[Openid-specs-ab] Review of openid-connect-4-identity-assurance-04

Tom Jones thomasclinganjones at gmail.com
Sun Jun 16 19:50:57 UTC 2019


Ah Tony - the JWT definition seems good enough to me. Provide value can be
a complex structure like an address.
Here is the definition in my glossary A statement by or about a
<https://tcwiki.azurewebsites.net/index.php?title=Claim#Full_Title_or_Meme>Subject
is
a claim. If there is some corroboration of the claim, it is called
a Validated claim.
<https://tcwiki.azurewebsites.net/index.php?title=Claim#Full_Title_or_Meme>
Here is the definition from Skeats  to call our for, or to publish, pretty
much the same meaning as the Latin word *clarmare*.

the adjectives verified validated and registered should all work. I do like
the historical precedent for registered myself.

Peace ..tom


On Sat, Jun 15, 2019 at 8:04 PM Anthony Nadalin via Openid-specs-ab <
openid-specs-ab at lists.openid.net> wrote:

> It's a very very poor definition, you need to look at the real definition
> not a made up one
>
> Get Outlook for Android <https://aka.ms/ghei36>
>
> ------------------------------
> *From:* Mike Jones
> *Sent:* Saturday, June 15, 2019 7:37:55 AM
> *To:* Torsten Lodderstedt; Anthony Nadalin
> *Cc:* Artifact Binding/Connect Working Group
> *Subject:* RE: Review of openid-connect-4-identity-assurance-04
>
>
> The normative definition of “Claim” for JWTs is this one from the JWT spec
> at https://tools.ietf.org/html/rfc7519#section-2
> <https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Ftools.ietf.org%2Fhtml%2Frfc7519%23section-2&data=04%7C01%7Ctonynad%40microsoft.com%7C0f365fd3d08544bc4bcc08d6f19f0e13%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C636962062806639802%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C-1&sdata=9VDX6CJrpmf6yczeaZ7qh9Ja6cNJxZJMscgWSnyqJ4g%3D&reserved=0>
> :
>
>
>
>    Claim
>
>       A piece of information asserted about a subject.  A claim is
>
>       represented as a name/value pair consisting of a Claim Name and a
>
>       Claim Value.
>
>
>
> It says nothing about doubt – just that the information was asserted.
> Therefore, I continue to agree that Torsten’s suggested identifier
> “verified_claim” is the right one.
>
>
>
>                                                        -- Mike
>
>
>
> *From:* Torsten Lodderstedt <torsten at lodderstedt.net>
> *Sent:* Saturday, June 15, 2019 12:52 AM
> *To:* Anthony Nadalin <tonynad at microsoft.com>
> *Cc:* Mike Jones <Michael.Jones at microsoft.com>; Artifact Binding/Connect
> Working Group <openid-specs-ab at lists.openid.net>
> *Subject:* Re: Review of openid-connect-4-identity-assurance-04
>
>
>
>
>
>
> Am 14.06.2019 um 18:48 schrieb Anthony Nadalin <tonynad at microsoft.com>:
>
> It’s not a claim then, it’s a statement, it does not matter who has the
> claim, the issuer or the beholder, it’s still in doubt. I don’t understand
> enough of the “verified” statement since the language is vague in the
> specification, is it the provenance of the data or the truth of the data ?
>
>
>
> I would say first of all truth but backed by data about the provenance
>
>
>
> Happy to incorporate your text proposals to improve the spec language
>
>
>
>
>
> *From:* Mike Jones <Michael.Jones at microsoft.com>
> *Sent:* Friday, June 14, 2019 9:45 AM
> *To:* Anthony Nadalin <tonynad at microsoft.com>; Artifact Binding/Connect
> Working Group <openid-specs-ab at lists.openid.net>; Torsten Lodderstedt <
> torsten at lodderstedt.net>
> *Subject:* Re: Review of openid-connect-4-identity-assurance-04
>
>
>
> A claim is a statement made by the issuer. A verified claim is one with
> evidence backing it beyond the veracity of the issuer.
>
> Doubt or belief are both properties of the beholder - not the issuer.
>
> -- Mike
> ------------------------------
>
> *From:* Anthony Nadalin
> *Sent:* Friday, June 14, 2019 6:44:29 PM
> *To:* Artifact Binding/Connect Working Group; Torsten Lodderstedt
> *Cc:* Mike Jones
> *Subject:* RE: Review of openid-connect-4-identity-assurance-04
>
>
>
> A claim is something in doubt, how can you have a verified claim?
>
>
>
> *From:* Openid-specs-ab <openid-specs-ab-bounces at lists.openid.net> *On
> Behalf Of *Mike Jones via Openid-specs-ab
> *Sent:* Friday, June 14, 2019 8:42 AM
> *To:* Torsten Lodderstedt <torsten at lodderstedt.net>
> *Cc:* Mike Jones <Michael.Jones at microsoft.com>;
> openid-specs-ab at lists.openid.net
> *Subject:* Re: [Openid-specs-ab] Review of
> openid-connect-4-identity-assurance-04
>
>
>
> I agree with "verified_claims".
>
> Thanks!
>
> -- Mike
> ------------------------------
>
> *From:* Torsten Lodderstedt <torsten at lodderstedt.net>
> *Sent:* Friday, June 14, 2019 5:47:17 PM
> *To:* Mike Jones
> *Cc:* Daniel Fett; openid-specs-ab at lists.openid.net
> *Subject:* Re: Review of openid-connect-4-identity-assurance-04
>
>
>
> Hi Mike,
>
> Thanks a lot for your substantial feedback.
>
> While I'm incorporating it, I would like to sort out one question:
>
> > On 1. Jun 2019, at 02:16, Mike Jones <Michael.Jones at microsoft.com>
> wrote:
> >
> > All Sections:  Generalize kinds of verified claims.  The most important
> issue is to generalize the goal of the document from defining how to use
> “verified person data” to defining how to use “verified data”.  This work
> isn’t happening in a vacuum.  There are other efforts to define
> representations of verified claims in the industry, including
> https://w3c.github.io/vc-data-model/
> <https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fw3c.github.io%2Fvc-data-model%2F&data=04%7C01%7Ctonynad%40microsoft.com%7C0f365fd3d08544bc4bcc08d6f19f0e13%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C636962062806649796%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C-1&sdata=ZhD5gyQPknwyT3Vz7WSqY02%2BRgiSPimz3%2FCwNL%2BywMs%3D&reserved=0>,
> that take this more general approach, but propose much more complicated
> data representations that are not based on JWTs.  It would be highly
> beneficial to have a simple general JWT-based “verified data”
> representation that is general-purpose.  Indeed, that’s the possibility
> that excites me about this work.  Don’t get me wrong – I believe that all
> the particulars for verified people data can and should remain.  The main
> concrete change needed is to rename “verified_person_data” to
> “verified_data”.
>
> I think “verified_claims” would fit even better. What do you think?
>
> best regards,
> Torsten.
>
>
> _______________________________________________
> Openid-specs-ab mailing list
> Openid-specs-ab at lists.openid.net
> http://lists.openid.net/mailman/listinfo/openid-specs-ab
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20190616/197406bd/attachment.html>


More information about the Openid-specs-ab mailing list