Roland Hedberg with Catalogix and the OpenID Foudation provided an update on OpenID Connect Federation at the OIDF Workshop at Verizon Media on Monday, September 30, 2019 in Sunnyvale, CA.
3. Trusted information
• Correctness
• Tamper resistance
• Policy conformant
• Based on a trusted 3rd party
(trust anchor)
• Expressed in a trust chain
4. Information model
• Everyone, or someone representing an entity, publish self-
signed entity statements with metadata statement
• Intermediates and trust anchors publish metadata policies
about subordinates.
7. A simple example
If we have an RP that belongs to
organization A that is a member of
federation F, the trust chain for such
a setup will contain the following
entity statements
1. A self-signed entity statement about the
RP published by the RP
2. An entity statement about the RP
published by Organization A
3. An entity statement about Organization
A published by Federation F
RP OP
1
2
3
14. Client registration methods
• Automatic
• The client perfoms no registration, instead it sends an authorization request
with client_id == entity_id and client authentication method private_key_jwt.
• The OP needs to fetch the RP’s self-signed entity statement.
• Explicit
• The client does a client registration. The OP responds with a entity
statement about the RP with a metadata policy.
• The RP provides the OP with the self-signed entity statement in the body of
the client registration request
15. Status
• Implementations
• Python
• Java being worked on
• Hackathon at TechEX19 in december
• https://github.com/rohe/oidcfederation (bleeding edge)
Please review !