[Openid-specs-ab] Review of openid-connect-4-identity-assurance-04

Tom Jones thomasclinganjones at gmail.com
Mon Jun 17 10:52:09 UTC 2019


Nat: I am not sure what you mean by that. Do you mean that the verification
is claimed by the presence of an acr?

On Sun, Jun 16, 2019, 5:24 PM Nat Sakimura <sakimura at gmail.com> wrote:

> For me, "verified claim"  is the claim that the issuer claims that they
> verified. It is still a claim and it is up to the receiving party to
> believe it or not.
>
>
> Nat Sakimura
> https://nat.sakimura.org
> 2019年6月17日 6:11 +0900、Tom Jones via Openid-specs-ab <
> openid-specs-ab at lists.openid.net>のメール:
>
> Ah Tony - the JWT definition seems good enough to me. Provide value can be
> a complex structure like an address.
> Here is the definition in my glossary A statement by or about a
> <https://tcwiki.azurewebsites.net/index.php?title=Claim#Full_Title_or_Meme>Subject is
> a claim. If there is some corroboration of the claim, it is called
> a Validated claim.
> <https://tcwiki.azurewebsites.net/index.php?title=Claim#Full_Title_or_Meme>
> Here is the definition from Skeats  to call our for, or to publish,
> pretty much the same meaning as the Latin word *clarmare*.
>
> the adjectives verified validated and registered should all work. I do
> like the historical precedent for registered myself.
>
> Peace ..tom
>
>
> On Sat, Jun 15, 2019 at 8:04 PM Anthony Nadalin via Openid-specs-ab <
> openid-specs-ab at lists.openid.net> wrote:
>
>> It's a very very poor definition, you need to look at the real definition
>> not a made up one
>>
>> Get Outlook for Android <https://aka.ms/ghei36>
>>
>> ------------------------------
>> *From:* Mike Jones
>> *Sent:* Saturday, June 15, 2019 7:37:55 AM
>> *To:* Torsten Lodderstedt; Anthony Nadalin
>> *Cc:* Artifact Binding/Connect Working Group
>> *Subject:* RE: Review of openid-connect-4-identity-assurance-04
>>
>>
>> The normative definition of “Claim” for JWTs is this one from the JWT
>> spec at https://tools.ietf.org/html/rfc7519#section-2
>> <https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Ftools.ietf.org%2Fhtml%2Frfc7519%23section-2&data=04%7C01%7Ctonynad%40microsoft.com%7C0f365fd3d08544bc4bcc08d6f19f0e13%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C636962062806639802%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C-1&sdata=9VDX6CJrpmf6yczeaZ7qh9Ja6cNJxZJMscgWSnyqJ4g%3D&reserved=0>
>> :
>>
>>
>>
>>    Claim
>>
>>       A piece of information asserted about a subject.  A claim is
>>
>>       represented as a name/value pair consisting of a Claim Name and a
>>
>>       Claim Value.
>>
>>
>>
>> It says nothing about doubt – just that the information was asserted.
>> Therefore, I continue to agree that Torsten’s suggested identifier
>> “verified_claim” is the right one.
>>
>>
>>
>>                                                        -- Mike
>>
>>
>>
>> *From:* Torsten Lodderstedt <torsten at lodderstedt.net>
>> *Sent:* Saturday, June 15, 2019 12:52 AM
>> *To:* Anthony Nadalin <tonynad at microsoft.com>
>> *Cc:* Mike Jones <Michael.Jones at microsoft.com>; Artifact Binding/Connect
>> Working Group <openid-specs-ab at lists.openid.net>
>> *Subject:* Re: Review of openid-connect-4-identity-assurance-04
>>
>>
>>
>>
>>
>>
>> Am 14.06.2019 um 18:48 schrieb Anthony Nadalin <tonynad at microsoft.com>:
>>
>> It’s not a claim then, it’s a statement, it does not matter who has the
>> claim, the issuer or the beholder, it’s still in doubt. I don’t understand
>> enough of the “verified” statement since the language is vague in the
>> specification, is it the provenance of the data or the truth of the data ?
>>
>>
>>
>> I would say first of all truth but backed by data about the provenance
>>
>>
>>
>> Happy to incorporate your text proposals to improve the spec language
>>
>>
>>
>>
>>
