-
assigned issue to
[Federation] Clarify that the metadata_policy is not intended to JSON type check metadata parameters
Issue #2116
resolved
Federation designers may feel tempted to utilise the metadata_policy
to check and validate the JSON value types of metadata parameters. Such checks should be performed at the application layer, after the metadata is obtained from the Trust Chain.
In the case of an OP processing a federated login request from an RP, the OP would obtain from the validated Trust Chain the metadata JSON object for the RP and then parse that with the help of an OIDC specific library to get an application specific object representation of the RP metadata.
Comments (4)
-
-
- changed milestone to Implementer's Draft
-
reporter -
- changed status to resolved
- Log in to comment
It would be good if you could add this clarification during your policy language updates, Vladimir.