[Openid-specs-igov] New version committed to master

Justin Richer jricher at mit.edu
Mon Sep 19 16:42:21 UTC 2016


If we were to add the data exactly as listed below, we would be breaking compatibility with the base spec. 

The i18n data for claims in OIDC is specified using a hash value:

{
“name#fr-CA”: “Michel”,
“name”: “Mike"
}

This is not metadata on a single claim but rather a separate claim from the plain “name”, and it’s recommended that you also have the plain “name” claim even if the data is the same. I’m not sure how we’d go about augmenting claims without breaking compatibility. If I read “name” and expect it to be a string, but I find an object, that’s going to be a problem in all my client libraries. 

 — Justin


> On Sep 19, 2016, at 11:40 AM, Mike Varley via Openid-specs-igov <openid-specs-igov at lists.openid.net> wrote:
> 
> I have uploaded a new version of the spec doc:
> 
> Added:
>    - manditory UserInfo justification
>    - discovery claims_supported manditory
>    - Verifiable Claims description/proposal
>    - Privacy Considerations
>    - UserInfo meta-data placeholder
>    - Vectors of Trust (for claims)
> 
> A couple things: since I was working on the meta-data concept in UserInfo, I added the concept of "verifiable claims" to the spec; a verifiable claim being a hashed value of a claim rather then the raw data. Its a method that is particularly useful when transferring sensitive user information through federation broker... Like SSN. It's a suggestion, but it also opens a can of worms (supported hashing methods, etc...) so it may be best left as an extension for elsewhere.
> 
> 
> Second point was I didn't actually know how to specify meta-data for claims: in the UserInfo object itself? Or in the Discovery document? Should it be within the claim value, such as:
> 
> "name" : { "val" : "Michel", "locale" : "fr-CA", "vot" : "P1.Cc" }
> 
> Or as a separate "_claims_info" section?
> 
> So its a placeholder for now.
> 
> Cheers,
> 
> MV
> 
> 
> 
> 
> 
> _______________________________________________
> Openid-specs-igov mailing list
> Openid-specs-igov at lists.openid.net
> http://lists.openid.net/mailman/listinfo/openid-specs-igov



More information about the Openid-specs-igov mailing list