openid / connect / issues / #322 - Basic, Messages - Why can't an Issuer Identifier have a path component? — Bitbucket

Issue #322 resolved

Michael Jones created an issue 2011-11-17

Basic and Messages define "Issuer Identifier" as "A verifiable identifier of an Issuer. An issuer Identifier is a HTTPS URL with no path component."

Nowhere do we say why it can't have a path component. We should either say why it can't or allow it.

Comments (6)

Nat Sakimura
- marked as minor
It was a WG consensus.

If the issuer that is different from Javascript origin allows cross issuer scripting, which is not good.
- 2011-11-17T17:52:17+00:00
Nat Sakimura
- assigned issue to
  
  John Bradley
- changed status to open
.well-known and SWD does not allow it.

Certificate is issued to host.
- 2011-11-18T00:16:42+00:00
Nat Sakimura
Issue ~~#325~~ was marked as a duplicate of this issue.
- 2011-12-03T03:02:13+00:00
Nat Sakimura
Issue ~~#331~~ was marked as a duplicate of this issue.
- 2011-12-03T03:03:39+00:00
John Bradley
Simple Web Discovery only supports one endpoint per host.

Host is also what SSL certificates relate to.

Having more than one issuer per host greatly complicates things.
- 2011-12-08T18:47:06+00:00
John Bradley
- changed status to resolved
Fixes ~~#322~~ add security concern re SWD being per host as one reason issuers are per host

→ 1c990c34f093
- 2011-12-08T19:21:18+00:00
Log in to comment

Assignee: John Bradley

Type: bug

Priority: minor

Status: resolved

Component: –

Milestone: –

Version: –

Votes: 0

Watchers: 0

Jira: the preferred issue tracker for Bitbucket. Join the team!