Define peer_trust_chain to enable Federation Integrity and Metadata Integrity #282
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
selfissued
requested review from
Razumain,
SECtim,
cicnavi,
jcmelati,
peppelinux,
rohe,
vdzhuvinov and
ve7jtb
Collaborator
|
In section 12.2 Explicit Registration it is stated that an RP can submit its Entity Configuration or an entire Trust Chain. If submitting the Trust Chain the Entity Statement representing the RPs Entity Configuration could contain the peer_trust_chain and that Trust Chain would then be matched (to verify that they both ends at the same TA) against the submitted Trust Chain. On the other hand if the RP decides to submit the Entity Configuration there is no Trust Chain for the RP in the request so no matching could be preformed. I think you there for would have to add trust_chain to the registration request claims with the proviso that it should only be added if the request contained the Entity Configuration and not the entire Trust Chain. |
This was referenced Nov 13, 2025
selfissued
temporarily deployed
to
github-pages
GitHub Actions
Inactive
selfissued
temporarily deployed
to
github-pages
GitHub Actions
Inactive
cicnavi
approved these changes
Nov 14, 2025
selfissued
temporarily deployed
to
github-pages
GitHub Actions
Inactive
selfissued
temporarily deployed
to
github-pages
GitHub Actions
Inactive
…hain header parameter
selfissued
temporarily deployed
to
github-pages
GitHub Actions
Inactive
selfissued
temporarily deployed
to
github-pages
GitHub Actions
Inactive
rohe
approved these changes
Nov 19, 2025
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Fixes #100