-
Notifications
You must be signed in to change notification settings - Fork 14
Closed
Description
When running the Conformance Tests I stumbled upon a question.
The testing instructions include the following:
entity_identifier
The entity identifier for the primary federation entity under test, which could be a leaf, an intermediate or a trust_anchor.
trust_anchor
The intended trust anchor for the entity specified by the entity_identifier. If the federation entity under test is a trust anchor, this field will be equal to the entity_identifier field.
So I tried to use a Trust Anchor in entity_identifier, i.e. entity_identifier==trust_anchor.
For this case the resolve test failed with my implementation, because my resolver implementation did not resolve a trust chain from TA to TA.
So I wondered what others are thinking. Is this something a resolver should do or not? Or more general can there be a Trust Chain from an entity to itself?
I would say that the definition of Trust Chain does not allow this. (Also it does not really make sense since the trust anchor is trusted out of band).
Metadata
Metadata
Assignees
Labels
No labels