[Openid-specs-ab] Attribute Exchange w/ OpenID Connect?

Torsten Lodderstedt torsten at lodderstedt.net
Sat Dec 1 15:26:35 UTC 2012 

Hi Eve,

thanks for pointing this out. At first glance it seems to be feasable although I honestly don't know whether such an identifier would conflict with the OIDC semantics. 

To give you more context: I'm looking for a way to "just" assert a boolean claim to the RP. The use case, I'm currently investigating, is age verification. The RP wants the OP to attest whether the user is above 18. There is no session between RP and OP and the OP will typically not disclose any further data. I would prefer to realize this without the need to make up an identifier just to fulfill the protocol requirements.

regards,
Torsten.



Eve Maler <eve at xmlgrrl.com> schrieb:

>This sounds just like the justification for SAML's transient pseudonyms
>-- good only for the current session, handy for cases where the RP
>needs some sort of unique "handle" for internal user/session
>management, and useful for session timeouts or single logout a bit
>later on.
>
>	Eve
>
>On 30 Nov 2012, at 8:19 AM, Torsten Lodderstedt
><torsten at lodderstedt.net> wrote:
>
>> We don't want the RP to track the user. So we would need to issue
>different user_id for every request. But I don't think is fit into the
>Connect philosophy.
>> 
>> regards,
>> Torsten.
>> 
>> Am 30.11.2012 17:11, schrieb Justin Richer:
>>> Would using pairwise identifiers make this work?
>>> 
>>> -- Justin
>>> 
>>> On 11/30/2012 11:09 AM, Torsten Lodderstedt wrote:
>>>> Hi,
>>>> 
>>>> in some cases we want to provide RPs with attributes but no
>user_id, which is similar to AX. How can this be realized in Connect?
>The scope value "openid" activates the OpenID mode at the AS but it
>also requests access to the user_id Claim. If we do not want to
>disclose a user_id, does this mean we need to define a new, distinct
>scope for our use case, e.g. "attribute_x"?
>>>> 
>>>> regards,
>>>> Torsten.
>>>> _______________________________________________
>>>> Openid-specs-ab mailing list
>>>> Openid-specs-ab at lists.openid.net
>>>> http://lists.openid.net/mailman/listinfo/openid-specs-ab
>> 
>> _______________________________________________
>> Openid-specs-ab mailing list
>> Openid-specs-ab at lists.openid.net
>> http://lists.openid.net/mailman/listinfo/openid-specs-ab
>
>
>Eve Maler                                  http://www.xmlgrrl.com/blog
>+1 425 345 6756                         http://www.twitter.com/xmlgrrl
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20121201/22de41c0/attachment.html>

More information about the Openid-specs-ab mailing list