Clarification about Explicit Registration Responses and Entity Statements

openid-federation-1_0.xml

@@ -549,9 +549,6 @@
 	      to sign Subordinate Statements about their Immediate Subordinates,
 	      and for other signatures made by Federation Entities,
 	      such as Trust Mark signatures.
-              This claim is only OPTIONAL for the Entity Statement returned
-              from an OP when the client is doing Explicit Registration;
-              in all other cases, it is REQUIRED.
               Every JWK in the JWK Set MUST have a unique <spanx style="verb">kid</spanx> (Key ID) value.
               It is RECOMMENDED that the Key ID be the JWK Thumbprint <xref target="RFC7638"/>
               using the SHA-256 hash function of the key.
@@ -617,14 +614,14 @@
         </t>
                         </section>
           <section anchor="ec_specific"
-                   title="Claims that MUST or MAY appear in Entity Configurations but not Subordinate Statements">
+                   title="Claims that MUST or MAY appear in Entity Configurations but not in Subordinate Statements">
               <t>
                   <list style="hanging">
             <t hangText="authority_hints" anchor="authority_hints">
               <vspace/>
-              OPTIONAL. An array of strings representing
-              the Entity Identifiers of Intermediate Entities or Trust Anchors
-              that are Immediate Superiors of the Entity.
+              OPTIONAL. An array of strings containing
+              the Entity Identifiers of Immediate Superiors (Trust Anchors or Intermediate Entities)
+              of the Entity which is subject of the Entity Configuration.
               This claim is REQUIRED in Entity Configurations of
               the Entities that have at least one Superior above them,
               such as Leaf and Intermediate Entities.
@@ -752,18 +749,6 @@
               </list></t>
               </section>
 
-            <section title="Claims Specific to Explicit Registration Responses">
-                <list style="hanging">
-            <t hangText="trust_anchor">
-              <vspace/>
-              OPTIONAL.  Its value MUST be the Entity Identifier of the Trust Anchor
-                that the OP selected to process the Explicit Registration request.
-                This claim is specific to Explicit Registration responses and is not a
-                general Entity Statement claim.
-            </t>
-          </list>
-        </section>
-
 	<section anchor="ESValidation" title="Entity Statement Validation">
 	  <t>
 	    Entity Statements MUST be validated in the following manner.
@@ -932,19 +917,6 @@
 		to validate that this is the fetch endpoint
 		from which the Entity Statement was issued.
 	      </t>
-	      <t>
-		If the <spanx style="verb">trust_anchor</spanx> Claim is present,
-		validate that its value is a URL
-		using the <spanx style="verb">https</spanx> scheme.
-		Implementations SHOULD validate that the Entity Identifier matches
-		one of the Trust Anchors configured for the deployment.
-		Furthermore, implementations SHOULD validate that the
-		Entity Configuration for the Entity Identifier contains
-		information compatible with the configured Trust Anchor information
-		- especially the keys.
-		This Claim MUST NOT be present in Entity Statements that are not
-		Explicit Registration responses.
-	      </t>
 	    </list>
 	  </t>
 	  <t>
@@ -4879,7 +4851,7 @@ trust_mark=eyJ0eXAiOiJ0cnVzdC1tYXJrK2p3dCIsImFsZyI6 ...
 	  </t>
 	  <t>
 	    Additional Trust Mark Status claims MAY be defined and used
-	    in addition to the one above.
+	    in addition to those listed above.
 	  </t>
 
           <t>
@@ -6908,8 +6880,8 @@ HTTP/1.1 302 Found
                   <vspace/>
                   REQUIRED.
                   Its value MUST be the Entity Identifier of the OP.
-		  This claim is only used in Explicit Registration requests,
-		  since it is not a general Entity Statement claim.
+		  This claim is used in Explicit Registration requests but it is not
+      a general Entity Statement claim.
                 </t>
                 <t hangText="authority_hints">
                   <vspace/>
@@ -7179,7 +7151,7 @@ HTTP/1.1 302 Found
 		<spanx style="verb">explicit-registration-response+jwt</spanx>
 		(and not <spanx style="verb">entity-statement+jwt</spanx>)
 		to prevent confusion between the Explicit Registration response
-		and normal Entity Statements.
+		and Entity Statements.
               </t>
 	    </section>
 
@@ -7213,8 +7185,12 @@ HTTP/1.1 302 Found
 		  </t>
                   <t>
                     The RP MUST verify that the
-                    <spanx style="verb">trust_anchor</spanx> represents one
-                    of its own Trust Anchors.
+                    <spanx style="verb">trust_anchor</spanx> Entity Identifier matches one
+                    of the Trust Anchors configured for the deployment.
+                    Furthermore, implementations SHOULD validate
+                    that the Entity Configuration for the Entity Identifier contains
+                    information compatible with the configured Trust Anchor information
+                    - especially the keys.
                   </t>
                   <t>
                     The RP MUST verify that at least one of the