[Openid-specs-ab] Issue #1142: Drop claims short cut (openid/connect)

tlodderstedt issues-reply at bitbucket.org
Tue Dec 17 09:10:57 UTC 2019

New issue 1142: Drop claims short cut

Torsten Lodderstedt:

the spec currently allows to use short cuts for defining the claims to be attested in the verified\_claims structure

“Note: A claims sub-element with value null is interpreted as a request for all possible Claims. An example is shown in the following …”

Feedback indicates this leads to ambiguity and does not foster privacy preserving behaviour of RPs

I suggest to drop the short cut.

More information about the Openid-specs-ab mailing list