[Openid-specs-ab] Claims Aggregation Draft

Torsten Lodderstedt torsten at lodderstedt.net
Mon Jul 27 06:14:46 UTC 2020


Hi,

so uid is an identifier provided by the ultimate RP? I read it as user identifier at the OP that is performing the upstream request to the claim source.

best regards,
Torsten.

> Am 26.07.2020 um 23:30 schrieb Nat Sakimura <nat at digitalideas.tokyo>:
> 
> 
> Hi
> 
> It is because without the user's identifier (not identity) at the relying party being included in the signed claims set, the RP has no way of verifying if the claims set is about the entity that the `sub` claim points to. 
> 
> Best, 
> 
> Nat 
> 
> 2020年7月26日(日) 21:01 Torsten Lodderstedt <torsten at lodderstedt.net>:
>> Hi Nat,
>> 
>> thanks for preparing this draft.
>> 
>> If got one question: why does the OP need to pass the user‘s identity (uid claim) to the Claims Provider?
>> 
>>  best regards,
>> Torsten.
>> 
>>>> Am 20.07.2020 um 16:44 schrieb Nat Sakimura via Openid-specs-ab <openid-specs-ab at lists.openid.net>:
>>>> 
>>> 
>>> Looks like I did not attach the draft. Here it is. 
>>> 
>>> 
>>> 
>>>> On Sun, Jul 19, 2020 at 6:09 PM Nat Sakimura <nat at digitalideas.tokyo> wrote:
>>>> Hi 
>>>> 
>>>> Attached please find the claims aggregation draft. It is a very rough cut of what I and Edmund have been talking about at Identiverse and SIOP Virtual Meetup. 
>>>> It also addresses some of the items in the laundry list [1]. 
>>>> 
>>>> [1] https://bitbucket.org/openid/connect/issues/1180/siop-laundry-list
>>>> 
>>>> We could discuss this in the next Pacific Call, hopefully. 
>>>> 
>>>> Best, 
>>>> 
>>>> Nat Sakimura
>>>> 
>>> 
>>> <OpenID Connect Claims Aggregation.md>
>>> _______________________________________________
>>> Openid-specs-ab mailing list
>>> Openid-specs-ab at lists.openid.net
>>> http://lists.openid.net/mailman/listinfo/openid-specs-ab
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20200727/3b51ad04/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3629 bytes
Desc: not available
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20200727/3b51ad04/attachment-0001.p7s>


More information about the Openid-specs-ab mailing list