[Openid-specs-ab] amr: strings versus objects
Nick Roy
nroy at internet2.edu
Wed Jul 27 20:41:33 UTC 2016
Hi Mike,
AMR values are to be defined out-of-band, which is how things have been done for authentication contexts in the SAML world as well. The spec says:
"The definition of particular values to be used in the amr Claim is beyond the scope of this document. Parties using this claim will need to agree upon the meanings of the values used, which may be context specific."
Delivering the needed possible policy, technical and other context via a pre-determined object representation seems difficult to me. It would be impossible to account for all possible future needs.
Nick
On 7/27/16, 8:52 AM, "Openid-specs-ab on behalf of Mike Schwartz via Openid-specs-ab" <openid-specs-ab-bounces at lists.openid.net on behalf of openid-specs-ab at lists.openid.net> wrote:
OpenID Connect-heads:
amr is defined as a "JSON array of strings"
This seems somewhat limiting... wouldn't it be better as a JSON array of
objects? That would enable us to convey more context about these
particular strings...
If the spec says "The definition of particular values to be used in the
amr Claim is beyond the scope of this specification", why are you
specifying the type of the values?
- Mike
-------------------------------------
Michael Schwartz
Gluu
http://gluu.org
_______________________________________________
Openid-specs-ab mailing list
Openid-specs-ab at lists.openid.net
http://lists.openid.net/mailman/listinfo/openid-specs-ab
More information about the Openid-specs-ab
mailing list