[Openid-specs-ab] Claims Aggregation Draft
Nat Sakimura
nat at digitalideas.tokyo
Sun Jul 26 21:30:37 UTC 2020
Hi
It is because without the user's identifier (not identity) at the relying
party being included in the signed claims set, the RP has no way of
verifying if the claims set is about the entity that the `sub` claim points
to.
Best,
Nat
2020年7月26日(日) 21:01 Torsten Lodderstedt <torsten at lodderstedt.net>:
> Hi Nat,
>
> thanks for preparing this draft.
>
> If got one question: why does the OP need to pass the user‘s identity (uid
> claim) to the Claims Provider?
>
> best regards,
> Torsten.
>
> Am 20.07.2020 um 16:44 schrieb Nat Sakimura via Openid-specs-ab <
> openid-specs-ab at lists.openid.net>:
>
>
> Looks like I did not attach the draft. Here it is.
>
>
>
> On Sun, Jul 19, 2020 at 6:09 PM Nat Sakimura <nat at digitalideas.tokyo>
> wrote:
>
>> Hi
>>
>> Attached please find the claims aggregation draft. It is a very rough cut
>> of what I and Edmund have been talking about at Identiverse and SIOP
>> Virtual Meetup.
>> It also addresses some of the items in the laundry list [1].
>>
>> [1] https://bitbucket.org/openid/connect/issues/1180/siop-laundry-list
>>
>> We could discuss this in the next Pacific Call, hopefully.
>>
>> Best,
>>
>> Nat Sakimura
>>
>> <OpenID Connect Claims Aggregation.md>
> _______________________________________________
> Openid-specs-ab mailing list
> Openid-specs-ab at lists.openid.net
> http://lists.openid.net/mailman/listinfo/openid-specs-ab
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20200727/685272c3/attachment.html>
More information about the Openid-specs-ab
mailing list