[Openid-specs-ab] "claims" in the Client Registration Spec?
Michael.Jones at microsoft.com
Wed Aug 12 18:25:34 UTC 2015
So what you're really after is an entitled_claims statement - correct?
From: Torsten Lodderstedt [mailto:torsten at lodderstedt.net]
Sent: Wednesday, August 12, 2015 2:21 PM
To: Mike Jones; John Bradley
Cc: OpenId Connect List
Subject: Re: [Openid-specs-ab] "claims" in the Client Registration Spec?
pls. see my answer to John's posting. This is about entitlement of the particular RP to get access to certain claims.
Am 12.08.2015 um 04:40 schrieb Mike Jones:
> What meaning were you thinking of for this list? Are you thinking of the RP making a statement at registration time that it is going to ignore any but the listed claims? That would probably be harmless, but I'm not sure what good it would really do.
> On the other hand, I don't think it's reasonable to try to tell the server that it may not send claims other than those listed. In Connect Core, we intentionally allow servers to return what claims they see fit, both for simplicity and privacy reasons.
> -- Mike
> -----Original Message-----
> From: John Bradley [mailto:ve7jtb at ve7jtb.com]
> Sent: Tuesday, August 11, 2015 4:08 PM
> To: Torsten Lodderstedt
> Cc: Mike Jones; OpenId Connect List
> Subject: Re: [Openid-specs-ab] "claims" in the Client Registration Spec?
> So these wold be default claims, or a filter that prevents more than the listed claims from coming back.
> How do you see this interacting with scopes?
>> On Aug 11, 2015, at 8:32 AM, Torsten Lodderstedt <torsten at lodderstedt.net> wrote:
>> Hi Mike,
>> as you are in the process of producing eratas of the OIDC specs, I would like to raise a question regarding client registration we came up with in the MODRNA WG. Right now, the RP may restrict itself to certain grant and response types. We see the need to do the same for claims. Would you consider it a reasonable enhancement of the Client Registration spec to add something like "claims" to the registration spec? I consider it complementary to "claims_supported" as specified in the discovery spec.
>> kind regards,
>> Openid-specs-ab mailing list
>> Openid-specs-ab at lists.openid.net
More information about the Openid-specs-ab