[Openid-specs-ab] [openid/connect] Common UserInfo "verified_claims" claim? (issue #809)
tbray at textuality.com
Tue Mar 12 06:43:03 UTC 2013
[Insert standard grumpy note about the impact of redesigning the ID Token
payload structure at this stage of the process.]
On Mon, Mar 11, 2013 at 11:34 PM, Vladimir Dzhuvinov <
issues-reply at bitbucket.org> wrote:
> --- you can reply above this line ---
> New issue 809: Common UserInfo "verified_claims" claim?
> Vladimir Dzhuvinov:
> Hi guys,
> The other day I went to my bank to have my electronic signature updated
> and realised that the concept of verification can actually apply to other
> claims such as name and date of birth (not just email and phone numbers).
> Specifying an additional "x_verified" for each claim that can be
> potentially verified however seems too much.
> How about defining a single common claim, represented by a JSON array of
> strings, to list all claim names, of those returned with the UserInfo, that
> the IdP wishes to mark as verified? This claim could be called
> For instance, if the email and phone number returned with the UserInfo
> have been verified:
> "verified_claims" : [ "email", "phone_number" ]
> Or names and address:
> "verified_claims" : [ "name", "given_name", "middle_name",
> "family_name", "address"]
> If none of the returned claims are verified, the array could be empty or
> entirely omitted:
> "verified_claims" : [ ]
> This mechanism for indicating verified claims could potentially be used
> for custom (outside the std. schema) claims as well:
> "verified_claims" : ["x-custom", "y-custom", "z-custom"]
> This is an issue notification from bitbucket.org. You are receiving
> this either because you are the owner of the issue, or you are
> following the issue.
> Openid-specs-ab mailing list
> Openid-specs-ab at lists.openid.net
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Openid-specs-ab