Version: | 1.0 |
Date: | 2017-4-12 |
Editor: | Michael Schwartz, Gluu |
Authors: | Janusz Ulanowski,, HEAnet |
Judith Bush, OCLC |
This specification defines terms to enable OTTO federations to facilitate the collaboration of Participants deploying OpenID Connect services.
This document is a draft technical specification produced by the OTTO Work Group. See the Kantara Initiative Operating Procedures for more information.
Copyright © 2017 Kantara Initiative and the persons identified as the document authors. All rights reserved.
This document is subject to the Kantara IPR Policy - Option Patent & Copyright: Reciprocal Royalty Free with Opt-Out to Reasonable And Non discriminatory (RAND) (HTML version).
The Open Trust Taxonomy for Federation Operators ("OTTO") defines an extension mechanism to allow the community to add functionality in a community compatible way. This specification was developed to enable OTTO federations to support OpenID Connect based identity services, and defines all the terms defined in the JSON-LD context file which the extension covers.
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in [RFC2119].
Unless otherwise noted, all protocol properties and values are case sensitive.
Property | Expected Type | Description |
---|---|---|
configuration_endpoint | URI | URL for .well-known/openid-configuration |
metadataStatement | MetadataStatement or array of MetadataStatement | Claims about this OP signed by the federation |
signingKey | Text | Public part of the OP's signing key |
signed_jwks_uri | URL | URL for the OP configuration data |
Property | Expected Type | Description |
---|---|---|
metadataStatement | MetadataStatement or array of MetadataStatement | Signed JWT issued by Federation |
Property | Expected Type | Description |
---|---|---|
additionalType | URL | More specific type for the claim |
oid | Text | IANA object identifier for the attribute |
associatedScope | Scope or array of Scope | This release of this claim is authorized by allowing the respective scope(s) |
Property | Expected Type | Description |
---|---|---|
userClaim | UserClaim or array of UserClaim | Claims released by authorizing this scope |
Property | Expected Type | Description |
---|---|---|
federation | Federation | The federation that issued the MetadataStatement |
metadataStatement | Text | The JWT metadata statement |
Category | Type | Description |
---|---|---|
UserClaim | SchemaCategory | Piece of information about a person |
Scope | SchemaCategory | Authorization to access information about a person |
Acr | SchemaCategory | A workflow for authentication |
OpenID | MetadataCategory | Facilitates search of metadata for a federation |
OP | EntityCategory | Identifies entity as an OpenID Provider |
RP | EntityCategory | Identifies entity as an OpenID Relying Party |
The following people made significant text contributions to the specification:
Additional contributors to this specification include the Kantara OTTO Work Group participants, a list of whom can be found at [OttoWgParticipants].
[RFC2119] | Bradner, S., “Key words for use in RFCs to Indicate Requirement Levels”, BCP 14, RFC 2119, DOI 10.17487/RFC2119, March 1997, <https://www.rfc-editor.org/info/rfc2119>. |
[OttoWgParticipants] | Schwartz, M., “OTTO Participant Roster”, 2016, <http://kantarainitiative.org/confluence/display/OTTO/Participant+roster>. |
Michael Schwartz
(editor)
Gluu
EMail: mike@gluu.org
Janusz Ulanowski,
HEAnet
EMail: janusz.ulanowski@heanet.ie
Judith Bush
OCLC
EMail: bushj@oclc.org