|
509 | 509 | <spanx style="verb">kid</spanx> (Key ID) header parameter |
510 | 510 | with its value being the Key ID of the signing key used. |
511 | 511 | </t> |
| 512 | + |
| 513 | + <section anchor="ESClaims" title="Entity Statement Claims"> |
| 514 | + |
512 | 515 | <t> |
513 | 516 | The Claims in an Entity Statement are listed below. |
514 | 517 | Applications and protocols utilizing Entity Statements MAY specify |
|
808 | 811 | </list> |
809 | 812 | </section> |
810 | 813 |
|
| 814 | + </section> |
| 815 | + |
811 | 816 | <section anchor="ESValidation" title="Entity Statement Validation"> |
812 | 817 | <t> |
813 | 818 | Entity Statements MUST be validated in the following manner. |
|
982 | 987 | to validate that this is the fetch endpoint |
983 | 988 | from which the Entity Statement was issued. |
984 | 989 | </t> |
| 990 | + <t> |
| 991 | + If the <spanx style="verb">trust_chain</spanx> header parameter is present, |
| 992 | + validate that its value is a syntactically valid Trust Chain, |
| 993 | + as specified in <xref target="trust_chain"/>. |
| 994 | + The first entry in the Trust Chain |
| 995 | + MUST be an Entity Configuration for this Entity. |
| 996 | + Implementations SHOULD validate that the Entity Identifier |
| 997 | + for the Trust Anchor at the end of the Trust Chain matches |
| 998 | + one of the Trust Anchors configured for the deployment. |
| 999 | + </t> |
| 1000 | + <t> |
| 1001 | + If the <spanx style="verb">peer_trust_chain</spanx> header parameter is present, |
| 1002 | + validate that its value is a syntactically valid Trust Chain, |
| 1003 | + as specified in <xref target="trust_chain"/>. |
| 1004 | + Implementations SHOULD validate that the Entity Identifier |
| 1005 | + for the Trust Anchor at the end of the Trust Chain matches |
| 1006 | + one of the Trust Anchors configured for the deployment. |
| 1007 | + </t> |
985 | 1008 | <t> |
986 | 1009 | If the <spanx style="verb">aud</spanx> Claim is present, |
987 | 1010 | if the Entity Statement is an Explicit Registration request, |
|
1006 | 1029 | Explicit Registration responses |
1007 | 1030 | unless its use is otherwise specified in an extension being employed. |
1008 | 1031 | </t> |
1009 | | - <t> |
1010 | | - If the <spanx style="verb">trust_chain</spanx> header parameter is present, |
1011 | | - validate that its value is a syntactically valid Trust Chain, |
1012 | | - as specified in <xref target="trust_chain"/>. |
1013 | | - The first entry in the Trust Chain |
1014 | | - MUST be an Entity Configuration for this Entity. |
1015 | | - Implementations SHOULD validate that the Entity Identifier |
1016 | | - for the Trust Anchor at the end of the Trust Chain matches |
1017 | | - one of the Trust Anchors configured for the deployment. |
1018 | | - </t> |
1019 | | - <t> |
1020 | | - If the <spanx style="verb">peer_trust_chain</spanx> header parameter is present, |
1021 | | - validate that its value is a syntactically valid Trust Chain, |
1022 | | - as specified in <xref target="trust_chain"/>. |
1023 | | - Implementations SHOULD validate that the Entity Identifier |
1024 | | - for the Trust Anchor at the end of the Trust Chain matches |
1025 | | - one of the Trust Anchors configured for the deployment. |
1026 | | - </t> |
1027 | 1032 | </list> |
1028 | 1033 | </t> |
1029 | 1034 | <t> |
@@ -7840,23 +7845,23 @@ HTTP/1.1 302 Found |
7840 | 7845 | </t> |
7841 | 7846 | </section> |
7842 | 7847 |
|
7843 | | - <section anchor="explicit-registration-response+jwt" |
7844 | | - title='"application/explicit-registration-response+jwt" Media Type'> |
| 7848 | + <section anchor="trust-mark-status-response+jwt" |
| 7849 | + title='"application/trust-mark-status-response+jwt" Media Type'> |
7845 | 7850 | <t> |
7846 | | - The <spanx style="verb">application/explicit-registration-response+jwt</spanx> |
| 7851 | + The <spanx style="verb">application/trust-mark-status-response+jwt</spanx> |
7847 | 7852 | media type is used to specify that the associated content is |
7848 | | - an Explicit Registration response, as defined in <xref target="cliregresp"/>. |
| 7853 | + a Trust Mark Status Response, |
| 7854 | + as defined in <xref target="tm-status-response"/>. |
7849 | 7855 | No parameters are used with this media type. |
7850 | 7856 | </t> |
7851 | 7857 | </section> |
7852 | 7858 |
|
7853 | | - <section anchor="trust-mark-status-response+jwt" |
7854 | | - title='"application/trust-mark-status-response+jwt" Media Type'> |
| 7859 | + <section anchor="explicit-registration-response+jwt" |
| 7860 | + title='"application/explicit-registration-response+jwt" Media Type'> |
7855 | 7861 | <t> |
7856 | | - The <spanx style="verb">application/trust-mark-status-response+jwt</spanx> |
| 7862 | + The <spanx style="verb">application/explicit-registration-response+jwt</spanx> |
7857 | 7863 | media type is used to specify that the associated content is |
7858 | | - a Trust Mark Status Response, |
7859 | | - as defined in <xref target="tm-status-response"/>. |
| 7864 | + an Explicit Registration response, as defined in <xref target="cliregresp"/>. |
7860 | 7865 | No parameters are used with this media type. |
7861 | 7866 | </t> |
7862 | 7867 | </section> |
@@ -11510,6 +11515,10 @@ Host: op.umu.se |
11510 | 11515 | </t> |
11511 | 11516 | <t> |
11512 | 11517 | Made section and figure titles more consistent. |
| 11518 | + </t> |
| 11519 | + <t> |
| 11520 | + Reordered some text to group protocol-independent text together |
| 11521 | + and protocol-specific text together. |
11513 | 11522 | </t> |
11514 | 11523 | <t> |
11515 | 11524 | Applied suggestions from Nat Sakimura improving the descriptions of |
|
0 commit comments