[Openid-specs-risc] Fwd: Multi subject discuss?

Phil Hunt phil.hunt at oracle.com
Tue Dec 12 17:18:20 UTC 2017


Re-sending to RISC group. 

Apologies to fastfed. 

Phil

Begin forwarded message:

> From: Phil Hunt <phil.hunt at oracle.com>
> Date: December 12, 2017 at 9:04:14 AM PST
> To: openid-specs-fastfed at lists.openid.net
> Subject: Multi subject discuss?
> 
> It has been raised by marius on the secevents list that multi subjects in risc sets is a requirement which has not been discussed here. 
> 
> As we have not discussed this, I propose we do so. 
> 
> I have grave concerns about possible privacy implications particular if third party security providers are involved. 
> 
> I believe for any stream, transmitters and receivers must negotiate a single subject identifier to use. This can become a requirement for config eg as an extension to stream config  
> 
> Ps i also support single profile option in stream config per discussion with annabelle. 
> 
> I also support a standard subject claim but because of issues like multi subject, i do not support it being part of the main set draft. 
> 
> I think standard subject is also useful for access tokens/id tokens and may pave the way for single subject sets in risc. 
> 
> Best,
> 
> Phil
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-risc/attachments/20171212/4291ee24/attachment.html>


More information about the Openid-specs-risc mailing list