[Openid-specs-ab] "claims" in the Client Registration Spec?

Torsten Lodderstedt torsten at lodderstedt.net
Thu Aug 13 20:36:22 UTC 2015


Hi Georg, 

our assumption in MODRNA/Mobile Connect is that developers/partners register with a certain mobile operator or a central entity (provided by GSMA) and gets access to a number of OPs (provided by different mobile operators). Given this assumptions, an OP belonging to this ecosystem will trust software statements issued by the respective entities. So OPs effectively outsource partner validation and approval. This will require common standards agreed among all members of the ecosystem. 

kind regards, 
Torsten. 

Am 13. August 2015 12:20:55 MESZ, schrieb George Fletcher <gffletch at aol.com>:
>Agreed it's a different container... but to me the semantics of the 
>container matter. The software statement is likely signed by a third 
>party while the registration parameters (while maybe signed) are kind
>of 
>"self asserted". As an AS, what I really need to know is "who" is
>making 
>the request and then base the entitled claims on that more so than 
>what's presented.
>
>Would you want to delegate to a partner the ability for them to specify
>
>which claims their clients can obtain without any "oversight" from the 
>AS perspective?
>
>Thanks,
>George
>
>On 8/12/15 2:37 PM, Torsten Lodderstedt wrote:
>> I don't distinguish claims in the registration request and in the 
>> software statement. It's just a different "container".
>>
>> Am 12.08.2015 um 20:32 schrieb George Fletcher:
>>> If these are claims the RP is entitled to receive, how does the AS 
>>> verify that claim? Shouldn't that data be in the Software Statement 
>>> rather than in the client reg parameters? I'm probably missing 
>>> something :)
>>>
>>> Thanks,
>>> George
>>>
>>> On 8/12/15 2:19 PM, Torsten Lodderstedt wrote:
>>>> good point. I would assume this is the list of claims the RP is 
>>>> entitled to get access to. I think it doesn't matter whether the RP
>
>>>> asks for the claim via scopes or claims parameter.
>>>>
>>>> Entitlement is given by the authority, which issued the software 
>>>> statement, the RP wants to register with.
>>>>
>>>> Am 12.08.2015 um 01:07 schrieb John Bradley:
>>>>> So these wold be default claims, or a filter that prevents more 
>>>>> than the listed claims from coming back.
>>>>>
>>>>> How do you see this interacting with scopes?
>>>>>
>>>>>
>>>>>> On Aug 11, 2015, at 8:32 AM, Torsten Lodderstedt 
>>>>>> <torsten at lodderstedt.net> wrote:
>>>>>>
>>>>>> Hi Mike,
>>>>>>
>>>>>> as you are in the process of producing eratas of the OIDC specs,
>I 
>>>>>> would like to raise a question regarding client registration we 
>>>>>> came up with in the MODRNA WG. Right now, the RP may restrict 
>>>>>> itself to certain grant and response types. We see the need to do
>
>>>>>> the same for claims. Would you consider it a reasonable 
>>>>>> enhancement of the Client Registration spec to add something like
>
>>>>>> "claims" to the registration spec? I consider it complementary to
>
>>>>>> "claims_supported" as specified in the discovery spec.
>>>>>>
>>>>>> kind regards,
>>>>>> Torsten.
>>>>>>
>>>>>>
>>>>>> _______________________________________________
>>>>>> Openid-specs-ab mailing list
>>>>>> Openid-specs-ab at lists.openid.net
>>>>>> http://lists.openid.net/mailman/listinfo/openid-specs-ab
>>>>
>>>> _______________________________________________
>>>> Openid-specs-ab mailing list
>>>> Openid-specs-ab at lists.openid.net
>>>> http://lists.openid.net/mailman/listinfo/openid-specs-ab
>>>>
>>>
>>> -- 
>>> George Fletcher <http://connect.me/gffletch>
>>
>
>-- 
>George Fletcher <http://connect.me/gffletch>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20150813/2402998e/attachment.html>


More information about the Openid-specs-ab mailing list