-
Notifications
You must be signed in to change notification settings - Fork 14
Clarify requirement for exp time in Trust Anchor Entity Configuration #200
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Clarify requirement for exp time in Trust Anchor Entity Configuration #200
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Copilot wasn't able to review any files in this pull request.
Files not reviewed (1)
- openid-federation-1_0.xml: Language not supported
|
Some observations
Fast, resilient, highly available trust circulation matters to keeping TCO as low as possible for all involved. |
peppelinux
left a comment
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I only suggest to reduce the words as my previous comment
selfissued
left a comment
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
"SHOULD ensure" doesn't sound actionable to me.
The existing wording seems equivalent to yours, but seems clearer to me.
What are you trying to achieve with this rewording?
Co-authored-by: Giuseppe De Marco <demarcog83@gmail.com>
|
@selfissued with the rewording I am trying to avoid any confusion that the phrase "The Trust Anchor SHOULD set an expiration time on its Entity Configuration" brings regarding making it appear as the |
|
@peppelinux merged your correction |
openid-federation-1_0.xml
Outdated
| A Trust Anchor MUST publish an Entity Configuration about itself. The expiration | ||
| time (exp) set on this Entity Configuration SHOULD ensure that federation participants | ||
| re-fetch it at reasonable intervals. When a Trust Anchor rolls over its signing keys, it needs to: |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
| A Trust Anchor MUST publish an Entity Configuration about itself. The expiration | |
| time (exp) set on this Entity Configuration SHOULD ensure that federation participants | |
| re-fetch it at reasonable intervals. When a Trust Anchor rolls over its signing keys, it needs to: | |
| A Trust Anchor MUST publish an Entity Configuration about itself. | |
| The expiration time (exp) set on this Entity Configuration should be chosen | |
| such that it ensures that federation participants re-fetch it at reasonable intervals. | |
| When a Trust Anchor rolls over its signing keys, it needs to: |
I get it. Hopefully this slightly updated wording fits the bill.
Co-authored-by: Michael B. Jones <michael_b_jones@hotmail.com>
|
@peppelinux can you re-review? |
PR to address #199