As a part of https://shibboleth.atlassian.net/browse/JOIDC-21#icft=JOIDC-21 it was noticed that the mechanism to have policy inside the access tokens for dynamic client registration is useful outside the tokens too: the deployers should also have control to configure accepted dynamic client registration request values. Also with the open dynamic client registration, i.e. when the RPs are not authenticated at all.
The OpenID Connect Federation 1.0 [1] (currently draft 17, September 2021) defines Metadata Policy (see section 5.1) that fits our needs even though we're not currently implementing the federation policy nor API. The implementation should be placed in the commons library in order to serve both the OP and the upcoming RP plugins.
As a part of https://shibboleth.atlassian.net/browse/JOIDC-21#icft=JOIDC-21 it was noticed that the mechanism to have policy inside the access tokens for dynamic client registration is useful outside the tokens too: the deployers should also have control to configure accepted dynamic client registration request values. Also with the open dynamic client registration, i.e. when the RPs are not authenticated at all.
The OpenID Connect Federation 1.0 [1] (currently draft 17, September 2021) defines Metadata Policy (see section 5.1) that fits our needs even though we're not currently implementing the federation policy nor API. The implementation should be placed in the commons library in order to serve both the OP and the upcoming RP plugins.
[1] https://openid.net/specs/openid-connect-federation-1_0.htm