[Openid-specs-igov] New version committed to master
Mike Varley
mike.varley at securekey.com
Mon Sep 19 15:40:03 UTC 2016
I have uploaded a new version of the spec doc:
Added:
- manditory UserInfo justification
- discovery claims_supported manditory
- Verifiable Claims description/proposal
- Privacy Considerations
- UserInfo meta-data placeholder
- Vectors of Trust (for claims)
A couple things: since I was working on the meta-data concept in UserInfo, I added the concept of "verifiable claims" to the spec; a verifiable claim being a hashed value of a claim rather then the raw data. Its a method that is particularly useful when transferring sensitive user information through federation broker... Like SSN. It's a suggestion, but it also opens a can of worms (supported hashing methods, etc...) so it may be best left as an extension for elsewhere.
Second point was I didn't actually know how to specify meta-data for claims: in the UserInfo object itself? Or in the Discovery document? Should it be within the claim value, such as:
"name" : { "val" : "Michel", "locale" : "fr-CA", "vot" : "P1.Cc" }
Or as a separate "_claims_info" section?
So its a placeholder for now.
Cheers,
MV
More information about the Openid-specs-igov
mailing list