[Openid-specs-ab] [openid/connect] Make "acr" Claim values be arrays of ACR identifiers (issue #789)

Michael Jones issues-reply at bitbucket.org
Mon Mar 4 05:30:11 UTC 2013

--- you can reply above this line ---

New issue 789: Make "acr" Claim values be arrays of ACR identifiers

Michael Jones:

Just as was done for PAPE, we should have "acr" claim values be a list of the policies that the OP was able to satisfy/use and not assume that it's a singleton.

The PAPE language at http://openid.net/specs/openid-provider-authentication-policy-extension-1_0.html#anchor9 is:


    One or more authentication policy URIs representing policies that the OP satisfied when authenticating the End User.
    Value: Space separated list of authentication policy URIs. 

I believe we'll regret it if we don't do this.


This is an issue notification from bitbucket.org. You are receiving
this either because you are the owner of the issue, or you are
following the issue.

More information about the Openid-specs-ab mailing list