OIDC issuer should return metadata regarding its identity #206
Comments
|
OIDC defines OP metadata in https://openid.net/specs/openid-connect-discovery-1_0.html#ProviderMetadata |
|
Thanks for the reply @elf-pavlik |
Only partially, and there, the purpose was constrained by a need to represent a client identifier document as JSON-LD. The discussion related to #199 (using the OpenID Federation specification) would potentially remove the need for this JSON-LD mapping entirely. Is there a particular reason you need OAuth2/OpenID Connect terms explicitly defined as IRIs? |
All entities involved in the Solid ecosystem, including identity providers, should provide at least basic information regarding their identity and contact information if they want to be compliant with data protection regulations. While is not the job of the Solid specs to describe/enforce this, at least a mention to it (maybe in the Privacy Considerations section of the specs?) should be made. |
|
The issuer entity already has a URI. This is encoded as the My earlier question was more centered around why expressing (for example) |
Hi.
I have been reading the Solid-OIDC and Solid-OIDC Primer specifications and I don't find any information regarding the
solid:oidcIssuerinformation that should be publicly available.I think it would make sense to specify that a request made to the
solid:oidcIssuerURI should return information on the identity of the issuer, e.g, the entity responsible for the domain, the entity responsible for hosting, contact information, privacy policy, terms & conditions, what data is necessary to create a WebID (email account,...) and so on.The text was updated successfully, but these errors were encountered: