.

OpenID Connect Authentication Request that results in an End-User providing an ID Token to the Relying Party through the Self-Issued OP

I am not even sure if this description is correct. For example, if the user denial or other things resulting an error, would that request now become something else than Self-Issued OP Request? Probably not.

It probably would be better to introduce it as a defined term. A bit of generalization would help to make it consistent.

Proposal:

Introduce the following as a defined term.

Self-Issued OP Request
OpenID Connect Authentication Request to a Self-Issued OP

Change the beginning of Clause 5 as follows:

Self-Issued OP Request results in the provision of ID Token to the requesting Relying Party when End-User authentication succeeds and the End-User provides necessary grant.

Comments (3)

  1. Kristina Yasuda

    Editors believe this is an editorial issue and does not change normative language. PR will be created to be merged before official Implementer’s draft voting period begins on Feb 1st.

  2. Log in to comment