[Federation][resolve entity endpoint] proof of the jwks collected from jwks_uri or signed_jwks_uri

Following the requirement exposed here: https://bitbucket.org/openid/connect/issues/1479/federation-op-metadata-jwks-claim

In view of the impossibility of obtaining the jwks claim within the metadata of the OPs and AS, I would like to propose the possibility of obtaining, optionally, the certificates obtained by jwks_uri and signed_jwks_uri in the resolve entity response.

This would result in a signed proof by a trusted third party of trust marks, final metadata, trust_chain (as explained here) and with this proposal to additionally obtain jwks taken from a url.

Comments (2)