[Openid-specs-ab] How to use OIDC claims as an identity oracle

Tue Nov 8 16:24:40 UTC 2016

Good point.

At the same time, I suspect that there are use cases where the RP wants to
have it in the ID Token.
Perhaps we can slightly expand Phil's draft to introduce such
possibilities.

Nat

On Wed, Nov 9, 2016 at 1:19 AM Prateek Mishra via Openid-specs-ab <
openid-specs-ab at lists.openid.net> wrote:

> George,
>
> Have you considered using SCIM for these more advanced queries? SCIM
> includes a query language (age above 18) and also schema for attributes
> that lie outside the standard.
>
> Phil recently a published a draft explaining how a OIDC client could also
> act as a SCIM client within the OIDC framework.
>
> http://openid.net/specs/openid-connect-scim-profile-1_0.html
>
> - prateek
>
> On Nov 4, 2016, at 12:32 PM, George Fletcher via Openid-specs-ab <
> openid-specs-ab at lists.openid.net> wrote:
>
> Hi,
>
> As a relying party, I'd love to be able to ask the OpenID Provider whether
> the user authenticating is over a particular age. This could be used in may
> use cases. However, when I look at the spec, there is only a provided claim
> name of 'birthdate'. I don't really want the user's birth date, just an
> assertion that the user is over a particular age.
>
> I don't see a way to do this via the OIDC claim mechanism. Any thoughts on
> how a RP may make such a request?
>
> Thanks,
> George
> _______________________________________________
> Openid-specs-ab mailing list
> Openid-specs-ab at lists.openid.net
> http://lists.openid.net/mailman/listinfo/openid-specs-ab
>
>
> _______________________________________________
> Openid-specs-ab mailing list
> Openid-specs-ab at lists.openid.net
> http://lists.openid.net/mailman/listinfo/openid-specs-ab
>
-- 

Nat Sakimura

Chairman of the Board, OpenID Foundation
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20161108/4b1f1cf0/attachment.html>