[Openid-specs-ab] Reserved member definitions

John Bradley ve7jtb at ve7jtb.com
Tue Sep 20 21:44:15 UTC 2011


The schema is extended by using claims.

All claim names MUST be URI.

Just a small number of non URI strings are reserved in the schema for common claims.

So yes you could use foaf or eduperson URI.

Perhaps that needs clarification.

John


On 2011-09-20, at 3:39 AM, Roland Hedberg wrote:

> 
> 19 sep 2011 kl. 23:54 skrev John Bradley:
> 
>> I am sympathetic to the position. 
>> 
>> However without namespace support in JSON, we just end up adding extra characters to the reserved names for not much more than formal correctness.
> 
> Yeah, that is a serious limitation to JSON.
> 
>> The decision was to go for a fixed schema (implied namespace) and fully namespaces claims.
> 
> What do you mean with 'fully namespaces claims' ?
> 
>> Perhaps being clear that all of the reserved claim names have a implied namespace that is not included in the JSON itself.
> 
> That would be important in the future.
> 
> OpenID Connect comes from OpenID which I have understood as being geared towards individuals maintaining their net identity.
> I've been think about what it would take to make OpenID Connect usable in an organization context or for that matter in the context of federations of organizations. Something which I'd like to see as in scope.
> 
> And the first thing I stumble across is the lack of/limited extensibility of the schema.
> This is a major limitation.
> There is just a matter of course that there isn't an organization out there that doesn't have at least one attribute that is specific to them (at least they think it is) that they just have to have in an identity provider for it to be usable in their context.
> So having an implied namespace for the OpenID Connect attributes could we allow for 'fully qualified' attributes from other namespaces ?
> 
> For instance:
> 
> {
> "name": "Jane Doe"
> "given_name": "Jane",
> "family_name": "Doe",
> "email": "janedoe at example.com",
> "picture": "http://example.com/janedoe/me.jpg",
> "http://xmlns.com/foaf/0.1/title": "Ms"
> }
> 
> -- Roland

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4767 bytes
Desc: not available
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20110920/58382a47/attachment.p7s>


More information about the Openid-specs-ab mailing list