[Openid-specs-ab] "claims" in the Client Registration Spec?
ve7jtb at ve7jtb.com
Wed Aug 12 18:35:02 UTC 2015
Ah, I was just talking to Jens Fromm from Fraunhofer about the German eID card last week.
I am guessing the idea is to have the software statement work like a terminal certificate and limit the maximum number of attributes a registered client can ask for.
Nat has also mentioned that in Japan the privacy commissioner might issue a signed statement that would allow a client to ask for particular claims.
I can see it as part of a third party assertion.
I wasn’t quite seeing how it would be used in the self asserted case.
So you want something saying that under some agreement the client is allowed to ask for X.
I think this is input to the AS and the AS should still have some latitude.
I would rather say that issuer grants access to these attributes, rather than issuer states only these attributes can be requested. They are similar but different. In the eID case it is release only these attributes because of the law governing the credential.
> On Aug 12, 2015, at 3:19 PM, Torsten Lodderstedt <torsten at lodderstedt.net> wrote:
> good point. I would assume this is the list of claims the RP is entitled to get access to. I think it doesn't matter whether the RP asks for the claim via scopes or claims parameter.
> Entitlement is given by the authority, which issued the software statement, the RP wants to register with.
> Am 12.08.2015 um 01:07 schrieb John Bradley:
>> So these wold be default claims, or a filter that prevents more than the listed claims from coming back.
>> How do you see this interacting with scopes?
>>> On Aug 11, 2015, at 8:32 AM, Torsten Lodderstedt <torsten at lodderstedt.net> wrote:
>>> Hi Mike,
>>> as you are in the process of producing eratas of the OIDC specs, I would like to raise a question regarding client registration we came up with in the MODRNA WG. Right now, the RP may restrict itself to certain grant and response types. We see the need to do the same for claims. Would you consider it a reasonable enhancement of the Client Registration spec to add something like "claims" to the registration spec? I consider it complementary to "claims_supported" as specified in the discovery spec.
>>> kind regards,
>>> Openid-specs-ab mailing list
>>> Openid-specs-ab at lists.openid.net
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 4326 bytes
Desc: not available
More information about the Openid-specs-ab