[Federation] federation_entity -> federation_authority

Issue #1684 resolved

Takahiko Kawasaki created an issue 2022-10-18

In the OIDC Federation specification, federation_entity is defined as one of metadata type identifiers, and the specification states “All entities participating in a federation are of this type.”

However, considering the fact that the section for the metadata type lists federation_fetch_endpoint, federation_list_endpoint and other endpoints as properties of the metadata type, I think that federation_authority is a better name for the metadata type.

My proposal here is to change the identifier from federation_entitiy to federation_authority and remove the sentence “All entities participating in a federation are of this type.” from the section.

Comments (9)

Giuseppe De Marco
I totally agree with you, and it’s curious because I implemented this same semantic here:
https://github.com/italia/spid-cie-oidc-django/tree/main/spid_cie_oidc/authority

the authority implements the same endpoints the TA and its intermediaries have in common (see authority/views.py, considering that entity/views.py is the common asset for all the federation entities).

however, considering the maturity of the draft and the willing to not introduce any breaking change, I’d be for the removal of the text “All entities participating in a federation are of this type.” even because in a federation and entity can be whatever it wants to be. But not changing federation_entity to federation_authority.

An entity can be a leaf publishing the RP metadata, at the same time an intermediary publishing the fetch endpoint and at the same time a TA for the federation represented by itself, without loosing the possibility to join in other federation as leaf or intermediary.

we may say that all the participants that exposes the federation_entity metadata are able to do federation operations corresponding to the endpoints they publishes. Not at least every participant may expose a resolve endpoint without be considered an authority, and this endpoint is published in federation_entity.

So I’d prefer to work more on the explanatory text and leave the federation metadata schema as it is.
- 2022-10-19T08:43:21+00:00
Giuseppe De Marco
The PR below aims to close this issue
https://bitbucket.org/openid/connect/pull-requests/335/chore-federation-disambiguations-on-the
- 2022-10-19T10:20:23+00:00
Giuseppe De Marco
- assigned issue to
  
  Giuseppe De Marco
- 2022-10-19T10:21:37+00:00
Roland Hedberg
And I don’t agree :-)

The reasoning behind having federation_entity was to have one entity type that all entities belong to allowing us to place common claims in metadata where everyone could find it. Instead of adding another entity type that only carried the endpoints the decision was to go with only one entity type.

So we have the choice of having two types: federation_entity (which encompasses ALL entities in the federation ) and federation_authority (which has the endpoints as claims).

Or to keep it as it is.

Myself, I see no reason to change.
- 2022-10-22T07:40:28+00:00
Andrii Deinega
As a separate note about the naming of elements… the specification uses the “federation_“ prefix for
1. federation_fetch_endpoint
2. federation_list_endpoint
3. federation_resolve_endpoint
which can be found under the federation_entity metadata type identifier. So, we get as an example
```
"federation_entity": {
 "federation_fetch_endpoint": "https://example.com/federation_fetch",
 "federation_list_endpoint": "https://example.com/federation_list",
 "organization_name": "The example cooperation",
 "homepage_uri": "https://www.example.com"
}
```
is that is something necessary to have? It’s clear that they already belong to “federation_entiry“, right? In the meantime, the specification doesn't use “federation_organization_name“, etc.
- 2022-10-24T17:46:28+00:00
Roland Hedberg
In a known universe of endpoint names it is not absolutely necessary to have the prefix ‘federation_’.

But as with URNs its good practice to bind names to domains.
- 2022-10-25T05:55:38+00:00
Andrii Deinega
That’s understandable.

What I wanted to point out is that there are (minor) inconsistencies in the spec, there aren’t element names like “federation_policy_uri“ or “federation_organization_name”.

Speaking of naming things, the Document History section tells me that some name changes took place, there was https://bitbucket.org/openid/connect/issues/1520.
- 2022-10-25T17:39:22+00:00
Giuseppe De Marco
@Andrii Deinega policy_uri and organization_name are not endpoints but entity attributes.

I would like to draw attention to the purpose of this issue, that is to resolve any ambiguities of the federation_entity role in the text of the specification.
I’ll try to find a final solution with the help of Roland in the related PR
- 2022-10-26T22:22:51+00:00
Giuseppe De Marco
- changed status to resolved
Closed via https://bitbucket.org/openid/connect/pull-requests/335/chore-federation-disambiguations-on-the?link_source=email
- 2022-10-29T20:37:13+00:00
Log in to comment

Assignee: Giuseppe De Marco

Type: proposal

Priority: major

Status: resolved

Component: Federation

Milestone: –

Version: –

Votes: 0

Watchers: 4