-
Notifications
You must be signed in to change notification settings - Fork 3
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
fix: clarification about metadata in subordiante statements #26
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Approved with suggestions
Co-authored-by: Michael B. Jones <[email protected]>
openid-federation-wallet-1_0.md
Outdated
@@ -421,7 +421,7 @@ These modifications allow a federation authority, such as a Trust Anchor, to app | |||
|
|||
The key difference between `metadata` and `metadata_policy` is that metadata directly affects only the Immediate Subordinate Entity, while `metadata_policy` impacts the configuration of all Subordinate Entities along a Trust Chain, as defined in Sections 5 and 6.1 of [@!OpenID.Federation]. | |||
|
|||
This distinction positions the `metadata` parameter as an ideal tool for federation authorities managing entity registrations and needing to sanitize Leaves configurations in an arbitrary way. The Trust Anchor (TA) and Intermediate (INT) sanitize an Entity Configuration during technical tests and finalize it by setting specific metadata parameters. | |||
The `metadata` parameter allows federation authorities managing Immediate Subordinates' registrations to sanitize their configurations in an arbitrary way, without necessarily using the policy language in the `metadata_policy` parameter. The Trust Anchor (TA) and Intermediate (INT) sanitize an Entity Configuration and finalize it by setting specific metadata parameters. The `metadata` parameter value updates all the matching parts of the `metadata` JSON object contained within the Subordinate Entity Configuration. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The `metadata` parameter value updates all the matching parts of the `metadata` JSON object
@selfissued we should say here that it updated if any matching, otherwise it add the unmatching parameters.
Co-authored-by: Michael B. Jones <[email protected]>
This PR adds an additional details about applying metadata parameters to immediate subordinates using subordinate statements