[Openid-specs-ab] "claims" in the Client Registration Spec?
Michael.Jones at microsoft.com
Wed Aug 12 02:40:27 UTC 2015
What meaning were you thinking of for this list? Are you thinking of the RP making a statement at registration time that it is going to ignore any but the listed claims? That would probably be harmless, but I'm not sure what good it would really do.
On the other hand, I don't think it's reasonable to try to tell the server that it may not send claims other than those listed. In Connect Core, we intentionally allow servers to return what claims they see fit, both for simplicity and privacy reasons.
From: John Bradley [mailto:ve7jtb at ve7jtb.com]
Sent: Tuesday, August 11, 2015 4:08 PM
To: Torsten Lodderstedt
Cc: Mike Jones; OpenId Connect List
Subject: Re: [Openid-specs-ab] "claims" in the Client Registration Spec?
So these wold be default claims, or a filter that prevents more than the listed claims from coming back.
How do you see this interacting with scopes?
> On Aug 11, 2015, at 8:32 AM, Torsten Lodderstedt <torsten at lodderstedt.net> wrote:
> Hi Mike,
> as you are in the process of producing eratas of the OIDC specs, I would like to raise a question regarding client registration we came up with in the MODRNA WG. Right now, the RP may restrict itself to certain grant and response types. We see the need to do the same for claims. Would you consider it a reasonable enhancement of the Client Registration spec to add something like "claims" to the registration spec? I consider it complementary to "claims_supported" as specified in the discovery spec.
> kind regards,
> Openid-specs-ab mailing list
> Openid-specs-ab at lists.openid.net
More information about the Openid-specs-ab