You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardexpand all lines: openid-federation-extended-listing-1_0.md
+17-11
Original file line number
Diff line number
Diff line change
@@ -27,9 +27,9 @@ organization="Raidiam"
27
27
email = "michael.fraser@raidiam.com"
28
28
29
29
[[author]]
30
-
initials="L."
30
+
initials="Ł."
31
31
surname="Jaromin"
32
-
fullname="Lukasz Jaromin"
32
+
fullname="Łukasz Jaromin"
33
33
organization="Raidiam"
34
34
[author.address]
35
35
email = "lukasz.jaromin@raidiam.com"
@@ -41,18 +41,19 @@ fullname="Michael B. Jones"
41
41
organization="Self-Issued Consulting"
42
42
[author.address]
43
43
email = "michael_b_jones@hotmail.com"
44
+
uri = "https://self-issued.info/"
44
45
45
46
%%%
46
47
47
48
.# Abstract
48
49
49
-
This specification acts as an extension to the [@OpenID.Federation]. It outlines methods to interact with a given Federation with a potentially large number of registered Entities, as well as mechanisms to retrieve multiple entity statements along with associated details in a single request.
50
+
This specification acts as an extension to the [@!OpenID.Federation]. It defines methods to interact with a given Federation with a potentially large number of registered Entities, as well as mechanisms to retrieve multiple entity statements along with associated details in a single request.
50
51
51
52
{mainmatter}
52
53
53
54
# Introduction
54
55
55
-
The extending listing endpoint has been created to address two outstanding issues identified in [@OpenID.Federation].
56
+
The extending listing endpoint has been created to address two outstanding issues identified in [@!OpenID.Federation].
56
57
57
58
## Response Size
58
59
@@ -68,7 +69,7 @@ The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "S
68
69
69
70
# Terminology
70
71
71
-
This specification uses the terms "Entity Identifier", "Subordinate Statement", "Trust Anchor", "Intermediate", "Federation Entity", "Entity", "federation_list_endpoint", and "Immediate Subordinate Entity" as defined in [@OpenID.Federation], "NumericDate" as defined in [@!RFC7591].
72
+
This specification uses the terms "Entity Identifier", "Subordinate Statement", "Trust Anchor", "Intermediate", "Federation Entity", "Entity", "federation_list_endpoint", and "Immediate Subordinate Entity" as defined in [@!OpenID.Federation], "NumericDate" as defined in [@!RFC7591].
72
73
73
74
# Extended Subordinate Listing Endpoint
74
75
@@ -96,7 +97,7 @@ The endpoint accepts all parameters defined in the `federation_list_endpoint` in
96
97
| limit | OPTIONAL | Positive Integer | Requested number of results included in the response.<br><br> If this parameter is present, the number of results in the returned list must not be greater than the minimum of the server's upper limit and the value of this parameter.<br><br>If this parameter is not present the server MUST fall back on the upper limit. |
97
98
| updated_after | OPTIONAL | NumericDate | Epoch time constraining the response to include only Entity identifiers with updates at or after this time. <br><br>When absent, there is no cutoff for how long ago updates occurred to Entities being listed.<br><br>When present the `registered`, `updated`, `revoked` MUST be included in the response unless the `audit_timestamps` parameter is set to `false`. ||
98
99
| updated_before | OPTIONAL | NumericDate | Epoch time constraining the response to include only Entity identifiers with updates at or before this time.<br><br>When absent, there is no cutoff before which updates occurred to listed Entities.<br><br>When present the `registered`, `updated`, `revoked` MUST be included in the response unless the `audit_timestamps` parameter is set to `false`. ||
99
-
| claims | OPTIONAL | Array | List of claims to be included in the response for each returned Immediate Subordinate Entity.<br><br> If this parameter is NOT present or it is an empty array, the signed entity statement MUST be the only claim for each Immediate Subordinate Entity<br><br>If this parameter is present and it is NOT an empty array each JSON object that represents the Immediate Subordinate Entity MUST include the requested claims for a subordinate entity statement if available.<br><br>Entities that expose the extended subordinate listing endpoint MUST support all top level statement claims defined in [@OpenID.Federation]. TBD: Support of requests for discrete entity metdata attributes. ||
100
+
| claims | OPTIONAL | Array | List of claims to be included in the response for each returned Immediate Subordinate Entity.<br><br> If this parameter is NOT present or it is an empty array, the signed entity statement MUST be the only claim for each Immediate Subordinate Entity<br><br>If this parameter is present and it is NOT an empty array each JSON object that represents the Immediate Subordinate Entity MUST include the requested claims for a subordinate entity statement if available.<br><br>Entities that expose the extended subordinate listing endpoint MUST support all top level statement claims defined in [@!OpenID.Federation]. TBD: Support of requests for discrete entity metdata attributes. ||
100
101
| audit_timestamps | OPTIONAL | Boolean | Request parameter to control presence of the `registered`, `updated`, `revoked` audit timestamps attributes for all returned Immediate Subordiates.<br><br>If this parameter absent the audit timestamp attributes mentioned above MUST NOT be present unless `updated_after` and/or `updated_before` parameters are present.<br><br>If this parameter is present and set to `true` the response MUST include the above mentioned audit timestamp attributes for each Immediate Subordinate Entity included in the response.<br><br>If this parameter is present and set to `false` the response MUST NOT include the above mentioned audit timestamp attributes for each Immediate Subordinate Entity included in the response. even irrespective whether the `updated_after` and/or `updated_before` request parameters are pressent.<br><br>
101
102
102
103
*Table 1: Additional request parameters accepted by the extended subordinate listing endpoint in addition to the those speficied by the `federation_list_endpoint`*
*Figure 4: Request to list all entities and only include trust marks in the response.*
133
134
134
-
# Extended Subordinate Listing Response
135
+
##Extended Subordinate Listing Response
135
136
136
137
A successful response MUST use the HTTP status code 200 with the content type `application/json`. The response body is a JSON object containing data specified in the table below.
137
138
@@ -142,7 +143,7 @@ A successful response MUST use the HTTP status code 200 with the content type `a
142
143
143
144
*Table 2: Top-level attributes included in the subordinate JSON object returned in the response body*
144
145
145
-
Each JSON object in the returned `immediate_subordinate_entities` array MAY contain attributes from the sets defined for Entity Statements and Metadata in [@OpenID.Federation] as well as those defined in the table below.
146
+
Each JSON object in the returned `immediate_subordinate_entities` array MAY contain attributes from the sets defined for Entity Statements and Metadata in [@!OpenID.Federation] as well as those defined in the table below.
In order for entities to advertise the new endpoint, a new property has been defined adding to the existing set of Federation Entity Metadata as defined in [@OpenID.Federation].
230
+
In order for entities to advertise the new endpoint, a new property has been defined adding to the existing set of Federation Entity Metadata as defined in [@!OpenID.Federation].
0 commit comments