-
assigned issue to
federation_entity metadata
The federation_entity metadata contains all optional claims. I would propose to consider organization_name as required. I would also add logo_uri as optional.
Comments (7)
-
-
Because
organization_name
isn’t necessary for the protocol to function, I would suggest making this RECOMMENDED. I’m fine adding an optionallogo_uri
. -
reporter Michael, I really appreciate your response and I understand that organitation_name is not necessary for the protocol to work. For this reason I proposed to have also logo_uri in the federation_entity metadata. Currently we have it in the RP/OP metadata but I’d prefer to have only the claims required for the protocol in the RP/OP metadata. However, I believe that OIDC Federation should not only consider the protocol aspects, but also the onboarding aspects. For example, in an e-government federation, it is necessary for an entity in the federation to be recognizable as an organization in the real world, otherwise it cannot be part of the federation (think, for example, of the legal implications in this context). It is clear that the standard needs to address all use cases, and probably for this reason it may be worthwhile in the future to introduce an i-gov profile for OIDC Federation as well.
-
@Francesco Marino we discussed about this issues during the last Connect A/B call.
the decision was that a claim that’s not required for federation operations should not be considered as required.The implication of making a parameter as required impacts on all the implementations. As you mentioned we can define this parameter as required in a specific implementation profile.
The italian implementation is an implementation profile of Federation, in it we have forced the parameters logo_uri and organization_name for OPs, giving to RPs a safe method for building the list of OPs, in the authorization button/page, with a good UI.
A pull request will follow this thread providing logo_uri in the federation_entity parameters. If you want to suggest other parameter feel free to put your ideas in this thread , each of these will be considered and commented and if approvals is reached it will merged in the PR. Thank you for this precious contribution
-
The PR below closes this issue
https://bitbucket.org/openid/connect/pull-requests/352/feat-federation-federation_entity-org-name -
reporter Yes, I understand. It was just to give you a rational behind this issue. With logo_uri I think we have all we need (we already have policy_uri in the federation_entity metadata). Thanks.
-
- changed status to resolved
- Log in to comment