- edited description
[Federation] `htu` claim and strategy for a fast Trust Chain renewal
Trust Chains expire and need to be renewed periodically.
this requires a federation entity discovery process.
I propose to add in the entity statements the parameter htu
as OPTIONAL, to give the federation_fetch_endpoint url where the JWS was obtained. `htu` is defined in [draft-ietf-oauth-dpop-16].
The same for federation_resolve_endpoint.
unless the federation fetch endpoint of the federation entities involved in the trust chain won’t change the implementers may update a statement, and the entire trust chain, without downloading again the entity configurations of each entity, but just hitting again the URL where the statement was previously available.
Comments (3)
-
reporter -
reporter During the editors' call of the 2 June 2023 we agreed about the value of this parameter and we decided to go ahead with a PR
-
reporter - changed status to resolved
- Log in to comment