How to enable Resolve Entity Statement endpoint also for leafs?
Issue #1463
resolved
In section 4.6 we read that federation_resolve_endpoint is intended for federation_entity only.
We’re considering to ask to all the OpenID Connect Providers to expose this endpoint to let anyone knowns which RPs have been registered to them and, in case of fault, diagnose if a problem of metadata alignment occourred and an estimate about when the trust chain for the faulty RP may be renewed by the Provider.
This may reduce the tickets and the email to be sent between the parties to check the cause of the problem. The resolve entity endpoint will make the cause of the problem widely clear
Comments (3)
-
-
reporter Thank you, formally all POs will also become federative entities, based on their metadata. Okay,
-
reporter - changed status to resolved
- Log in to comment
Any entity in a federation can have several roles.
It’s absolutely possible for an entity to be both an openid_provider and a federation_entity.
Another example of entities with multiple roles are trust anchors that can be both federation_entities and trust_mask_issuer.
My point being that allowing OPs to also be federation entities are already permitted by the specification.