[OpenID-specs-EAP] URI v. string for acr values?

Mike Jones Michael.Jones at microsoft.com
Thu Aug 11 12:54:04 UTC 2016 

If you have a look at the registry entries at http://openid.net/specs/openid-connect-eap-acr-values-1_0-00.html#ClaimsContents and the IANA Level of Assurance Profiles registry at http://www.iana.org/assignments/loa-profiles/loa-profiles.xhtml, you'll see that there's both a short name and a URI.  Because space matters in the ID Token, the short name is used as the ACR value.

				-- Mike

-----Original Message-----
From: Openid-specs-eap [mailto:openid-specs-eap-bounces at lists.openid.net] On Behalf Of Mike Schwartz
Sent: Monday, August 8, 2016 4:10 PM
To: openid-specs-eap at lists.openid.net
Subject: Re: [OpenID-specs-EAP] URI v. string for acr values?


Yeah, I guess...

If you look at Google's API scopes, they are using URI's (except for OIDC scopes):
   
https://developers.google.com/identity/protocols/googlescopes?linkId=17886206

Also, UMA uses a URI for the scopes it defines.

Maybe it's not necessary. But on the other hand, maybe using a URI will encourage others to do so.

I don't have a strong opinion, but I think it's worth posing the question...

- Mike



On 2016-08-08 14:10, Dominick Baier wrote:
> Sorry, that's xml namespaces and ws* all over.
> 
> Sent from my iPad
> 
>> On 08 Aug 2016, at 20:06, Mike Schwartz <mike at gluu.org> wrote:
>> 
>> 
>> I'm wondering if the acr's might be better as URI's in the openid.net 
>> domain?
>> 
>> Maybe something like "https://openid.net/connect/acrs/phr"
>> 
>> Wouldn't it make the origin of these acr's a little more clear, and 
>> reduce the risk of collision?
>> 
>> - Mike
>> 
>> -------------------------------------
>> Michael Schwartz
>> Gluu
>> http://gluu.org
>> 
>> _______________________________________________
>> Openid-specs-eap mailing list
>> Openid-specs-eap at lists.openid.net
>> http://lists.openid.net/mailman/listinfo/openid-specs-eap
_______________________________________________
Openid-specs-eap mailing list
Openid-specs-eap at lists.openid.net
http://lists.openid.net/mailman/listinfo/openid-specs-eap

More information about the Openid-specs-eap mailing list