[Openid-specs-ab] How to use OIDC claims as an identity oracle

George Fletcher gffletch at aol.com
Tue Nov 8 17:19:16 UTC 2016 

If the OP is already a SCIM provider, this makes a lot of sense. 
However, for an OP with no SCIM support, implementing SCIM for this one 
purpose might be a lot of work.

I agree with Nat that it would be ideal of the claim could be returned 
in the id_token per the mechanism already supported by OIDC.

Thanks,
George

On 11/8/16 11:24 AM, Nat Sakimura wrote:
> Good point.
>
> At the same time, I suspect that there are use cases where the RP 
> wants to have it in the ID Token.
> Perhaps we can slightly expand Phil's draft to introduce such 
> possibilities.
>
> Nat
>
> On Wed, Nov 9, 2016 at 1:19 AM Prateek Mishra via Openid-specs-ab 
> <openid-specs-ab at lists.openid.net 
> <mailto:openid-specs-ab at lists.openid.net>> wrote:
>
>     George,
>
>     Have you considered using SCIM for these more advanced queries?
>     SCIM includes a query language (age above 18) and also schema for
>     attributes that lie outside the standard.
>
>     Phil recently a published a draft explaining how a OIDC client
>     could also act as a SCIM client within the OIDC framework.
>
>     http://openid.net/specs/openid-connect-scim-profile-1_0.html
>
>     - prateek
>
>>     On Nov 4, 2016, at 12:32 PM, George Fletcher via Openid-specs-ab
>>     <openid-specs-ab at lists.openid.net
>>     <mailto:openid-specs-ab at lists.openid.net>> wrote:
>>
>>     Hi,
>>
>>     As a relying party, I'd love to be able to ask the OpenID
>>     Provider whether the user authenticating is over a particular
>>     age. This could be used in may use cases. However, when I look at
>>     the spec, there is only a provided claim name of 'birthdate'. I
>>     don't really want the user's birth date, just an assertion that
>>     the user is over a particular age.
>>
>>     I don't see a way to do this via the OIDC claim mechanism. Any
>>     thoughts on how a RP may make such a request?
>>
>>     Thanks,
>>     George
>>     _______________________________________________
>>     Openid-specs-ab mailing list
>>     Openid-specs-ab at lists.openid.net
>>     <mailto:Openid-specs-ab at lists.openid.net>
>>     http://lists.openid.net/mailman/listinfo/openid-specs-ab
>
>     _______________________________________________
>     Openid-specs-ab mailing list
>     Openid-specs-ab at lists.openid.net
>     <mailto:Openid-specs-ab at lists.openid.net>
>     http://lists.openid.net/mailman/listinfo/openid-specs-ab
>
> -- 
>
> Nat Sakimura
>
> Chairman of the Board, OpenID Foundation
>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20161108/68f8828b/attachment.html>

More information about the Openid-specs-ab mailing list