[Openid-specs-ab] Issue #1118: All claims should be in a scope (openid/connect)

[Travis Spencer]

New issue 1118: All claims should be in a scope
https://bitbucket.org/openid/connect/issues/1118/all-claims-should-be-in-a-scope

Travis Spencer:

OpenID Connect core sets forth the notion that a scope values that group together certain claims, as shown in the following diagram:

![](https://bitbucket.org/repo/beXqo/images/3321455790-Screenshot%202019-10-18%20at%209.14.59%20AM.png)
The identity assurance draft, however, does not follow this model. Instead, it defines a number of claims \(section 3\) which are not grouped into a scope value. I have understood that the rationale is to force clients to only ask for the minimum set of information about the user that it requires. Consequently, it is more private by design. I understand and support that goal; however, it should be done in a way that aligns with existing president.

For this reason, new scope values should be defined in the assurance draft spec that contain one claim, simply. Where plausible, that scope may contain multiple claims, but I’ve understood that the grouping of multiple claims into a single scope value is contrived and unfitting. This is fine, but, if so, then at least the new claims should be defined to map directly to a scope value by the same name.