[Openid-specs-ab] [openid/connect] Messages 2.5 - Make phone number claims more useful (issue #800)

Michael Jones issues-reply at bitbucket.org
Thu Mar 7 12:48:13 UTC 2013


--- you can reply above this line ---

New issue 800: Messages 2.5 - Make phone number claims more useful
https://bitbucket.org/openid/connect/issue/800/messages-25-make-phone-number-claims-more

Michael Jones:

Breno has asked that we provide both a display form and a canonical form of phone numbers.  Nat has asked that we distinguish between mobile and generic phone numbers.  Mark Wahl and Nat have pointed out that generic phone numbers may have extensions.  To address these requests, at least for discussion purposes, I'll propose that we replace the current single phone_number claim with these claims:

    phone_number - End-User's preferred telephone number, in a format intended for display to the user.  This SHOULD contain the phone number text string as the End-User entered it, preserving any spacing charcters, etc.  For example, "(425) 555-1212 x1234".
    phone_tel_uri - End-User's preferred telephone number, represented as an RFC 3966 "tel" scheme URI using the global-number representation (in which the number begins with a "+" and country code).  For example, "tel:+1(425)555-1212;ext=1234".
    mobile_number - End-User's mobile telephone number, in a format intended for display to the user.  This SHOULD contain the mobile number text string as the End-User entered it, preserving any spacing charcters, etc.  For example, "1-604-555-0123".
    mobile_tel_uri - End-User's mobile telephone number, represented as an RFC 3966 "tel" scheme URI using the global-number representation (in which the number begins with a "+" and country code).  For example, "tel:+16045550123".

This actually then raises the question of whether some would want these claims too:

    phone_verified - True if the phone number in the End-User's "phone_tel_uri" has been verified; otherwise false.  The means by which a phone number must be verified is context-specific, and dependent upon the trust framework or contractual agreements within which the parties are operating.
    mobile_verified - True if the phone number in the End-User's "mobile_tel_uri" has been verified; otherwise false.  The means by which a mobile number must be verified is context-specific, and dependent upon the trust framework or contractual agreements within which the parties are operating.

That may be going too far, but in some business contexts or trust frameworks, these claims would also make sense.


--

This is an issue notification from bitbucket.org. You are receiving
this either because you are the owner of the issue, or you are
following the issue.


More information about the Openid-specs-ab mailing list