You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
This specification acts as an extension to the [@!OpenID.Federation]. It defines methods to interact with a given Federation with a potentially large number of registered Entities, as well as mechanisms to retrieve multiple Entity Statements along with associated details in a single request.
50
+
This specification acts as an extension to the [@!OpenID.Federation]. It defines methods to interact with a given Federation with a potentially large number of registered Entities, as well as mechanisms to retrieve multiple Subordinate Statements along with associated details in a single request.
51
51
52
52
{mainmatter}
53
53
@@ -57,11 +57,11 @@ The Federation Extended Subordinate Listing endpoint has been created to address
57
57
58
58
## Response Size
59
59
60
-
The standard `federation_list_endpoint` has limitations when Entities are able to issue Entity Statements for an exceptionally large number of Entities. Limitations can be encountered both when attempting to process receiving such a large response as well as more technical limitations such as response sizes of infrastructure. Pagination has been proposed as a solution for this.
60
+
The standard `federation_list_endpoint` has limitations when Entities are able to issue Subordinate Statements for an exceptionally large number of Entities. Limitations can be encountered both when attempting to process receiving such a large response as well as more technical limitations such as response sizes of infrastructure. Pagination has been proposed as a solution for this.
61
61
62
62
## Bulk Retrieval
63
63
64
-
For certain usecases, such as mass registration, consumers may encounter challenges when attempting to retrieve information on multiple Entities. A flow with the standard `federation_list_endpoint` may involve a request to the list endpoint followed by a series of subsequent requests to retrieve an Entity Statement for each listed Entity resulting in an N+1 operation. The Federation Extended Subordinate Listing endpoint seeks to solve this by providing a mechanism to include additional metadata for Entities in the provided list.
64
+
For certain usecases, such as mass registration, consumers may encounter challenges when attempting to retrieve information on multiple Entities. A flow with the standard `federation_list_endpoint` may involve a request to the list endpoint followed by a series of subsequent requests to retrieve a Subordinate Statement for each listed Entity resulting in an N+1 operation. The Federation Extended Subordinate Listing endpoint seeks to solve this by providing a mechanism to include additional metadata for Entities in the provided list.
65
65
66
66
## Requirements Notation and Conventions
67
67
@@ -97,7 +97,7 @@ The endpoint accepts all parameters defined in the `federation_list_endpoint` in
97
97
| limit | OPTIONAL | Positive Integer | Requested number of results included in the response.<br><br> If this parameter is present, the number of results in the returned list SHOULD NOT be greater than the minimum of the server's upper limit and the value of this parameter.<br><br>If this parameter is not present the server MUST fall back on the upper limit. |
98
98
| updated_after | OPTIONAL | NumericDate | Epoch time constraining the response to include only Entity identifiers with updates at or after this time. <br><br>When absent, there is no cutoff for how long ago updates occurred to Entities being listed.<br><br>When present the `registered`, `updated`, `revoked` MUST be included in the response unless the `audit_timestamps` parameter is set to `false`. ||
99
99
| updated_before | OPTIONAL | NumericDate | Epoch time constraining the response to include only Entity identifiers with updates at or before this time.<br><br>When absent, there is no cutoff before which updates occurred to listed Entities.<br><br>When present the `registered`, `updated`, `revoked` MUST be included in the response unless the `audit_timestamps` parameter is set to `false`. ||
100
-
| claims | OPTIONAL | Array | List of claims to be included in the response for each returned Immediate Subordinate Entity.<br><br> If this parameter is NOT present or it is an empty array, the Entity Statement MUST be the only claim for each Immediate Subordinate Entity<br><br>If this parameter is present and it is NOT an empty array each JSON object that represents the Immediate Subordinate Entity MUST include the requested claims for a Subordinate Entity Statement if available.<br><br>Entities that expose the Federation Extended Subordinate Listing endpoint MUST support all top level statement claims defined in [@!OpenID.Federation]. TBD: Support of requests for discrete Entity metadata attributes. ||
100
+
| claims | OPTIONAL | Array | List of claims to be included in the response for each returned Immediate Subordinate Entity.<br><br> If this parameter is NOT present or it is an empty array, the response SHOULD NOT contain any claims for a Subordinate Statement.<br><br>If this parameter is present and it is NOT an empty array each JSON object that represents the Immediate Subordinate Entity MUST include the requested claims for a Subordinate Statement if available.<br><br>Entities that expose the Federation Extended Subordinate Listing endpoint MUST support all top level statement claims defined in [@!OpenID.Federation]. TBD: Support of requests for discrete Entity metadata attributes. ||
101
101
| audit_timestamps | OPTIONAL | Boolean | Request parameter to control presence of the `registered`, `updated`, `revoked` audit timestamps attributes for all returned Immediate Subordiates.<br><br>If this parameter absent the audit timestamp attributes mentioned above MUST NOT be present unless `updated_after` and/or `updated_before` parameters are present.<br><br>If this parameter is present and set to `true` the response MUST include the above mentioned audit timestamp attributes for each Immediate Subordinate Entity included in the response.<br><br>If this parameter is present and set to `false` the response MUST NOT include the above mentioned audit timestamp attributes for each Immediate Subordinate Entity included in the response, even irrespective whether the `updated_after` and/or `updated_before` request parameters are present.<br><br>
102
102
103
103
*Table 1: Additional request parameters accepted by the Federation Extended Subordinate Listing endpoint in addition to the those specified by the `federation_list_endpoint`*
@@ -148,7 +148,7 @@ Each JSON object in the returned `immediate_subordinate_entities` array MAY cont
| id | REQUIRED | Entity Identifier | Entity Identifier for the subject entity of the current record. |
151
-
|entity_statement| OPTIONAL | String |Signed entity statement for the Subordinate Entity as issued by the Entity that exposes the Federation Extended Subordinate Listing endpoint.<br><br>This `entity_statement` attribute SHOULD be returned if the `claims` parameter is NOT present in the request or it is present but the array is empty.<br><br>This `entity_statement` attribute MUST NOT be returned if the `claims` parameter is NOT present in the request or it is present but the array is empty. |
151
+
|subordinate_statement| OPTIONAL | String |Subordinate Statement for the Immediate Subordinate Entity as issued by the Entity that exposes the Federation Extended Subordinate Listing endpoint.<br><br>This `subordinate_statement` attribute MUST be returned if the `claims` parameter is present and contains `subordinate_statement`. It MUST NOT be returned if the `claims` parameter is present but the array does not contain `subordinate_statement`. |
152
152
| trust_marks, metadata, and/or other selected statement claims | OPTIONAL | N/A | Selected Immediate Subordinate claims as requested with the `claims` request attribute. <br><br>These attributes MUST NOT be returned if the `claims` parameter is NOT present in the request or it is present but the array is empty. |
153
153
| registered | OPTIONAL | Number | Time when the Entity was registered with the issuing party using NumericDate format. |
154
154
| updated | OPTIONAL | Number | Time when the Entity was updated using the time format defined for the `iat` claim in [@!RFC7519]. This parameter MAY indicate that the Federation Entity Keys or metadata policies or constraints about this Entity was updated. |
*Figure 8: A Trust Anchor returns the results list consisting of thousand Immediate Subordinate Entities, along with the next Entity id that the next page starts with, in response to the request to list all immediate Subordinate Entities.*
265
+
*Figure 8: A Trust Anchor returns the results list consisting of thousand Immediate Subordinate Entities, along with the next Entity id that the next page starts with, in response to the request to list all Immediate Subordinate Entities.*
266
266
267
267
```
268
268
GET /list_extended?from_entity_id=https://1000.example.net HTTP/1.1
0 commit comments