- edited description
[Federation] The entity type constraint should also take into account the roles of intermediate entites
Issue #2124
resolved
The allowed_leaf_entity_types constraint lets federation authorities control what kind of entity types (e.g. openid_relying_parties) leaves can assume. Intermediate entities however can also take such roles, i.e. roles other than federation_entity. We need to extend this constraint to apply to them as well.
https://openid.bitbucket.io/connect/openid-federation-1_0.html#section-6.2
https://openid.bitbucket.io/connect/openid-federation-1_0.html#section-6.2.3
The proposal is to rename the constraint to allowed_entity_types and update its definition to apply to any Subordinate, not just Subordinates that are Leaves.
Comments (7)
-
reporter
-
to any Subordinate → to any Descendant
-
reporter
@Giuseppe De Marco good point. I haven’t taken the new terms that Mike proposed into account.
-
reporter
Side question:
How is the
allowed_entity_types=[]to be interpreted? -
reporter
Addressed by PR https://bitbucket.org/openid/connect/pull-requests/706
-
I wouldn’t try to use the new names in the PR until we all agree on what they should be.
-
- changed status to resolved
- Log in to comment
- Assignee
- Type
- Priority
- Status
- resolved
- Component
- Federation
- Milestone
- Implementer's Draft
- Version
- –
- Votes
- 0
- Watchers
- 1
Corrects the constraint name.