[Openid-specs-ab] Attribute Exchange w/ OpenID Connect?
Eve Maler
eve at xmlgrrl.com
Fri Nov 30 19:32:21 UTC 2012
This sounds just like the justification for SAML's transient pseudonyms -- good only for the current session, handy for cases where the RP needs some sort of unique "handle" for internal user/session management, and useful for session timeouts or single logout a bit later on.
Eve
On 30 Nov 2012, at 8:19 AM, Torsten Lodderstedt <torsten at lodderstedt.net> wrote:
> We don't want the RP to track the user. So we would need to issue different user_id for every request. But I don't think is fit into the Connect philosophy.
>
> regards,
> Torsten.
>
> Am 30.11.2012 17:11, schrieb Justin Richer:
>> Would using pairwise identifiers make this work?
>>
>> -- Justin
>>
>> On 11/30/2012 11:09 AM, Torsten Lodderstedt wrote:
>>> Hi,
>>>
>>> in some cases we want to provide RPs with attributes but no user_id, which is similar to AX. How can this be realized in Connect? The scope value "openid" activates the OpenID mode at the AS but it also requests access to the user_id Claim. If we do not want to disclose a user_id, does this mean we need to define a new, distinct scope for our use case, e.g. "attribute_x"?
>>>
>>> regards,
>>> Torsten.
>>> _______________________________________________
>>> Openid-specs-ab mailing list
>>> Openid-specs-ab at lists.openid.net
>>> http://lists.openid.net/mailman/listinfo/openid-specs-ab
>
> _______________________________________________
> Openid-specs-ab mailing list
> Openid-specs-ab at lists.openid.net
> http://lists.openid.net/mailman/listinfo/openid-specs-ab
Eve Maler http://www.xmlgrrl.com/blog
+1 425 345 6756 http://www.twitter.com/xmlgrrl
More information about the Openid-specs-ab
mailing list