[Openid-specs-ab] Issue #1142: Drop claims short cut (openid/connect)
tlodderstedt
issues-reply at bitbucket.org
Tue Dec 17 09:10:57 UTC 2019
New issue 1142: Drop claims short cut
https://bitbucket.org/openid/connect/issues/1142/drop-claims-short-cut
Torsten Lodderstedt:
the spec currently allows to use short cuts for defining the claims to be attested in the verified\_claims structure
“Note: A claims sub-element with value null is interpreted as a request for all possible Claims. An example is shown in the following …”
Feedback indicates this leads to ambiguity and does not foster privacy preserving behaviour of RPs
I suggest to drop the short cut.
More information about the Openid-specs-ab
mailing list