[Openid-specs-ab] [Bitbucket] Issue #835: Clarify the expected JSON type(s) of "value" and "values" in the claims request JSON object (openid/connect)

Mike Jones Michael.Jones at microsoft.com
Mon Jun 3 00:03:45 UTC 2013


I know that we already say that you need to use “request” or “request_uri” when making a signed request.  That’s the reason to use “request” over just bare parameters.  I don’t think we need to say anything else in that regard, unless you have other reasons to use it.

                                                            -- Mike

From: Nat Sakimura [mailto:sakimura at gmail.com]
Sent: Sunday, June 02, 2013 5:01 PM
To: Mike Jones
Cc: Michael Jones; openid-specs-ab at lists.openid.net
Subject: Re: [Openid-specs-ab] [Bitbucket] Issue #835: Clarify the expected JSON type(s) of "value" and "values" in the claims request JSON object (openid/connect)

Probably an official readers guide type of thing would do.

For now, I just wanted to be ready to answer when I was asked.

=nat via iPhone

Jun 3, 2013 8:30、Mike Jones <Michael.Jones at microsoft.com<mailto:Michael.Jones at microsoft.com>> のメッセージ:
We already cover the rationale for using the “request_uri” in http://openid.net/specs/openid-connect-messages-1_0.html#RequestUriRationale.  We could add similar rationale for when to use the “request” parameter, but I’d submit that adding this isn’t essential to completing the Implementer’s Drafts.  We could write that and review it in a leisurely fashion, after publishing the Implementer’s Drafts, should the working group decide to do so.

                                                            -- Mike

From: Nat Sakimura [mailto:sakimura at gmail.com]
Sent: Sunday, June 02, 2013 4:26 PM
To: Mike Jones
Cc: Michael Jones; openid-specs-ab at lists.openid.net<mailto:openid-specs-ab at lists.openid.net>
Subject: Re: [Openid-specs-ab] [Bitbucket] Issue #835: Clarify the expected JSON type(s) of "value" and "values" in the claims request JSON object (openid/connect)

Actually, I am asking the guidance between the use of 'claims' top-level parameter and 'request' parameter.

'claims' parameter was added by #748 to ease the writing of MTI and request parameter processing rules. From spec writing point of view, that is more elegant and fine. I just thought that developers who reads this spec may wonder when they should pick one or the other.

2013/6/3 Mike Jones <Michael.Jones at microsoft.com<mailto:Michael.Jones at microsoft.com>>
The “claims” parameter is always what is used to request individual claims.  Independent of that, the “claims” parameter is one of the parameters that can either occur as a query parameter value, or within a request object passed either as a query parameter value using the “request” parameter or by reference using the “request_uri” parameter.

I think you’re really asking the question “what is the guidance between using request parameters passed as query parameters and using request parameters passed by reference or by value using a Request Object”.  The question is independent of whether the “claims” parameter is used.

                                                            -- Mike

From: openid-specs-ab-bounces at lists.openid.net<mailto:openid-specs-ab-bounces at lists.openid.net> [mailto:openid-specs-ab-bounces at lists.openid.net<mailto:openid-specs-ab-bounces at lists.openid.net>] On Behalf Of Nat Sakimura
Sent: Sunday, June 02, 2013 3:55 PM
To: Michael Jones; openid-specs-ab at lists.openid.net<mailto:openid-specs-ab at lists.openid.net>
Subject: Re: [Openid-specs-ab] [Bitbucket] Issue #835: Clarify the expected JSON type(s) of "value" and "values" in the claims request JSON object (openid/connect)

A naive question.

What is the guidance between the requesting claims in 'claims' request parameter and the request object?

>From what I see, 'claims' request parameter features are completely covered by request object. Main differences are that request object can specify other parameter such as response_types as well as other security parameters and can be signed (it is a compact serialized JWS), while 'claims' parameter is form encoded.

2013/5/30 Michael Jones <issues-reply at bitbucket.org<mailto:issues-reply at bitbucket.org>>

Michael Jones commented on issue #835:

Clarify the expected JSON type(s) of "value" and "values" in the claims request JSON object<https://bitbucket.org/openid/connect/issue/835/clarify-the-expected-json-type-s-of-value>


Fixed #835<https://bitbucket.org/openid/connect/issue/835/clarify-the-expected-json-type-s-of-value> - Clarified requirements on using "value" and "values" qualifiers when requesting specific values for individual claims.

→ <<cset 6af1216a68a0<https://bitbucket.org/openid/connect/commits/6af1216a68a0>>>

Status:

new resolved




View this issue<https://bitbucket.org/openid/connect/issue/835/clarify-the-expected-json-type-s-of-value> or add a comment by replying to this email.


Unsubscribe from issue emails<https://bitbucket.org/openid/connect/issue/835/unsubscribe/Nat/6c4f45461cac10ce372f1f81a7903130e0898f5c/> for this repository.





<https://bitbucket.org>
 <https://bitbucket.org>
--
Nat Sakimura (=nat)<https://bitbucket.org>
Chairman, OpenID Foundation
http://nat.sakimura.org/
@_nat_en<https://bitbucket.org>



--
Nat Sakimura (=nat)
Chairman, OpenID Foundation
http://nat.sakimura.org/
@_nat_en
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20130603/c71ed3a1/attachment-0001.html>


More information about the Openid-specs-ab mailing list