• Lot of interest on OIDCFed, plenty of people during the discussions
• Shibboleth OIDC extension: some interest, but to have it taken into consideration for testing it needs the authorization code flow – due in mid march

Endpoints and processes for the signing service:

# 1. Enrollment

Out of band connection

get an access_token in order to use the MDSS

#  2. Metadata_statements creation/update

##  metadata_statements signing request ENDPOINT

(OAuth2 protected)

POST /mdss/entity

{

    "signing_keys": ...,

    "claims": ...,

    "access_token": ...

}

return a signed metadata_statement and the entity ID

## Update signing_keys in the metadata_statement ENDPOINT

(OAuth2 protected)

PUT /mdss/entity/id

JSON payload

{

 "signing_keys": ...

}

return a signed metadata_statement

## Update claims in the metadata_statement ENDPOINT

(OAuth2 protected)

PUT  /mdss/entity/id

json payload

return a signed metadata_statement

# 3. Get a  (resigned) metadata_statement ENDPOINT

(public)

GET  /mdss/entity/id

return a metadata_statement signed by the MDSS_FO

GET  /mdss/entity/id?superiors=[sup1,sup2]

return an ms signed by the MDSS_FO plus the inner ms

# 4. Superior

Out of band configuration