[Openid-specs-ab] Issue #950: Micration - (te) 4. xri portion needs change (by Markus) (openid/connect)

Nat Sakimura issues-reply at bitbucket.org
Mon Aug 25 07:18:30 UTC 2014


New issue 950: Micration - (te) 4. xri portion needs change (by Markus)
https://bitbucket.org/openid/connect/issue/950/micration-te-4-xri-portion-needs-change-by

Nat Sakimura:

  In section 4:
  
  "For XRI, OpenID 2.0 Identifier MUST be created as https://xri.net/ concatenated with the user’s verified XRI without the xri:// scheme. "
  
  The problem with this I think is that in OpenID 2.0, for an XRI the Claimed Identifier is the pure CanonicalID (I-Number), without https:// or xri:// scheme. For example, an RP might have =!91F2.8153.F600.AE24 as the Claimed Identifier (openid2_id) for a user in its database.
  So I think in section 4, we should either not say anything specific at all about XRI, or say something like this:
  
  "For XRI, OpenID 2.0 Identifier MUST be the content of the <CanonicalID> element, as specified in [OpenID.2.0]"
  
  Then an example ID Token would be:
  {
   "iss": "?? not sure",
   "sub": "?? not sure",
   "aud": "s6BhdRkqt3",
   "nonce": "n-0S6_WzA2Mj",
   "exp": 1311281970,
   "iat": 1311280970,
   "openid2_id": "=!91F2.8153.F600.AE24"
  }But then I can see that obtaining an "iss" as described in sections 2 and 6 won't work.




More information about the Openid-specs-ab mailing list