[Openid-specs-ab] [openid/connect] Common UserInfo "verified_claims" claim? (issue #809)

Tim Bray tbray at textuality.com
Tue Mar 12 06:43:03 UTC 2013


[Insert standard grumpy note about the impact of redesigning the ID Token
payload structure at this stage of the process.]

-T


On Mon, Mar 11, 2013 at 11:34 PM, Vladimir Dzhuvinov <
issues-reply at bitbucket.org> wrote:

> --- you can reply above this line ---
>
> New issue 809: Common UserInfo "verified_claims" claim?
>
> https://bitbucket.org/openid/connect/issue/809/common-userinfo-verified_claims-claim
>
> Vladimir Dzhuvinov:
>
> Hi guys,
>
> The other day I went to my bank to have my electronic signature updated
> and realised that the concept of verification can actually apply to other
> claims such as name and date of birth (not just email and phone numbers).
> Specifying an additional "x_verified" for each claim that can be
> potentially verified however seems too much.
>
> How about defining a single common claim, represented by a JSON array of
> strings, to list all claim names, of those returned with the UserInfo, that
> the IdP wishes to mark as verified? This claim could be called
> "verified_claims".
>
> For instance, if the email and phone number returned with the UserInfo
> have been verified:
>
>     "verified_claims" : [ "email", "phone_number" ]
>
> Or names and address:
>
>     "verified_claims" : [ "name", "given_name", "middle_name",
> "family_name", "address"]
>
> If none of the returned claims are verified, the array could be empty or
> entirely omitted:
>
>     "verified_claims" : [ ]
>
> This mechanism for indicating verified claims could potentially be used
> for custom (outside the std. schema) claims as well:
>
>     "verified_claims" : ["x-custom", "y-custom", "z-custom"]
>
>
> --
>
> This is an issue notification from bitbucket.org. You are receiving
> this either because you are the owner of the issue, or you are
> following the issue.
> _______________________________________________
> Openid-specs-ab mailing list
> Openid-specs-ab at lists.openid.net
> http://lists.openid.net/mailman/listinfo/openid-specs-ab
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20130311/9666178e/attachment.html>


More information about the Openid-specs-ab mailing list