[Openid-specs-ab] [openid/connect] Common UserInfo "verified_claims" claim? (issue #809)

Vladimir Dzhuvinov issues-reply at bitbucket.org
Tue Mar 12 06:34:17 UTC 2013


--- you can reply above this line ---

New issue 809: Common UserInfo "verified_claims" claim?
https://bitbucket.org/openid/connect/issue/809/common-userinfo-verified_claims-claim

Vladimir Dzhuvinov:

Hi guys,

The other day I went to my bank to have my electronic signature updated and realised that the concept of verification can actually apply to other claims such as name and date of birth (not just email and phone numbers). Specifying an additional "x_verified" for each claim that can be potentially verified however seems too much.

How about defining a single common claim, represented by a JSON array of strings, to list all claim names, of those returned with the UserInfo, that the IdP wishes to mark as verified? This claim could be called "verified_claims".

For instance, if the email and phone number returned with the UserInfo have been verified:

    "verified_claims" : [ "email", "phone_number" ]

Or names and address:

    "verified_claims" : [ "name", "given_name", "middle_name", "family_name", "address"]

If none of the returned claims are verified, the array could be empty or entirely omitted:

    "verified_claims" : [ ]

This mechanism for indicating verified claims could potentially be used for custom (outside the std. schema) claims as well:

    "verified_claims" : ["x-custom", "y-custom", "z-custom"]


--

This is an issue notification from bitbucket.org. You are receiving
this either because you are the owner of the issue, or you are
following the issue.


More information about the Openid-specs-ab mailing list