[Openid-specs-ab] Definition of required and optional claims? Handling?

Roland Hedberg roland.hedberg at adm.umu.se
Fri Apr 20 06:36:34 UTC 2012


13 apr 2012 kl. 01:55 skrev Henrik Biering:

> I strongly disagree in treating a missing required claim as an error!


So a required claim can be missing for basically two reasons:
1) The IdP can't release the information, because it doesn't have it or because it can't due to IdP attribute release policies
2) The user decides not to divulge the information

Regarding 2, the user should be made aware by the GUI on the IdP side what will happen
if the information is not release. If he/she still persists in refusing to allow the claim to be sent.
The user will know that the authorization will fail.

The question is how the RP learns about what happened.
Because the RP should handle these two cases differently.

1) definitely should result in an error code 

For (2) if the OP returns a success code but with no or a curtailed set of claims that will then mean that the RP must be able to figure out what will happen if it tries to go trough with the remaining steps of the process.
Is that to much to ask ?

-- Roland
------------------------------------------------------
Roland Hedberg
IT Architect/Senior Researcher
ICT Services and System Development (ITS) 
Umeå University 
SE-901 87 Umeå, Sweden	
Phone +46 90 786 68 44
Mobile +46 70 696 68 44 
www.its.umu.se 



More information about the Openid-specs-ab mailing list