[Openid-specs-ab] amr: strings versus objects
Mike Schwartz
mike at gluu.org
Wed Jul 27 21:39:07 UTC 2016
>> It would be impossible to account for all possible future needs.
Nick,
That's what I'm saying: if it's impossible to account for all future
needs, why does the OpenID Connect spec say that the value for amr has
to be an array of strings?
For example, if we had an array of objects, the federation could define
those objects.
We're finding an array of strings very limiting at Gluu. We have to set
policy based on the order... like the first item means this... the
second item means that... If we had some other kind of data structure,
we wouldn't have to be concerned about the order.
Futhermore, to try to condense amr's into one string is very difficult.
Let's say we have an amr called "password"... how complex is it? how
often is it changed? where and how is it stored? Biometrics also have a
dizzing array of metadata... two vendors that say "iris" could be vastly
different.
- Mike
-------------------------------------
Michael Schwartz
Gluu
http://gluu.org
More information about the Openid-specs-ab
mailing list