[Openid-specs-ab] Issue #1041: Flattening metadata claims in multiple languages (openid/connect)
andreassolberg
issues-reply at bitbucket.org
Tue Aug 7 11:53:39 UTC 2018
New issue 1041: Flattening metadata claims in multiple languages
https://bitbucket.org/openid/connect/issues/1041/flattening-metadata-claims-in-multiple
andreassolberg:
An entity may craft langauge tags for human-readable Claim Values and Claim Values, that will be bypassed when an superior entity attempts to override the claims. Unless a mechanism is defined to avoid this as part of the metadata flattening process, this becomes a security issue.
In OpenID Connect Core 5.2, it says:
| Human-readable Claim Values and Claim Values that reference human-readable values MAY be represented in multiple languages and scripts.
http://openid.net/specs/openid-connect-core-1_0.html#ClaimsLanguagesAndScripts
More information about the Openid-specs-ab
mailing list