1. OpenID Foundation Avatar OpenID Foundation
  2. WGs
  3. connect
  4. Issues

[Federation] `htu` claim and strategy for a fast Trust Chain renewal

Issue #1947 resolved
Giuseppe De Marco created an issue

Trust Chains expire and need to be renewed periodically.
this requires a federation entity discovery process.

I propose to add in the entity statements the parameter htu as OPTIONAL, to give the federation_fetch_endpoint url where the JWS was obtained. `htu` is defined in [draft-ietf-oauth-dpop-16].

The same for federation_resolve_endpoint.

unless the federation fetch endpoint of the federation entities involved in the trust chain won’t change the implementers may update a statement, and the entire trust chain, without downloading again the entity configurations of each entity, but just hitting again the URL where the statement was previously available.

Comments (3)

  2. Giuseppe De Marco reporter

    During the editors' call of the 2 June 2023 we agreed about the value of this parameter and we decided to go ahead with a PR

  4. Log in to comment
Assignee
Type
enhancement
Priority
major
Status
resolved
Component
Federation
Milestone
Version
Votes
1
Watchers
2
Jira: the preferred issue tracker for Bitbucket. Join the team!