The
TokenIssuerEndpoints element should be redefined to refer to the metadata
provider’s endpoints for token issuance, as opposed to the endpoints of
an issuer trusted by the metadata provider.
Proposal:
Update section 3.1.6
TokenIssuerEndpoins Element as follows.
3.1.6 TokenIssuerEndpoins
Element
The optional <fed:TokenIssuerEndpoints> element allows a federation metadata
provider to specify the endpoint address of a trusted STS (or addresses of
functionally equivalent STSs) which can be used referenced by federated partners when requesting
tokens to be consumed by the metadata provider from it. This element populates the [Federation Metadata]
property. This is specified only by any Relying
Party (e.g. token issuers, security token services, and service providers). This is typically a
service-level statement but can be an endpoint-level statement. This element
MAY be specified even if the <fed:TokenIssuerName> element is specified.