[Openid-specs-ab] Syntax for requesting an element of a structured claim

John Bradley ve7jtb at ve7jtb.com
Wed Jun 15 20:25:28 UTC 2016


Every claim request allows a JSON object, so you can define a comparison for a specific claim.

What we don’t have is a general syntax across claims.

You could define group to support something like

"group”: { “values": [“Managers”] , “essential”: true } 

That would only return a authentication if the person had the managers value as part of the groups claim.

However I would recommend using SCIM for something like that rather than overloading the user_info endpoint with duplicate claims.

John B.


> On Jun 15, 2016, at 10:09 AM, Mike Schwartz <mike at gluu.org> wrote:
> 
> Another use case for better syntax for structured claims...
> 
> A person might have a lot of group memberships (i.e. attribute memberOf). Releasing a list of all the group memberships to an RP is a secruity risk.
> 
> It would be great if there was a way to "compare",
> such as : contains("memberOf", ".*[mM]anagers.*)
> 
> - Mike
> 
> -------------------------------------
> Michael Schwartz
> Gluu
> Founder / CEO
> mike at gluu.org
> _______________________________________________
> Openid-specs-ab mailing list
> Openid-specs-ab at lists.openid.net
> http://lists.openid.net/mailman/listinfo/openid-specs-ab



More information about the Openid-specs-ab mailing list