>> *From:* Mike Jones <Michael.Jones at microsoft.com>
>> *Sent:* Friday, June 14, 2019 9:45 AM
>> *To:* Anthony Nadalin <tonynad at microsoft.com>; Artifact Binding/Connect
>> Working Group <openid-specs-ab at lists.openid.net>; Torsten Lodderstedt <
>> torsten at lodderstedt.net>
>> *Subject:* Re: Review of openid-connect-4-identity-assurance-04
>>
>>
>>
>> A claim is a statement made by the issuer. A verified claim is one with
>> evidence backing it beyond the veracity of the issuer.
>>
>> Doubt or belief are both properties of the beholder - not the issuer.
>>
>> -- Mike
>> ------------------------------
>>
>> *From:* Anthony Nadalin
>> *Sent:* Friday, June 14, 2019 6:44:29 PM
>> *To:* Artifact Binding/Connect Working Group; Torsten Lodderstedt
>> *Cc:* Mike Jones
>> *Subject:* RE: Review of openid-connect-4-identity-assurance-04
>>
>>
>>
>> A claim is something in doubt, how can you have a verified claim?
>>
>>
>>
>> *From:* Openid-specs-ab <openid-specs-ab-bounces at lists.openid.net> *On
>> Behalf Of* Mike Jones via Openid-specs-ab
>> *Sent:* Friday, June 14, 2019 8:42 AM
>> *To:* Torsten Lodderstedt <torsten at lodderstedt.net>
>> *Cc:* Mike Jones <Michael.Jones at microsoft.com>;
>> openid-specs-ab at lists.openid.net
>> *Subject:* Re: [Openid-specs-ab] Review of
>> openid-connect-4-identity-assurance-04
>>
>>
>>
>> I agree with "verified_claims".
>>
>> Thanks!
>>
>> -- Mike
>> ------------------------------
>>
>> *From:* Torsten Lodderstedt <torsten at lodderstedt.net>
>> *Sent:* Friday, June 14, 2019 5:47:17 PM
>> *To:* Mike Jones
>> *Cc:* Daniel Fett; openid-specs-ab at lists.openid.net
>> *Subject:* Re: Review of openid-connect-4-identity-assurance-04
>>
>>
>>
>> Hi Mike,
>>
>> Thanks a lot for your substantial feedback.
>>
>> While I'm incorporating it, I would like to sort out one question:
>>
>> > On 1. Jun 2019, at 02:16, Mike Jones <Michael.Jones at microsoft.com>
>> wrote:
>> >
>> > All Sections:  Generalize kinds of verified claims.  The most important
>> issue is to generalize the goal of the document from defining how to use
>> “verified person data” to defining how to use “verified data”.  This work
>> isn’t happening in a vacuum.  There are other efforts to define
>> representations of verified claims in the industry, including
>> https://w3c.github.io/vc-data-model/
>> <https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fw3c.github.io%2Fvc-data-model%2F&data=04%7C01%7Ctonynad%40microsoft.com%7C0f365fd3d08544bc4bcc08d6f19f0e13%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C636962062806649796%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C-1&sdata=ZhD5gyQPknwyT3Vz7WSqY02%2BRgiSPimz3%2FCwNL%2BywMs%3D&reserved=0>,
>> that take this more general approach, but propose much more complicated
>> data representations that are not based on JWTs.  It would be highly
>> beneficial to have a simple general JWT-based “verified data”
>> representation that is general-purpose.  Indeed, that’s the possibility
>> that excites me about this work.  Don’t get me wrong – I believe that all
>> the particulars for verified people data can and should remain.  The main
>> concrete change needed is to rename “verified_person_data” to
>> “verified_data”.
>>
>> I think “verified_claims” would fit even better. What do you think?
>>
>> best regards,
>> Torsten.
>>
>>
>> _______________________________________________
>> Openid-specs-ab mailing list
>> Openid-specs-ab at lists.openid.net
>> http://lists.openid.net/mailman/listinfo/openid-specs-ab
>>
> _______________________________________________
> Openid-specs-ab mailing list
> Openid-specs-ab at lists.openid.net
> http://lists.openid.net/mailman/listinfo/openid-specs-ab
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20190617/5f134b5a/attachment.html>


More information about the Openid-specs-ab mailing list