From 895408188f80637574eac94388d3e79e4b60c4d2 Mon Sep 17 00:00:00 2001 From: Michael Jones Date: Sat, 7 Sep 2024 16:46:07 -0700 Subject: [PATCH 1/2] Define entity_statement_signing_alg_values_supported metadata parameter --- openid-federation-1_0.xml | 25 ++++++++++++++++++++++++- 1 file changed, 24 insertions(+), 1 deletion(-) diff --git a/openid-federation-1_0.xml b/openid-federation-1_0.xml index ba6529c..208c312 100644 --- a/openid-federation-1_0.xml +++ b/openid-federation-1_0.xml @@ -466,6 +466,9 @@ The Entity Statement is signed using one of the private keys of the issuer Entity in the form of a JSON Web Signature (JWS). + Signing algorithms supported by the Entity MAY be declared using the + entity_statement_signing_alg_values_supported + Federation Entity metadata parameter defined in . Implementations SHOULD support signature verification with the RSA SHA-256 algorithm because OpenID Connect Core requires support for it (alg @@ -1219,6 +1222,14 @@ All Federation Entities MAY publish a federation_historical_keys_endpoint. + + + OPTIONAL. + JSON array containing a list of the JWS signing algorithms + (alg values) + supported by the Entity to sign Entity Statements. + If omitted, the default value is ["RS256"]. + @@ -1228,7 +1239,7 @@
- The following is a non-normative example of the federation_entity Entity Type: + The following is a non-normative example of metadata for the federation_entity Entity Type: Example of federation_entity Entity Type @@ -1241,6 +1252,10 @@ "https://amanita.caesarea.example.com/federation_list", "federation_trust_mark_status_endpoint": "https://amanita.caesarea.example.com/status", "federation_trust_mark_list_endpoint": "https://amanita.caesarea.example.com/trust_marked_list", + "entity_statement_signing_alg_values_supported": [ + "ES256", + "RS256" + ], "organization_name": "Ovulo Mushroom", "homepage_uri": "https://amanita.caesarea.example.com" } @@ -5247,6 +5262,10 @@ Content-Type: application/json "federation_entity": { "contacts": ["ops@sunet.se"], "federation_fetch_endpoint": "https://sunet.se/openid/fedapi", + "entity_statement_signing_alg_values_supported": [ + "ES256", + "ES384" + ], "homepage_uri": "https://www.sunet.se", "organization_name": "SUNET" }, @@ -9403,6 +9422,10 @@ Host: op.umu.se Endpoint URLs are not form-urlencoded in JSON metadata parameter values. + + Fixed #65: Defined entity_statement_signing_alg_values_supported + Federation Entity metadata parameter. + From 0c58e9a048afd121cfb6934ef8de84823c40ca60 Mon Sep 17 00:00:00 2001 From: Michael Jones Date: Sat, 21 Sep 2024 14:05:39 -0700 Subject: [PATCH 2/2] Move history entry to -40 --- openid-federation-1_0.xml | 7 ++----- 1 file changed, 2 insertions(+), 5 deletions(-) diff --git a/openid-federation-1_0.xml b/openid-federation-1_0.xml index 3103db5..3011148 100644 --- a/openid-federation-1_0.xml +++ b/openid-federation-1_0.xml @@ -9844,7 +9844,8 @@ Host: op.umu.se -40 - TBD + Fixed #65: Defined entity_statement_signing_alg_values_supported + Federation Entity metadata parameter. @@ -9858,10 +9859,6 @@ Host: op.umu.se Endpoint URLs are not form-urlencoded in JSON metadata parameter values. - - Fixed #65: Defined entity_statement_signing_alg_values_supported - Federation Entity metadata parameter. - Fixed #52: Clarified that PAR requests must use Request Objects.