[Federation] Specify resolve response JWT claims

Issue #1673 resolved
Vladimir Dzhuvinov created an issue

The resolve response spec is missing a formal definition of the claims that go into the JWT:

https://openid.net/specs/openid-connect-federation-1_0.html#name-resolve-response

The example has the following top-level claims:

  • iss - REQUIRED, the the resolve entity ID
  • sub - REQUIRED, the according to the requested “sub”
  • iat - REQUIRED, the JWT issue time or the time when the chain was last refreshed?
  • exp - REQUIRED, the expiration of the trust chain?
  • metadata - REQUIRED, according to the requested “type”, else for all available types?
  • trust_marks - REQUIRED, the collected and successfully validated trust marks
  • trust_chain - OPTIONAL

Comments (3)

  1. Log in to comment