federation_entity metadata

Comments (7)

1. 

   Giuseppe De Marco

   • assigned issue to
     
     Giuseppe De Marco

   • 2022-11-03T14:26:15+00:00
2. 

   Michael Jones

   Because organization_name isn’t necessary for the protocol to function, I would suggest making this RECOMMENDED. I’m fine adding an optional logo_uri.

   • 2022-11-03T14:29:59+00:00
3. 

   Francesco Marino reporter

   Michael, I really appreciate your response and I understand that organitation_name is not necessary for the protocol to work. For this reason I proposed to have also logo_uri in the federation_entity metadata. Currently we have it in the RP/OP metadata but I’d prefer to have only the claims required for the protocol in the RP/OP metadata. However, I believe that OIDC Federation should not only consider the protocol aspects, but also the onboarding aspects. For example, in an e-government federation, it is necessary for an entity in the federation to be recognizable as an organization in the real world, otherwise it cannot be part of the federation (think, for example, of the legal implications in this context). It is clear that the standard needs to address all use cases, and probably for this reason it may be worthwhile in the future to introduce an i-gov profile for OIDC Federation as well.

   • 2022-11-05T10:57:10+00:00
4. 

   Giuseppe De Marco

   @Francesco Marino we discussed about this issues during the last Connect A/B call.
   the decision was that a claim that’s not required for federation operations should not be considered as required.

   The implication of making a parameter as required impacts on all the implementations. As you mentioned we can define this parameter as required in a specific implementation profile.

   The italian implementation is an implementation profile of Federation, in it we have forced the parameters logo_uri and organization_name for OPs, giving to RPs a safe method for building the list of OPs, in the authorization button/page, with a good UI.

   A pull request will follow this thread providing logo_uri in the federation_entity parameters. If you want to suggest other parameter feel free to put your ideas in this thread , each of these will be considered and commented and if approvals is reached it will merged in the PR. Thank you for this precious contribution

   • 2022-11-05T23:16:54+00:00
5. 

   Giuseppe De Marco

   The PR below closes this issue
   https://bitbucket.org/openid/connect/pull-requests/352/feat-federation-federation_entity-org-name

   • 2022-11-06T10:36:06+00:00
6. 

   Francesco Marino reporter

   Yes, I understand. It was just to give you a rational behind this issue. With logo_uri I think we have all we need (we already have policy_uri in the federation_entity metadata). Thanks.

   • 2022-11-06T10:48:31+00:00
7. 

   Giuseppe De Marco

   • changed status to resolved

   Closed via https://bitbucket.org/openid/connect/pull-requests/352

   • 2022-11-11T16:34:13+00:00
8. Log in to comment