-
Notifications
You must be signed in to change notification settings - Fork 14
Description
Section 3 includes a clause under metadata as follows
When an Entity participates in a federation or federations with one or more Entity Types, its Entity Configuration MUST contain a metadata claim with JSON object values for each of the corresponding Entity Type Identifiers, even if the values are the empty JSON object {} (when the Entity Type has no associated metadata or Immediate Superiors supply any needed metadata).
Having recently done a second implementation of this, I have concerns about the practicality of this. Take the following example:
graph TD;
UkHealth-->Bar;
UkHealth-->Baz;
Baz-->Bin;
Baz-->Bong;
In a Federation containing and listing entity types:
- openid_provider
- openid_relying_party
- federation_entity
In this scenario, this is fine, but let's say Entity UkHealth joins another federation (maybe joining two national health federations together)
graph TD;
HealthManager-->UkHealth;
HealthManager-->IreHealth;
UkHealth-->Bar;
UkHealth-->Baz;
Baz-->Bin;
Baz-->Bong;
IreHealth-->SomeEntity;
IreHealth-->SomeOtherEntity
Let's also say IreHealth contains oauth_client entity type identifiers too (or possibly some custom entity type identifier). As the spec is currently written, all participants in UkHealth will have to now list the oauth_client metadata as {} at the very least to be compliant. As global Federations grow (especially when custom entity identifiers are used), this will quickly become unsustainable and lead to interoperability issues.
I would like to understand why this was added and if we still feel it is needed.
If not, I'd be in favour of dropping this clause.