[Federation] Support explicit client registration request with Trust Chain
Proposal by @Torsten Lodderstedt to support explicit client registration by passing a complete Trust Chain instead of an Entity Configuration only:
https://bitbucket.org/openid/connect/pull-requests/286#comment-325466353
The processing is identical to the optional trust_chain
parameter in automatic registration.
Comments (7)
-
reporter -
application/x-www-form-urlencoded
with a form parametertrust_chain
with a value in the format of JSON array (likeauthorization_details
defined in RAR), for example? -
- changed status to open
On the 25-Aug-22 Federation Editors' Call, @Giuseppe De Marco agreed to create a new PR to do this. We agreed to not repeat the Entity Statement if it is already included in the trust chain. So one could register either with an Entity Configuration or a trust chain.
-
I’d wait for the merge of https://bitbucket.org/openid/connect/pull-requests/286 before add trust_chain also in the explicit client registration.
The registration request can be submitted with two different Content-Type:
application/entity-statement+jwt
andapplication/json
The first contains the Entity Configuration of the requesting RP, the second is an json array containing the sequence of statements that forms the trust_chain.the ordering of the trust chains statements is described in the Trust Chain Section.
-
-
assigned issue to
-
assigned issue to
-
This issue will be closed by this PR
https://bitbucket.org/openid/connect/pull-requests/297/feat-federation-trust-chain-in-explicit -
- changed status to resolved
- Log in to comment
HTTP requests with a trust chain will need to have a new Content-Type defined.
For HTTP requests with an Entity Configuration the Content-Type is
application/entity-statement+jwt