[Openid-specs-igov] New version committed to master

Mike Varley mike.varley at securekey.com
Mon Sep 19 15:40:03 UTC 2016


I have uploaded a new version of the spec doc:

Added:
    - manditory UserInfo justification
    - discovery claims_supported manditory
    - Verifiable Claims description/proposal
    - Privacy Considerations
    - UserInfo meta-data placeholder
    - Vectors of Trust (for claims)

A couple things: since I was working on the meta-data concept in UserInfo, I added the concept of "verifiable claims" to the spec; a verifiable claim being a hashed value of a claim rather then the raw data. Its a method that is particularly useful when transferring sensitive user information through federation broker... Like SSN. It's a suggestion, but it also opens a can of worms (supported hashing methods, etc...) so it may be best left as an extension for elsewhere.


Second point was I didn't actually know how to specify meta-data for claims: in the UserInfo object itself? Or in the Discovery document? Should it be within the claim value, such as:

"name" : { "val" : "Michel", "locale" : "fr-CA", "vot" : "P1.Cc" }

Or as a separate "_claims_info" section?

So its a placeholder for now.

Cheers,

MV







More information about the Openid-specs-igov mailing list