[Openid-specs-ab] "claims" in the Client Registration Spec?

George Fletcher gffletch at aol.com
Thu Aug 13 10:20:55 UTC 2015


Agreed it's a different container... but to me the semantics of the 
container matter. The software statement is likely signed by a third 
party while the registration parameters (while maybe signed) are kind of 
"self asserted". As an AS, what I really need to know is "who" is making 
the request and then base the entitled claims on that more so than 
what's presented.

Would you want to delegate to a partner the ability for them to specify 
which claims their clients can obtain without any "oversight" from the 
AS perspective?

Thanks,
George

On 8/12/15 2:37 PM, Torsten Lodderstedt wrote:
> I don't distinguish claims in the registration request and in the 
> software statement. It's just a different "container".
>
> Am 12.08.2015 um 20:32 schrieb George Fletcher:
>> If these are claims the RP is entitled to receive, how does the AS 
>> verify that claim? Shouldn't that data be in the Software Statement 
>> rather than in the client reg parameters? I'm probably missing 
>> something :)
>>
>> Thanks,
>> George
>>
>> On 8/12/15 2:19 PM, Torsten Lodderstedt wrote:
>>> good point. I would assume this is the list of claims the RP is 
>>> entitled to get access to. I think it doesn't matter whether the RP 
>>> asks for the claim via scopes or claims parameter.
>>>
>>> Entitlement is given by the authority, which issued the software 
>>> statement, the RP wants to register with.
>>>
>>> Am 12.08.2015 um 01:07 schrieb John Bradley:
>>>> So these wold be default claims, or a filter that prevents more 
>>>> than the listed claims from coming back.
>>>>
>>>> How do you see this interacting with scopes?
>>>>
>>>>
>>>>> On Aug 11, 2015, at 8:32 AM, Torsten Lodderstedt 
>>>>> <torsten at lodderstedt.net> wrote:
>>>>>
>>>>> Hi Mike,
>>>>>
>>>>> as you are in the process of producing eratas of the OIDC specs, I 
>>>>> would like to raise a question regarding client registration we 
>>>>> came up with in the MODRNA WG. Right now, the RP may restrict 
>>>>> itself to certain grant and response types. We see the need to do 
>>>>> the same for claims. Would you consider it a reasonable 
>>>>> enhancement of the Client Registration spec to add something like 
>>>>> "claims" to the registration spec? I consider it complementary to 
>>>>> "claims_supported" as specified in the discovery spec.
>>>>>
>>>>> kind regards,
>>>>> Torsten.
>>>>>
>>>>>
>>>>> _______________________________________________
>>>>> Openid-specs-ab mailing list
>>>>> Openid-specs-ab at lists.openid.net
>>>>> http://lists.openid.net/mailman/listinfo/openid-specs-ab
>>>
>>> _______________________________________________
>>> Openid-specs-ab mailing list
>>> Openid-specs-ab at lists.openid.net
>>> http://lists.openid.net/mailman/listinfo/openid-specs-ab
>>>
>>
>> -- 
>> George Fletcher <http://connect.me/gffletch>
>

-- 
George Fletcher <http://connect.me/gffletch>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20150813/385cc77d/attachment.html>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20150813/385cc77d/attachment-0001.html>


More information about the Openid-specs-ab mailing list