[Openid-specs-ab] Issue #1142: Drop claims short cut (openid/connect)

tlodderstedt issues-reply at bitbucket.org
Tue Dec 17 09:10:57 UTC 2019


New issue 1142: Drop claims short cut
https://bitbucket.org/openid/connect/issues/1142/drop-claims-short-cut

Torsten Lodderstedt:

the spec currently allows to use short cuts for defining the claims to be attested in the verified\_claims structure

“Note: A claims sub-element with value null is interpreted as a request for all possible Claims. An example is shown in the following …”

Feedback indicates this leads to ambiguity and does not foster privacy preserving behaviour of RPs

I suggest to drop the short cut.




More information about the Openid-specs-ab mailing list