[Openid-specs-ab] Syntax for requesting an element of a structured claim
John Bradley
ve7jtb at ve7jtb.com
Wed Jun 15 20:25:28 UTC 2016
Every claim request allows a JSON object, so you can define a comparison for a specific claim.
What we don’t have is a general syntax across claims.
You could define group to support something like
"group”: { “values": [“Managers”] , “essential”: true }
That would only return a authentication if the person had the managers value as part of the groups claim.
However I would recommend using SCIM for something like that rather than overloading the user_info endpoint with duplicate claims.
John B.
> On Jun 15, 2016, at 10:09 AM, Mike Schwartz <mike at gluu.org> wrote:
>
> Another use case for better syntax for structured claims...
>
> A person might have a lot of group memberships (i.e. attribute memberOf). Releasing a list of all the group memberships to an RP is a secruity risk.
>
> It would be great if there was a way to "compare",
> such as : contains("memberOf", ".*[mM]anagers.*)
>
> - Mike
>
> -------------------------------------
> Michael Schwartz
> Gluu
> Founder / CEO
> mike at gluu.org
> _______________________________________________
> Openid-specs-ab mailing list
> Openid-specs-ab at lists.openid.net
> http://lists.openid.net/mailman/listinfo/openid-specs-ab
More information about the Openid-specs-ab
mailing list