[Openid-specs-ab] Claims Aggregation Draft

Nat Sakimura nat at digitalideas.tokyo
Mon Jul 27 13:31:21 UTC 2020


uid is the PPID prepared by SIOP.

On Mon, Jul 27, 2020 at 3:14 PM Torsten Lodderstedt <torsten at lodderstedt.net>
wrote:

> Hi,
>
> so uid is an identifier provided by the ultimate RP? I read it as user
> identifier at the OP that is performing the upstream request to the claim
> source.
>
> best regards,
> Torsten.
>
> Am 26.07.2020 um 23:30 schrieb Nat Sakimura <nat at digitalideas.tokyo>:
>
> 
> Hi
>
> It is because without the user's identifier (not identity) at the relying
> party being included in the signed claims set, the RP has no way of
> verifying if the claims set is about the entity that the `sub` claim points
> to.
>
> Best,
>
> Nat
>
> 2020年7月26日(日) 21:01 Torsten Lodderstedt <torsten at lodderstedt.net>:
>
>> Hi Nat,
>>
>> thanks for preparing this draft.
>>
>> If got one question: why does the OP need to pass the user‘s identity
>> (uid claim) to the Claims Provider?
>>
>>  best regards,
>> Torsten.
>>
>> Am 20.07.2020 um 16:44 schrieb Nat Sakimura via Openid-specs-ab <
>> openid-specs-ab at lists.openid.net>:
>>
>> 
>> Looks like I did not attach the draft. Here it is.
>>
>>
>>
>> On Sun, Jul 19, 2020 at 6:09 PM Nat Sakimura <nat at digitalideas.tokyo>
>> wrote:
>>
>>> Hi
>>>
>>> Attached please find the claims aggregation draft. It is a very rough
>>> cut of what I and Edmund have been talking about at Identiverse and SIOP
>>> Virtual Meetup.
>>> It also addresses some of the items in the laundry list [1].
>>>
>>> [1] https://bitbucket.org/openid/connect/issues/1180/siop-laundry-list
>>>
>>> We could discuss this in the next Pacific Call, hopefully.
>>>
>>> Best,
>>>
>>> Nat Sakimura
>>>
>>> <OpenID Connect Claims Aggregation.md>
>> _______________________________________________
>> Openid-specs-ab mailing list
>> Openid-specs-ab at lists.openid.net
>> http://lists.openid.net/mailman/listinfo/openid-specs-ab
>>
>>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20200727/ac79e785/attachment.html>


More information about the Openid-specs-ab mailing list