- edited description
[Federation] The entity type constraint should also take into account the roles of intermediate entites
The allowed_leaf_entity_types
constraint lets federation authorities control what kind of entity types (e.g. openid_relying_parties
) leaves can assume. Intermediate entities however can also take such roles, i.e. roles other than federation_entity
. We need to extend this constraint to apply to them as well.
https://openid.bitbucket.io/connect/openid-federation-1_0.html#section-6.2
https://openid.bitbucket.io/connect/openid-federation-1_0.html#section-6.2.3
The proposal is to rename the constraint to allowed_entity_types
and update its definition to apply to any Subordinate, not just Subordinates that are Leaves.
Comments (7)
-
reporter -
to any Subordinate → to any Descendant
-
reporter @Giuseppe De Marco good point. I haven’t taken the new terms that Mike proposed into account.
-
reporter Side question:
How is the
allowed_entity_types=[]
to be interpreted? -
reporter Addressed by PR https://bitbucket.org/openid/connect/pull-requests/706
-
I wouldn’t try to use the new names in the PR until we all agree on what they should be.
-
- changed status to resolved
- Log in to comment
Corrects the constraint name.