[Openid-specs-ab] Essential claims with the scope value openid

Nat Sakimura n-sakimura at nri.co.jp
Wed Aug 9 05:55:33 UTC 2017


Right. It is called the principle of PII  collection minimization. It is one
of the main principle of GDPR / ISO 29100. 

 

 

--

PLEASE READ :This e-mail is confidential and intended for the

named recipient only. If you are not an intended recipient,

please notify the sender  and delete this e-mail.

 

From: specs [mailto:openid-specs-bounces at lists.openid.net] On Behalf Of John
Bradley
Sent: Wednesday, August 9, 2017 12:10 AM
To: openid-specs at lists.openid.net
Cc: openid-specs-ab at lists.openid.net Ab <openid-specs-ab at lists.openid.net>
Subject: Re: Essential claims with the scope value openid

 

 

One School of thought (GDPR) is that you can only ask for claims that are
required.   That is why it is essential as all are required.  

 

The openID scope should only return subject and issuer.   You need to ask
for the specific claims that you want if you don't want all the claims in a
scope like profile.  

 

So it sounds like a bug in the test.  

 

John B.  

 

On Aug 8, 2017 7:49 AM, "Hasini Witharana" <hasinidilanka at gmail.com
<mailto:hasinidilanka at gmail.com> > wrote:

Hi,

Currently I am working with OpenID Connect Certification basic profile. In
the OP, I have configured some claims to be gained when the scope is openid.
When I send a authorization request with  an essential claim I will get all
claims for openid and the essential claim. In the specifications there is
no, rule as It should return only the essential claim. "OP-claims-essential"
test is failing because unexpected claims are returned. Can you please
clarify this issue?



-- 

Hasini Witharana

Undergraduate | Department of Computer Science and Engineering

University of Moratuwa

Linkedin <https://www.linkedin.com/in/hasini-witharana-185785109/> 


_______________________________________________
specs mailing list
specs at lists.openid.net <mailto:specs at lists.openid.net> 
http://lists.openid.net/mailman/listinfo/openid-specs

 

 

 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20170809/8dbed5a4/attachment.html>


More information about the Openid-specs-ab mailing list