diff --git a/openid-federation-entity-collection-1_0.md b/openid-federation-entity-collection-1_0.md index d549550..d37b5ea 100644 --- a/openid-federation-entity-collection-1_0.md +++ b/openid-federation-entity-collection-1_0.md @@ -164,7 +164,7 @@ If the responder does not support this feature, it MUST return an error response - **trust_mark_type**: (OPTIONAL) The value of this parameter is a Trust Mark Type Identifier. The result MUST be filtered to include only Entities that publish a Trust Mark of this Trust Mark Type in their Entity Configuration and that Trust Mark MUST be verified by the responder. The responder SHOULD verify the Trust Mark using the same Trust Anchor that is used to collect the Entities. When multiple `trust_mark_type` parameters are present, the result MUST be filtered to include only Entities that have a Trust Mark for all the specified Trust Mark Types. If the responder does not support this feature, it MUST return an error response with the error code `unsupported_parameter` as defined in [Error Response Format](#error-response-format). -- **trust_anchor**: (RECOMMENDED) The Trust Anchor that the collection endpoint MUST use when collecting Entities. The value is an Entity Identifier. If omitted, the responder sets this parameter to its own Entity Identifier. If the responder does not have a defined Entity Identifier, it MUST return an error response with the error code `invalid_request` as defined in [Error Response Format](#error-response-format). +- **trust_anchor**: (RECOMMENDED) The Trust Anchor that the collection endpoint MUST use when collecting Entities. The value is an Entity Identifier. If omitted, the responder sets this parameter to its own Entity Identifier. If the responder does not have a defined Entity Identifier, it MUST return an error response with the error code `invalid_request` as defined in [Error Response Format](#error-response-format). If the requested Trust Anchor is not supported by the responder, it MUST return an error response with the error code `invalid_trust_anchor` as defined in [Error Response Format](#error-response-format). - **query**: (OPTIONAL) The value of this parameter is used by the responder to filter down the list of returned Entities to only entities that match this @@ -305,8 +305,9 @@ If the request was malformed or an error occurred during the processing of the r - **unsupported_parameter**: The server does not support a requested parameter. The HTTP response status code SHOULD be 400 (Bad Request). - **invalid_request**: The request is incomplete or does not comply with current specifications. The HTTP response status code SHOULD be 400 (Bad Request).
- In addition the following error codes defined by this specification MAY be used: + In addition the following error codes defined by this specification MAY be used: - **page_not_found**: The pagination pointer provided in the `from` parameter is not or no longer known to the responder. The HTTP response status code SHOULD be 404 (Not Found). + - **invalid_trust_anchor**: The Trust Anchor cannot be found or used. The HTTP response status code SHOULD be 404 (Not Found). - **error_description**: (REQUIRED) Human-readable text providing additional information used to assist the developer in understanding the error that occurred. The following is a non-normative example of an error response: @@ -538,6 +539,7 @@ and the Geant Trust & Identity Incubator of Geant5-2. -01 * Clarified the description of the `last_updated` response field to specify that it refers to when the responder last traversed or refreshed its federation entity collection. +* Clarified error response if trust_anchor value is not supported. * Clarified the `limit` parameter description by adding a reference to the [Response Limits](#response-limits) section. -00